PayPal Rest API Direct Payments

Question

I currently have my site accepting payments through PayPal. I use the PHP SDK for the REST API to handle this. This is the steps I take to handle payments through my site:

1. Create a payment with the intent set to "Sale", payment method set to "paypal" and the redirect url set to the confirmation page.
2. On the confirmation page I store the returned paymentId and PayerID (from the query string) to use in step 3.
3. Once the user confirms the order I then execute the payment passing in the paymentId and PayerID stored in step 2.

This works a treat. However I'd like to give the user an option of processing the payment via PayPal (like above) or via my site (using PayPal direct payments).

For the direct payments I have been able to successfully create the payment by setting the intent to "Sale", payment method to "credit_card" and passing in the appropriate card details. However I'm not sure whether I need to execute the payment afterwards like I do above or whether the payment automatically goes through.

If I do need to execute the payment then how do I get the paymentId and PayerID? If I don't need to execute the payment then this presents a problem as I'd like the user to confirm the payment. I could move the create payment stuff to only execute once the user confirms the order for direct payments but then I can't validate the card details after the user enters them. I was wondering if there was a better way to handle this?

I'd appreciate it if someone could help clear this up. Thanks

Answer 1

You'll just need to process the first step (create the payment) when it comes to a credit card (detailed here: https://developer.paypal.com/docs/integration/direct/accept-credit-cards/).

For your other question about the issues in not being able to have the user confirm, there are a few things you can do:

• Move the "confirmation" to before you actually process the card
• Use the auth / capture method instead (https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/authcapture/)

Since I think auth/capture is closer to what you're thinking about doing, let me dig in there a bit further. What you're essentially doing is authorizing the funds (holding them on the user's payment source) and then capturing them at a later time. This is the same premise as a hotel putting a hold on your credit card for incidentals, and later canceling the hold.

You can do all of this with the PayPal REST API. Here are the features you're looking for:

• Authorizing funds: https://developer.paypal.com/docs/api/#authorizations
• Capturing funds (at a later time): https://developer.paypal.com/docs/api/#captures
• Voiding (canceling) an authorized hold of funds if a suer doesn't want to process: https://developer.paypal.com/docs/api/#void-an-authorization

After you authorize, that's the point where the user can confirm and you can validate the card. Once everything is approved, you can then capture.

I know this isn't going to be an issue for you, but I'll mention it anyways. With auth/capture, authorized funds will be guaranteed to be there for only 3 days (honor period), but you can keep trying to capture the funds for 29 days. After those 3 days though, there isn't a guarantee that the funds will be present.

Hope that helps