Summary

Previous page
Table of content
Next page

Using PayPal's API introduces some new challenges with client-side certificates, and the inability of common tools to function in this manner. However, cURL's powerful connection libraries combined with PayPal's strong SOAP design (with minimal changes between requests) allow a single function to carry out all manner of requests.

Upon completing this chapter, you should be able to effectively use the PayPal API to do the following:

  • Accept and process payments using PayPal notification features

  • Request and search the details of a PayPal transaction

  • Issue refunds with PayPal

  • Use MassPay to send payments to a large number of people at once

Because transactions with PayPal involve real-world money rather than search results or product information, additional care should be taken. Client-side certificates must be kept outside the document root where they will be safer from the prying eyes of the curious user (or attacker). Programmers and maintainers must also be vigilant to ensure that proper authentication takes place before any of the calls are made, to ensure that unauthorized scripts or calls from the outside world cannot effect payments or refunds.

Even when payments are received from PayPal, care must be taken to ensure that the payment information received correctly matches an item within a local product database, because it is trivial for an attacker to modify simple identification items such as the product name or id.

These additional challenges are not without reward, however; using PayPal to process payments allows you to trade on PayPal's brand name in Internet payment processing. Speaking from experience, users are often far more willing to send a payment to an unknown website via PayPal than they are to give outside sources their credit card information. This is particularly useful when purchasing a digital-only product (such as access to a website or a download), because the option is available not to give a home address, which is generally required to authenticate credit card purchases.

This is the last full-chapter coverage of a single API. The next chapter introduces three different APIs in rapid succession, really just trying to help you hit the ground running when it comes to coding for their use.



Previous page
Table of content
Next page
Professional Web APIs with PHP. eBay, Google, PayPal, Amazon, FedEx, Plus Web Feeds
Professional Web APIs with PHP. eBay, Google, PayPal, Amazon, FedEx, Plus Web Feeds
ISBN: 764589547
EAN: N/A
Year: 2006
Pages: 130
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
101 Microsoft Visual Basic .NET Applications
The Java Tutorial: A Short Course on the Basics, 4th Edition
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy