#141 PayPal Basics
This episode is the first in a series on handling the checkout process for orders. Here we show how to complete purchases through PayPal's Website Payments Standard service.
- Download:
- source code
- mp4
- m4v
- webm
- ogv
Thanks Ryan,
Just what the doctor ordered for a fresh Monday morning! I think i mind control you over the week for the stuff i'll need at the end of it.
Cheers,
Aditya
Thank Ryan,
Waiting for the CC's payment episodes!
Hi Ryan,
Thanks for the screencast.
You kept my trust on you by giving long screencast.
Now again I am waiting eagerly for next monday.
i recommend active_merchant for those kind of payment processing, makes life easier / more robust / secure
www.activemerchant.org
Thank goodness! This series was long overdue. Thanks, Ryan!
A little Active Support for your key-value mapping: "Object#to_query".
I build a websize like yours.
http://rubycnrails.cn
It just for Chinese.
I have many problems want to ask you?
Could you mail me?
BEWARE OF PAYPAL!
PLEASE read your amended Paypal User Agreement! Paypal (owned by ebay) can now withhold users funds for 21-180 days at Paypal's "sole discretion"!!! Users are being caught in this trap at alarming rates! We can all thank ex-ebay CEO, Whitman and current CEO, Donahoe, for their "Disruptive Innovation" SCHEME against users for many such detrimental changes.
To read what the users are REALLY experiencing, search the internet for
"Ebay Stockholders and Sellers Calling For Immediate Termination of John Donohoe CEO Petition" (at petitiononline).
To learn about their own employees experiences with such POOR management, go to glassdoor and type in ebay.
@grosser, an episode or two an ActiveMerchant is planned later on in this series.
@Stephen, thanks! I never knew about to_query. It looks like calling that on the hash will do just what we need (along with proper escaping). I'll update the code.
From this screencast it looks almost too easy to interface with PayPal. Actually, I think it does look too easy, as you're sending all the data in plain sight and unprotected.
You really should not send your customers purchase detail unencrypted over the wire. So, better use HTTPS.
The other way round, you don't want customers to be able to tamper with amounts without your app or PayPal noticing it. Therefore, don't forget to add hashes for integrity checking.
Then, when it comes to being notified by PayPal that the payment has been processed, you need to make sure that the notification has indeed been sent by PayPal and not been faked by someone else.
Also, anyone who tries to implement something like this ought to keep in mind all the possible failure conditions and how they affect the workflow.
I don't know the PayPal API, but I'm pretty sure that they support everything that's needed to make payment secure. It is not rocket science to write an equally secure client, however, it is rather more time consuming than pasting together a URL.
In general, if at all possible, I strongly recommend to use a solution (plugin, gem) that does the job and already has some traction in the community.
hi there!
Ryan!!! Couldn't you have done these series one month ago!? eheh... sorry, but I spend more than one week struggling with paypal to do a subscription system, at the beginning I thought using active merchant but they don’t have good documentation, so I started creating a gem to deal with paypal standard payments and IPN for subscriptions.
Funny thing when we get it working we changed our minds and we end up to use active merchant and checkout express, even so we had to extend AM because it doesn’t deal with subscriptions for default. Using that second API we don't have to rely on the IPN system and we have more controller over the user data and transactions, it applies better to our web site goal.
In any case if anyone want a simple solution you can use my code or gem created for subscription but easy adaptable to normal payments(you only have to delete code) answering Michael Schueri I use https and all the paypal security procedures to validate de IPN origin. So my code is rely simple, customizable and it has 10 times more lines of test code than the real one.. so I think it's well tested and secure to use! For a matter of fact I love railscasts and believe this is going a be a quality series that's why I'm frustrated, one month ago could have saved me lots of work. ;)
Ooh, a Railscasts cliffhanger
Thanks for this screencast, I'm all geared up now on my web site for next Christmas :)
To the PayPal basher above, you don't really know much about the internet do you?
When you submit a form, anyone submitting the form can change any of the values...its up to you as the merchant to make sure the order amount is correct before shipping it once you receive the payment in PayPal.
Clearly, only a fool would go ahead and ship $500 worth of stuff of which they only received $1.
