When a payment transaction via an Adaptive Payments application has been submitted, one of four different payment approval types is involved. The remainder of this section reviews these approval types: Explicit Payments, Preapproved Payments, Implicit Payments, and Guest Payments. Although we won’t use all of the approaches for payment integration with Tweet Relevance in this chapter, it’s important to know that these fundamental possibilities exist.
Explicit Payments require the sender to log into PayPal.com and approve each individual payment just like in an Express Checkout payment experience. This is the traditional method for paying via PayPal and is the only option a sender has for executing a payment, unless a preapproval agreement has been established (a Preapproved Payment), or unless the sender is also the application provider (an Implicit Payment). The interaction between your application and PayPal can be controlled during the transaction process by providing URLs for redirecting the sender, depending on the situation. Figure 4-4 outlines an Explicit Payment flow, which consists of the following steps:
Your application sends a
Payrequest to PayPal.PayPal responds with a payment key that you use to redirect the sender to PayPal.
You redirect the sender to PayPal.com.
The sender approves the transfer of the payment, and PayPal redirects the sender to a return URL.
PayPal sends both the receiver and the sender an email summarizing the payment that was made.
Warning
Although not explicitly listed as a step in Figure 4-4, applications should be careful to verify the status of a payment immediately after the redirect of Step 4 before taking any actions such as crediting a user account. Usually, this is accomplished by using the same key that was returned in Step 2. For example, if PayPal redirects back to http://example.com/successful_payment?user=Bob&item=123 and your application blindly ships Bob Item #123 without first confirming the payment status referenced by the Pay key from Step 2, you’d be wide open to easy hacking exploits.
Preapproved Payments allow senders to log into PayPal.com and set up preapprovals for future payments so that explicit payments are not required for every single transaction. Once the preapproval is established for certain constraints such as amount or time duration, payments are automatically considered approved, and the sender will not have to log in to approve payments to that vendor in the future until one of the preapproved conditions expires. During the preapproval setup process, the sender can specify the following constraints:
Duration of the preapproval, including the start date and end date
The maximum amount being approved at one time
The maximum number of payments allowed for the vendor
Figure 4-5 outlines a Preapproved Payment flow, which consists of the following steps:
An application sends a preapproval request to PayPal.
PayPal responds with a preapproval key that you use in redirecting the sender to PayPal.
The application redirects the sender to PayPal.
After the sender approves the preapproval, PayPal redirects the sender to a return URL.
PayPal sends both the receiver and the sender an email summarizing the payment that was made.
Once the sender approves the preapproval setup, an application can make payments on behalf of the sender directly, as outlined in Figure 4-6.
Your application sends a
Payrequest to PayPal that includes a preapproval key identifying the payment agreement.PayPal responds with a payment key that is used for other API functions.
Implicit Payments are payments sent directly by an application whose owner is also API caller. In the case of an Implicit Payment, no approval is necessary for the payment transaction since the parties are one and the same. Figure 4-7 outlines an Implicit Payment.
Your application sends a
Payrequest to PayPal.PayPal responds with a key to use for other API operations.
The Adaptive Payments product also supports Guest Payments, in which the sender can pay without a PayPal account by using a credit card. Guest Payments are handled in the same manner as Explicit Payments, except that the sender provides credit card information directly on the PayPal payment screen. The recipient of a Guest Payment must have either a business- or premier-level PayPal account in order for an application to process a Guest Payment.