PayPal REST API order workflow: Payment -> Sale ->

2020-06-17 15:11发布

I am trying to integrate the PayPal REST API into my Symfony 2 web app but I find hard to understand how exactly the complete workflow looks like:

The PayPal docs describe the following steps to accept a payment. One can use the PayPal Playground to simulate these steps:

  1. Get an access token
  2. Create a Payment object by querying the API
  3. Redirect the user to the approval url received in the Payment response
  4. After the user approved the payment on the PayPal page, he is redirected back to my page, using the success-link defined in the Payment object. Use the received information to execute the payment.
  5. Payment is completed with status approved

From the docs: Once a payment is complete, it is referred to as a sale. You can then look up the sale and refund it.

So far so good. BUT: Where are Webhooks used/fired in this workflow? I have defined a wildcard Webhook (accepting all possible events) in the PayPal Developer Dashboard.

My observation is, that my system receives the Webhook event 1-2 Minutes (!) after the user was redirected back to the success-link and after the payment was executed (Step 4).

Beside this long delay between executing the payment and receiving the Webhook, this workflow means, that I only receive the Webhook AFTER handling the success-link. This means, handling the success-link is absolutly necessary for the payment to be completed. Is this correct?

Do I need to use Webhooks?

I already asked this question a few days before and the answer by nifr is quite reasonable: One cannot trust the user to follow any redirect URL but should only rely on the Webhook events.

However this collides with the observations I described before, since I will never receive the Webhook without handling the redirect URL...

So, handling the PAYMENT.SALE.COMPLETED webhook event does not make a lot of sense, since this should already be done in when handling the redirect URL. Correct?

However, to handle updates on pending payments, handle refunds or reversed payments, etc. are only possible by listening on those events.

So the answer is: Only use Webhooks to get updates on payments made before. Correct?

So, the main questions are:

  1. The 5-step process to accept payments does not say anything about using Webhooks. This does not seem to make a lot of sense, because without Webhooks one would miss update events, etc.? So, is it really possible to implement the complete payment workflow without Webhooks?
  2. If yes, how are updates (refunds, pending, etc) handled in this case?
  3. If no, what is the right strategy/time to fulfill the order since it take quite a long time to completly receive and handle the webhook?

1条回答
孤傲高冷的网名
2楼-- · 2020-06-17 15:44

i am still a newbie in PayPal world, but few days ago i integrated PayPal Plus REST API in an online Shop, and from my understanding i can tell that the workflow looks like:

  1. create a Payment
  2. redirect to PayPal
  3. Payer could pay using PayPal account OR (using Bank Direct debit or Credit Card Payment without PayPal Account)
  4. After completing the process on PayPal side, PayPal redirect the user back to your success URL.
  5. till now the user is still not charged(you got no money). At the moment where you (in your success URL) do $payment->execute($paymentExecution,$api); , you ask Paypal to charge the amount from user. BUT also after this, you got no Money. Paypal have first to process the charging and notify you later via WebhookEvents.

the Webhook Notification (with that nasty delay) is especially important when the user pays per direct debit or Credit Card etc. Processing such Payments takes few seconds/minutes.

the redirectUrl ist absolutly necessary for charging/executing the Payment. here on execution succeed, just to tell the user, that he finished his Job, and you can here save/capture the PaymentID/Transaction id for later usage/update via WebhookEvent Listener.

so i would recommend you to update your Database(Payment completed) only after receiving notofications via WebhookEvent Listener and not in the success RedirectUrl.

查看更多
登录 后发表回答