Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I make a browser extension payments system? [closed]

I've found today in my inbox an email from google where they announce that CWS payments API is deprecated

I'm working to create a Chrome extension that I want to release with the in-app payments support to let the user purchase a license to unlock full features. I was oriented to the CWS native payments API, but Google's decision to deprecate the API is a very bad news.

At the moment I've found a nice Wordpress plugin that will manage licensing, I'm thinking of using it to create a licenses backend but I'm not sure about it because it's mainly focused to be used for wordpress themes or plugins, so to implement it on client side for an extension would require some workarounds.

How do you will manage your in app purchases and licensing for Chrome extensions or Electron apps?

like image 663
fed3vt Avatar asked Sep 22 '20 10:09

fed3vt


People also ask

What can you do with extensionpay?

ExtensionPay supports one-time & recurring subscription payments, free trials, premium paid features, and more — just sign up & use the open-source JavaScript library in your extension code. Developers have made over $6000 with ExtensionPay! ExtensionPay integrates with Stripe↗ to accept card payments around the world.

How to make money with browser extensions?

How Browser Extensions Make Money? Digital products help you get more exposure for your brand while generating a revenue stream. Creating a browser extension gives you a product you can market to your current clients and target audience.

How to monetize your browser extension?

There are currently over 188 thousand extensions on the Chrome Web Store. Creating a browser extension can be a steady source of income if you monetize it right. In this post, we’ll show you ways to monetize your browser extension. How Browser Extensions Make Money? 1. Sell Advertising 2. Charge for the Extension 3. Offer subscriptions 4.

Why should you create browser extensions?

Creating a browser extension gives you a product you can market to your current clients and target audience. Since extensions are meant to make work easier and solve problems, they enhance the user experience and build loyalty to your brand.


1 Answers

Alright, so as I am in the same situation as you are, I did a little bit of research. Here is a summary of my findings and comments on the matter.

There are three things to think about before you get started with the implementation:

  1. The type of payment processing service you want to use;
  2. The way you want to limit features for the free version (and for multiple tiers of plans);
  3. The security of your users information through your extension.

Let's go through each of these one at a time.


1. Type of payment processing

There are two main types of service providers that will allow you to collect payments in you extension. Payment processing platforms are the first type: they allow you to process payments and will generate receipts, but they won't manage the different taxes and regulations of different countries. If you operate solely in one country, or in a few countries where taxes and regulations are the same, this won't affect you.

However, if you have users around the world, especially in Europe, implementing the rules to handle all of the different taxes and regulations can get really complicated and messy. But you have to do it, otherwise you put yourself in a situation where you are at risk of getting fined. That is where the second type comes in: the merchants of record. These are companies that will charge the users on your behalf, removing all of the complexities of taxes and regulations from your plate. They're essentially acting as a reseller of your products. Of course, they take a small cut from your revenue to pay for the weight that they're taking off your shoulders and putting onto their own.

Payment processing platforms will be cheaper (ex.: 2.9% + 0.30$ per transaction for Stripe), while merchant of records take a bigger cut (ex.: 5% + 0.50$ for Paddle). However, if you deal internationally, the 2.1% higher price is likely more advantageous for you, just because it saves you a lot of time and development work.

It's important to note however that merchant of records are unlikely to take on a brand new project, especially for Chrome extensions. That's because the amount of revenue those extensions generate on average is pretty low, and often not really worth it for them. Still, I suggest you hit up a few of them before deciding do go the classic payment processing way, just in case you can get in touch with a salesperson who sees potential in your project and is willing to take you on.

Here are a few merchant of records:

  • Cleverbridge
  • 2Checkout (offers both MoR and basic payment processing services)
  • Paddle (does not support new Chrome extensions at the moment)
  • FastSpring (does not support Chrome extensions anymore, as of 2021)

Here are a few payment processing platforms:

  • Stripe
  • Paypal (from my experience, Paypal is a lot less developer friendly than Stripe)

2. Limiting features for free or tiered plans

The way features are limited for non-paying users will differ from one extension to the other.

If the features you want to limit in your extension already rely on a backend, to fetch or process data for example, it would make sense to implement the limitations on the server side. You would simply pass the user's ID, which could be stored in chrome.storage, to each request made to the backend. In addition to that, you could also disable the related elements on the client side, such as hiding or greying out buttons, tabs or fields, to make it clear to the user that those features are locked. You'll want to make sure the limitations are in place on the backend as well however, because otherwise a user could just inspect your extension and enable premium features without paying.

If your extension mostly or only operates on the client-side, then you will have to render the interface conditionally, based on the user's plan. The scripts or interfaces that will be added will most likely have to be returned by a backend, as pretty much anything that is done only on the client-side could potentially be inspected and exploited. In that case, any backend technologies or platforms you are most familiar with can probably be used to set things up.

Keep in mind that most of the payment processing and MoR listed above have APIs and guides on how to implement them securely in apps and websites. However, if you know Wordpress well and can set up a secure communication between your Wordpress and your extension, go ahead. If you want to use an online service like Zapier to link existing authentication and licensing services together, go ahead and do that!

There could be a lot more details in this section - there is a ton of material to cover, so I suggest you look for articles and tutorials online to help guide you in this process if you don't have much experience in the matter.


3. Security

This section won't be long, but it is very important one. No matter which payment processing platform you decide on or how you limit access to features in your extension, it is crucial that you make sure that your users information can never fall into the hands of another user. That includes reverse engineering and exploits of your system.

The more things you decide to handle yourself, the more risk there is, especially if you are not experienced. Keep that in mind when making your decision(s).


That's all for me. I hope that helps a bit!

I know it's probably a lot of information without any detailed "how-to", but without having in-depth knowledge of your product and situation, it is impossible to say what you should do exactly.

P.S.

If that can offer any guidance, here's what I will be doing for my own extension. Seeing as it's already very reliant on a PHP backend, I will add a few features to the backend in order to communicate with the Paddle API. So all of the limitations will be implemented on the backend, and I will add messages and visual indicators on the frontend to inform the free users of what they can and cannot do.

[Edit]
I just received a message from Paddle indicating that they do not support new Chrome extensions at the moment. Sorry for the misleading there.

[Edit: June 2021] After an update earlier this year, FastSpring has updated their security standards, which makes it unusable within Chrome extensions. After I enquired, their support agents informed me that they do not support Chrome extensions anymore (and that it was only "accidentally" supported before).

like image 112
Émile Perron Avatar answered Nov 15 '22 11:11

Émile Perron