Braintree drop in UI generate new nonce - braintree

I've integrated the braintree drop in UI in my project and have added paypal, google pay and visa payments. Everything works fine, payments are submitting to the API etc. But if I use submit a payment which fails using the values from - https://developers.braintreepayments.com/reference/general/testing/php#transaction-amounts. The nonce has then been used, amending my basket price and submitting again fails as the nonce has already been used. I've looked through the documentation and all I can find about nonces is that it can only be used once (https://developers.braintreepayments.com/guides/payment-method-nonces) and nothing around refreshing or requesting a new nonce. Ideally I'd like to avoid having to force the user to enter the payment details again.
Is there another way of automatically requesting a new nonce?

Related

Laravel Cashier - Prevent duplicated Payment Methods

I'm trying to update the payment method of a subscription. I collect the card information using Stripe's js (using a provided setup intent). Then I send the payment method id, provided by Stripe's js, to Laravel to actually update the User's default payment method.
Now, the problem is I want to prevent the User to insert duplicated cards, and the only way to prevent that would be to retrieve all the user current payment methods ($user->paymentMethods();), and check if any of those has the same fingerprint of the one I'm adding as default.
To get the fingerprint of the new payment method I'd need to get the Stripe PaymentMethod object for the id provided by the Stripe's js. The Cashier method to do that would be $user->findPaymentMethod(id).
The problem is that the payment id is not yet added to the User payments methods, so $user->findPaymentMethod($request->payment_method); fails because that payment method does not belong to $user.
The only solution I can think of would be to first add the new payment method, then check for duplicates and remove them ?
It seems like you’ve already found the best approach of adding the method to the user and then looking to see if there are any duplicated fingerprints, even if it is a little inconvenient.
Reviewing the Cashier documentation doesn’t show any obvious way to access the PaymentMethod before it’s attached to the user. It may be worth reaching out to the Laravel devs to see if there is functionality that would make this flow easier to accomplish.

PayPal REST API not returning recurring payment information in laraval

I am working on Paypal webhook (subscription) section to insert recurring payment information into the database. I have done coding based on the link "https://jslim.net/blog/2018/01/22/PayPal-Rest-API-with-Laravel-5-and-Angular/" but Paypal webhook always return “payment_status: Pending” on sandbox image and its not inserting recurring payment information into the database (insert option added in PayPalController - function webhooksPaymentSaleCompleted ).
I think the problems related with routes/api.php file but I can't figure out what exactly is going wrong.
Another URL that I have referred and tried was "https://github.com/supermavster/PayPal-PHP-SDK"
Laravel version 5.8
paypal/rest-api-sdk-php: "^1.14"
Please suggest a feasible solution to this problem.
Thanks in advance.
Verify that the sandbox account's email is confirmed, by logging into the sandbox business account receiving the payment and navigating to: https://www.sandbox.paypal.com/businessprofile/settings/email
Resend the confirmation message. Open the message via https://developer.paypal.com/developer/notifications/ , and confirm the sandbox email.
The v1 PayPal-PHP-SDK is deprecated and there is no reason to be using it for a new integration. Use the v2 Checkout-PHP-SDK for payments.
You'll need two routes on your server, one for 'Set Up Transaction' and one for 'Capture Transaction', documented here; https://developer.paypal.com/docs/checkout/reference/server-integration/
The best approval flow to pair it with is https://developer.paypal.com/demo/checkout/#/pattern/server

Tokenising CVV for Braintree vaulted cards in hosted fields

I have integrated Braintree HostedFields and it's working fine, Now I am trying to add vault feature to it.
I managed to retrieve all the payment methods from vault using vaultManager in client-side JS.
My question is how do I just tokenize the CVV and not all other details as if a customer selects a card from the displayed option then they won't expecting to enter their card details and expiry date. And if I don't have these data how do I tokenize card.
Do I bother to ask for the CVV at all, because I tried sending the payment method token to server side and charged it by passing it to 'paymentMethodToken' in transaction()->sale()?
I am just not sure what I am supposed to do on the client side once the customer has selected the stored card to pay with.

Validate whether payment was a success or failure

I am looking to use PayPal to accept a payment through my website. I am looking at the Smart Payment button option. If the payment is successful I need to update something in my website DB. How can I determine whether the payment was successful or not? I cant see anything the API docs.
I also need to retain user context with a PHP session ID. How can I pass that to the paypal site and ensure it is returned with the success / fail indicator?
Use Paypal IPN to receive payment notifications. Setup a server endpoint to respond to IPN requests and update your DB etc...
To maintain state, you will need to include a hidden input filed in your Smart Payment Button with a name of custom and a value of your choice (session id).
Setup a IPN endpoint ie: /checkout/ipn, to receive Paypal notifications. Capture the session ID with $_POST['custom'];
I ended up using the Braintree API for this use case. Ther Brantree API returns a unique payment identifier (payment Nonce) which you can then validate by submitting a call back to the Braintree API to ensure the payment was actually received properly.

What is an accepted way to submit form data to sites like paypal?

I'm setting up a website that uses paypal to process payments.
The easiest way to implement the checkout form would be to create an HTML form that submits directly to paypal, sending the order details and redirecting the user to paypal in order to finalize the transaction.
However, there is a security vulnerability with this process. The client could edit the information submitted to paypal, such as changing the price of the checkout to $0.00.
What is an accepted way to handle this type of situation? Is it to submit the form back to my server, then do some processing in PHP, then submit verified data to paypal and redirect the user to paypal? Is this possible?
Thanks!
There are two main ways to handle this issue.
The first is somewhat like what you outline: You send the filled in form to PayPal, and provide a callback-url. When PayPal has processed the payment, they will call your provided url, and you can check whether or not the information given in that call is the same as what you provided. For this to work, you need to store the information in the meantime, like in a database. You will then only give access to the product after the validation has happened.
You can also encrypt the information you send to PayPal, making it practically impossible to alter information in your form.
See https://www.x.com/developers/paypal for details.

Resources