2

I'm integrating the new Paypal smart payment button 

<script src="https://www.paypal.com/sdk/js?...>
paypal.Buttons({
createOrder(data, actions) {
// ...
onApprove: function(data, actions) {
// Capture the funds from the transaction
 return actions.order.capture().then(function(details) {
 // Show a success message to your buyer
 alert('Transaction completed by ' + details.payer.name.given_name);
 });
 }
).render('#paypal-button');

I created an app in Sandbox and registered Webhooks to all events. When a payment is triggered I get everything working and a webhook event of type PAYMENT.CAPTURE.COMPLETED is fired.

I'm sure I'm missing something in the process but I can't link this payment to the payer details. I don't know where the payer details are so I can't process the order on my side.

I searched the whole Google and PP documentation without success, anyone can help me? Thanks!!

silk
  • 129
  • 7
  • I think the payer details might be hidden due to them being accessible from anyone that way? Isn't that a security flaw (if it was a thing) – FeaturedSpace May 31 '19 at 16:12
  • when I process webhook I need to know who paid to link the payment with my user. I'm missing this part... – silk May 31 '19 at 16:17
  • I don't think it's possible. You should simply collect the data on your website. Like I said, I don't think that's something PayPal releases – FeaturedSpace May 31 '19 at 16:18
  • the user is not logged. webhook is async and called by PP – silk May 31 '19 at 16:20
  • Does this not suffice? https://developer.paypal.com/docs/classic/products/instant-payment-notification/# – FeaturedSpace May 31 '19 at 16:21
  • I use IPN, but I want to switch to smart buttons, so I need to use webhooks – silk May 31 '19 at 16:32

2 Answers2

1

You don't need to use Webhooks for this. The response of the payment capture is returned right on onApprove callback. Just print your "details" variable and you will see it.

If you still want to use Webhooks, you can match the payment id with the one received in the webhook.

Example: https://jsfiddle.net/pedrinho/frgc93x2/1/code

Pedro Scarapicchia Junior
  • 366
  • 1
  • 6
  • If I rely on the frontend code to handle everything, what stops an attacker from tinkering with my frontend JS code to put $0.1 as payment amount and make it so this payment generates a valid purchase? The only secure way of handling payments if the decision logic (and verification) lives on the backend. So webhooks or IPN are essential. – avepr May 23 '22 at 00:51
0

Hey! Sorry I haven't been able to be of much help, but here's a link to another question similar to yours that seems to hold the answer.

The answer is to make (unfortunately) a second API call:

The only answer I found was to follow this up with a second call, this time to the GetExpressCheckoutDetails NVP API

Found here: PayPal REST API - How can I get email address returned in the webhook?

I hope I've been of some use!

FeaturedSpace
  • 479
  • 3
  • 18