Setting dynamic amounts securely with Paypal payments with a redirection and not button?

Question

Ok, I haven't worked with hosted buttons before, but it makes sense as they are a lot more secure.

I have looked around and been reading the docs (which aren't all that helpful) and best help I have found so far is here; though I am still confused on where exactly to put that code?

Also, I technically don't want a "button", but the idea behind them seems what I want.

All I want to do is use the same query vars every time but just want to change the price - the price is dynamic depending on what the user selects in the form.

Additionally, I don't want a button per se, I would much prefer to redirect the user to paypal with the appropriate data but not sure how to go about doing that whilst setting a dynamic price?

If I didn't have to set a dynamic price I know I could just append the query vars for a hosted button onto a URL and then redirect to that URL, but I need to change the price and hence my question...

Answer 1

Ok, I finally found out that not only does the response from the BMUpdateButton API return the HTML to create a form, it also returns other data as well within the returned array.

Once you make the request it will return an array with three keys as per the BMUpdateButton Response section on the API page linked above.

These are:

• WEBSITECODE

  HTML code for web pages

  • EMAILLINK

This is what I was looking for; a plain link you can redirect users to

• HOSTEDBUTTONID

The id of the button.

Be advised when altering the contents of a hosted button you need to pass all the details of the button to it as when you created it; so as an example, if you leave out passing it an item name the item name will be blank and Paypal will allow the user to set it.

Also, an important note is that when you update the button details, it isn't just updated for that users session, it updates it within your paypal account - so the new name/price etc will affect all users that attempt to use it.

If you still would like to update the details of the button you can do that with the below:

I personally started with this class:

<?php

class Paypal
{
    /**
     * Last error message(s)
     * @var array
     */
    protected $_errors = array();

    /**
     * API Credentials
     * Use the correct credentials for the environment in use (Live / Sandbox)
     * @var array
     */
    protected $_credentials = array(
        'USER' => 'seller_1297608781_biz_api1.lionite.com',
        'PWD' => '1297608792',
        'SIGNATURE' => 'A3g66.FS3NAf4mkHn3BDQdpo6JD.ACcPc4wMrInvUEqO3Uapovity47p',
    );

    /**
     * API endpoint
     * Live - https://api-3t.paypal.com/nvp
     * Sandbox - https://api-3t.sandbox.paypal.com/nvp
     * @var string
     */
    protected $_endPoint = 'https://api-3t.sandbox.paypal.com/nvp';

    /**
     * API Version
     * @var string
     */
    protected $_version = '74.0';

    /**
     * Make API request
     *
     * @param string $method string API method to request
     * @param array $params Additional request parameters
     * @return array / boolean Response array / boolean false on failure
     */
    public function request($method, $params = array())
    {
        $this->_errors = array();
        if (empty($method)) { //Check if API method is not empty
            $this->_errors = array('API method is missing');
            return false;
        }

        //Our request parameters
        $requestParams = array(
                'METHOD' => $method,
                'VERSION' => $this->_version
            ) + $this->_credentials;

        //Building our NVP string
        $request = http_build_query($requestParams + $params);

        //cURL settings
        $curlOptions = array(
            CURLOPT_URL => $this->_endPoint,
            CURLOPT_VERBOSE => 1,
            CURLOPT_SSL_VERIFYPEER => true,
            CURLOPT_SSL_VERIFYHOST => 2,
            CURLOPT_CAINFO => dirname(__FILE__) . '/cacert.pem', //CA cert file
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_POST => 1,
            CURLOPT_POSTFIELDS => $request
        );

        $ch = curl_init();
        curl_setopt_array($ch, $curlOptions);

        //Sending our request - $response will hold the API response
        $response = curl_exec($ch);

        //Checking for cURL errors
        if (curl_errno($ch)) {
            $this->_errors = curl_error($ch);
            curl_close($ch);
            return false;
            //Handle errors
        } else {
            curl_close($ch);
            $responseArray = array();
            parse_str($response, $responseArray); // Break the NVP string to an array
            return $responseArray;
        }
    }
}

?>

Credit: https://www.smashingmagazine.com/2011/09/getting-started-with-the-paypal-api/

Then I did the below:

include(dirname(__FILE__) . '/includes/paypal.class.php');

$paypal = new Paypal();

// Set our method
$method = 'BMUpdateButton';

// Set our params
$params = array(
    'HOSTEDBUTTONID' => 'your_button_id',
    'BUTTONTYPE' => 'BUYNOW',
    'BUTTONSUBTYPE' => 'SERVICES',
    'L_BUTTONVAR0' => 'item_name=Your Description',
    'L_BUTTONVAR1' => 'amount=999.00',
    'L_BUTTONVAR2' => 'currency_code=AUD',
    'L_BUTTONVAR3' => 'cancel_return=http://www.example.com/cancel.html',
    'L_BUTTONVAR4' => 'return=http://www.example.com/success.html'
);

// Make request to change button details
$result = $paypal->request($method, $params);

Note that while Paypal say that BUTTONSUBTYPE is optional, you will likely get an error if you don't include it.