Search code examples
web-applicationspaypal

What is the best PayPal web app workflow for client-server scenario?

PayPal documentation is absolutely appalling – please help. I am building a web app with a SPA client and a server, and I want to implement a robust PayPal payment workflow for the app. This initially will be just a one off payment implementation, but later on I will need to add subscriptions. Anyway, for now I am just trying to figure out a way to reliably and securely take one-off payments. After countless hours of reading the docs this is what I figured my workflow should be:

  1. User clicks payment button.
  2. Client app makes a request to the server asking to create an order.
  3. Server calls PayPal’s REST API (Create an Order) and receives order details. Server also saves order details in a DB.
  4. Server sends order details back to the client. Amongst those details I found a redirect URL which points to PayPal checkout.
  5. Client redirects to the URL.
  6. User performs order authorisation on PayPal’s website.
  7. PayPal redirects back to the client, returning a token in the URL.
  8. Client extracts the token (which is kind of order/payment ID?) and sends the ID to the server, asking to capture the payment.
  9. Server, using the ID, finds order details in the DB and calls PayPal’s REST API (Capture an order), and marks the order as paid in its DB.
  10. Server sends success confirmation back to the client.
  11. Client displays confirmation message.

This workflow seems secure (at no point the client has any payment info, all sensitive communication is strictly between the server and PayPal) and reliable (the funds are taken from the user at the absolute last moment, on the server, via REST call – any failure in the workflow will not lead to false or unrecorded fund transfers).

I also tried the webhooks approach. The flow is much simpler, but there seems to be a delay (about a minute or so) before webhook hits the server; this is not ideal because I want to show payment confirmation instantly.

So my questions are:

Is this workflow correct? Am I missing something? Is it oversimplified or overcomplicated? Would you replace some steps with something else?

I haven’t yet done my research about subscriptions. Will this workflow fit PayPal subscription creation?

For point 3 in the workflow, what PayPal request should I use: Create Order, Create Order Authorisation, or Authorise Order?

For point 9 in the workflow, what PayPal request should I use: Capture Order, Authorise Order, or Capture Order Authorisation?

And the last question. Is there any place I can learn how to develop for PayPal? From reading the docs, I found only the examples are useful. They don’t provide general guidance/tutorials, or explain what approaches should be used and why. Is there a better place to learn PayPal development than PayPal documentation?

The app is Blazor WebAssembly client (for those who don’t know how Blazor works – this is similar to a JavaScript SPA application running in the browser, but using C#/.NET) and .NET Core server, also in C#.

Solution

  • Redirecting is a legacy flow.

    The modern user experience is to not use any redirects. At all.

    You'll need two routes, one for 'Set Up Transaction' (create order) and one for 'Capture Transaction' (capture order), documented here.

    Pair your two routes with this UI for approval: https://developer.paypal.com/demo/checkout/#/pattern/server

    Subscriptions add their own complexity and there's no documentation on how to pair client side approval with a server integration like the above, but it's fairly straightforward when you know the create/activate API calls to use, and extra user_action parameter to set empty: https://stackoverflow.com/a/63908112/2069605