How to integrate payment processing with GWT / GAE based app?

Question

I have a GWT based app, which is deployed on Google App Engine for Java. The app uses Google Accounts based authentication. I'm maintaining basic user information such as email id (from Google Accounts), last login date etc. in the GAE datastore. The access to the website is free. Anyone can use it using his/her Google Account.

Going forward, I would like to make it a paid service. However, I have zero experience with setting up and operating an e-commerce website. So my question may be a bit vague. I need some guidance on how to go about it.

Here are some of my requirements (but I'm flexible on the exact implementation):

1. Offer 2 different types of account - free and premium.
2. I do not want to maintain any credit card related information in my system. I would also prefer to not maintain an elaborate user database.
3. When a user first logs in, he/she automatically gets a free account.
4. User has to "upgrade" to a premium account to access all features of the application.
5. User has to pay a one-time fee to upgrade.

Given this information, I have the following questions:

1. Is GAE suited for my requirements?
2. Which payment gateway (Paypal, Google Checkout etc.) would be most suitable for my requirements?
3. What level of integration is required between my app and the Payment gateway? I would like to maintain minimal user information in my app. I want to focus on my application development and want to spend minimal effort on user administration.
4. Would I need to implement a custom authentication mechanism or continue to use Google Accounts or another OpenID based authentication?
5. What other things do I need to consider?

I'll appreciate any help on this. Thanks.

Answer 1

Generally speaking, there's absolutely no reason why you wouldn't be able to keep the current application and its account management. You can extend your user account with an account type field that stores whether the user is a paying customer or not. If you need to send invoices, also store the users contact information (Paypal will send this to you together with payment receipts)

As far as specific payment providers is concerned. I only have practical hands-on experience with PayPal. I would not use them again for a few reasons:

• Their APIs are not very well documented and some of the documentation is wrong (or out-of-date).
• If you're a small player, support is mostly via the forums. So basically this means you're on your own.
• Some of the APIs have serious gaping holes and missing functionality (for instance, you can create subscriptions, but not cancel them if you're using the standard payments APIs.
• Outside of the US and a few lucky countries, the advanced APIs are not available. So you're stuck with implementing a IPN listener servlet, while it would much more preferable to pull the information when needed.

All existing PayPal Java libraries I have found use the Pro features that are not available to most of the users. Because I couldn't find it anywhere else, I have created and open sourced my own IPN servlet but it is very unfinished. If there is a demand for it, I'd be willing to improve it, just let me know.

What this IPN servlet does is listen to incoming PayPal messages. For instance, if a user subscribes, you'll get a message. If a user is billed (for instance on a monthly cycle), you'll get a message. If a user cancels his subscription you'll get a message. Those message allow you to maintain the account type of the user.

If I'd do it again, I would probably use a more advanced and higher level subscription API, such as Spreedly. I've heard some good things about the API and they are pretty affordable. I have no actual experience with Spreedly, so this is not an endorsement.

Answer 2

GAE supports this kind of applications without any particular problem; if your language of choice is Java, I would pick Paypal with this toolkit because Google Checkout Java API does not seem to work very well on GAE.

You would need an Authorization mechanism to check what your users are allowed to do based on their permissions.
Basically you would need the following things:

1. A flag membership status that indicates if a user is Premium or not; this should be set after the payment notification
2. An authorization system to check if, reading the membership flag value , a given Web Handler can be consumed by the current user

Have a look to this great Spring Security tutorial; it covers:

• Authentication using Google Accounts.
• Setup access-control restrictions based on the roles assigned to users.