@Ryan, sorry to even engage that guy...
Ryan,
Off topic, is there a way to download / clone just the episode-141 "tree" using git?
Learning git is almost as complex as Ruby / Rails :)
Otherwise a "git clone git://github.com/ryanb/railscasts-episodes.git" will clone all of the episodes.
Mike
Hi,
can you please give a quick tip on how to add make a current navigation menu link standout from the others. e.g. if i want to make the background color change by appling a class on the current link, how to do it. Is there a way to achieve this without overly complecating stuff, as i just have couple of static links.
@aman: http://pastie.org/346594
This episode is useless as the data is sent over to Paypal using the unencrypted method.
@Edgar G (18), It doesn't matters, there's not sensitive information
@Memiux: yes it matters. If people start playing with the amount of money passed to Paypal, it will become a huge pain for the admin to track manually who has paid the correct amount and who didn't.
The potential cheaters can claim that they didn't do it on purpose.
Either use encrypted method or don't process online payment.
Great screencast, Ryan. :)
@Edgar G. You must have missed the part about this being an introduction to payment processing with PayPal. As an introduction, it does a good job of illustrating how the system works. I'm sure Ryan will address some of the security issues later on in the series.
This tutorial covers the basics. It is not meant to be a full, complete solution as mentioned in the beginning. I'm sure Ryan will add more in using Encrypted Payments and verifying things like Paypal IPN.
For those concerned about security and payment notification, I plan to address this in future episodes in this series. Stay tuned!
Before considering PayPal, consider this: http://blog.apparentsoft.com/business/124/is-paypal-good-for-your-microisv-business-a-short-paypal-horror-story/
If you want the Code to keep on working,
you have to add a currency code to the paypal_url function in the model:
eg:
:currency_code => 'EUR'
hi Ryan
Is there any method for Automated Recurring payment for paypal with Active merchant plugin?
If yes please post some helpful links.
thanks
First thanks a lot for this series on paypal, it helps me a lot.
I have tried to pass variable like 'shipping' or 'handling' for global cost but it seems it's ignored. On last resort i have passed the shipping value as a product line. Do you know why it's not working ? (plus if you could make an update about the new paypal developer section, i'm kinda lost there)
With regards to the return_url, Shouldn't there be a parameter (eg. session_id) to reconnect to the same session?
Hi Ryan,
First thank you so much for everything !!
Would you show me the code to also pass the customer shipping name and adress in this "def paypal_url" ?
Thanks a lot once again very clear
.. had to tweak a little bit the code to handle Rails3 [ version.current = 3.0.7 )
( get rid of deprecated code + link_to =post , changed to button_to )
running fine
Hi all,
First thanks Ryan. Railscasts are excellent. I've learnt so much from you.
I'm fairly new to Rails (been learning the last few months) so I haven't had any real exposure to Rails 2.
I'm trying to recreate this tutorial in Rails 3 and I think I'm having trouble with the routes.rb file. This line:
current_cart 'cart', :controller => 'carts', :action => 'show', :id => 'current'
In the show code the method looks like it's in application.rb.
I'm trying to ge this working in Rails 3.0.10 and ruby 1.9.2p290
Can anyone help me correct code in the function for rails 3 and fix my routes.rb?
Thanks,
Chris.
Hi all,
It seems like the Paypal website is now working differently.
Is there a revisited version of this tutorial ?
Thx !
Yes, Paypal sandbox site has changed. But it is pretty much the same functionality. In case some configured this with the old sandbox and is trying to use it now, getting the error
I solved this temporarily by changing
with
in the paypal_url method.
Wouldn't it be better if we put this Cart#paypal_url method into a helper (eg. CartsHelper). Then, we don't have to pass the return_url around.
I don't really see how generating a paypal url is the responsibility of the Cart model. And the url is only being referenced in the view anyway. I think the helper is a better place for this kind of thing.
I am trying to run the project i downloaded from the above given link. When i run "rake setup" I am cleary getting some compatibility erros since I am running the latest version of rails. How to fix this?
This episode has been updated to work with Rails 5 Paypal Basics