2

I'm integrating a web payment using angularjs.

My main goal are

  1. to let the user be able to topup or pay via paypal
  2. upon successful redirect him back to my site
  3. If the transaction is successful i will then update our db records.

Glad to say that after 2days I'm done with the first 2 steps. Then I've read about using PDT (Payment Data Transfer) and I used this to get the transaction details of the payer but I had read many post saying using PDT isn't reliable enough that I also must use IPN (Instant Payment Notification). So I google about it and almost all sample/tutorial about IPN are made from using server side scripting. So is it possible to perform an IPN listener using javascript alone?

Wondering Coder
  • 1,652
  • 9
  • 31
  • 51
  • In my experiences, PDT has been fine. There have been, over the course of time, a few exceptions that we've had to deal with "manually" because something went amiss. What retailer doesn't have to deal with something over months of doing business? What source do you have for the claims that it isn't reliable enough? – Chris Baker Sep 19 '13 at 15:38
  • (that said, we also use IPN for something totally separate, and 90% of our transactions are credit cards through the API rather than forwards to paypal) – Chris Baker Sep 19 '13 at 15:40
  • hi Chris, i've read this link about ipn vs pdt: http://stackoverflow.com/questions/2836779/ipn-vs-pdt-in-paypal. About credit cards, i think we're planning to use that as other ways of paying can you give me some notes or link what to use? – Wondering Coder Sep 19 '13 at 16:02
  • 1
    We have a paypal merchant account, and use the ExpressCheckout NVP API, been processing several hundred thousand a year through that without any troubles at all. As for a link... eh. Paypal's serious downside (IMO) is their documentation and code samples -- very low quality, very hard to sift through. The good news is that once you get it all set up and working, the docs don't matter as much :) Here's a gist with the meat of the code we use: https://gist.github.com/anonymous/6c21f19dc4aaa123ebe1 -- we do not send a list of items to paypal, just the total and a general description. – Chris Baker Sep 19 '13 at 16:14
  • last question, is it safe to code the ExpressCheckout using javascript? Risk I'll be exposing my username and password, etc.. – Wondering Coder Sep 19 '13 at 16:29
  • I guess I don't know what other definition of "safe" you want to apply, if we're going to ignore exposing your credentials then all that's left is some regular old AJAX, which is of course "safe" as far as not melting computers. I think exposing your Paypal credentials in a javascript file, however is one of those Really Bad Ideas. – Chris Baker Sep 19 '13 at 16:44

1 Answers1

2

No, not on the client-side. You can use server-side Javascript (nodejs) to do this. The purpose of IPN is to let your server know that a payment is completed. The IPN request comes directly from paypal behind the scenes to a URL you give it. There's no way for a client to receive this signal instead, and if it could then there'd be a big security flaw because anyone could forge it.

However, you could update your backend using IPN, then use something like socket.io (websockets) or long-polling (plain old ajax) to let your client know that payment was successful. With long-polling, you'd basically be asking your back-end every second or two whether or not payment was succesful. With sockets, you have a more direct communication. I like socket.io because it falls back to long polling (or flash) if real web sockets aren't available.

Jonathan Rowny
  • 7,588
  • 1
  • 18
  • 26
  • Hi jonathan, thanks for the response. Thank you for clearing things up. Now I can proceed, actually i haven't use nodejs nor socket io. have no idea how they work, Y__Y. It's only been a month since I used Angularjs, :), and integrating paypal. But this is the life of a developer. haha. I will start learning nodejs and socket io. – Wondering Coder Sep 19 '13 at 16:09
  • Many server-side languages have their own way to do websockets as well, or traditional ajax. – Jonathan Rowny Sep 19 '13 at 18:49