Hi, Does any know about a good resource for using ActiveMerchant to create an encrypted button that will use Paypal's Standard checkout mode? Best regards,
on 2008-10-30 14:35
on 2008-10-30 15:01
I have found some info on the following page: http://www.fortytwo.gr/blog/14/Using-Paypal-with-Rails However at some point, the writer creates a Crypto42 module which encrypts the data for the button, but this defeats the purpose of using ActiveMerchant. Doesn't AM ship with a way to encrypt the button? AM has all the code necessary to handle the IPN so that's not a problem, but I don't understand how to create an encrypted button with AM.
on 2008-10-30 20:34
This took me about a week of hair-pulling to finally locate and I'm happy to save you that pain -- :) It seems that the nice folks at PayPal actually wrote a rails plugin to do this and then decided to TELL NO ONE ABOUT IT! Somehow I found it after A LOT of looking. The name of the magic plugin is "PayPalWPSToolkit" and currently sits in my Rails Plugin folder. I wish I could tell you the exact url I downloaded it from but I'm sure you can google around and find it somewhere. I have it up and running on my site and it works like a charm.
on 2008-10-30 21:01
Hi John, Thanks for your reply. In the mean time I had found the Paypal plugin which is buried somewhere in their developer website. The link I have posted earlier actually has taken code from it to create the button. I still don't understand why it is not made available out-of-the-box in ActiveMerchant. I would have one Paypal specific question for you: do you know how to redirect the user automatically to the credit card form instead of having him redirected first to a page where there is no credit card form and where the buyer must seek for a "don't have a paypal account yet" link? Best regards, PS: You are right, Paypal's websites are total crap with respect to user interface, I constantly get lost...
on 2008-10-30 21:15
Like you, I spent some time trying to avoid this obfuscation for my users but had no luck -- obviously, Paypal has set it up that way on purpose to encourage Paypal usage. Not nice of them especially since a lot of my users are from an older demographic less savvy about Paypal/Web and less able to notice the little link allowing them to use a credit card. They get confused. Seperately, from the recesses of my brain here's one more little "tip" if you adopt the plugin -- the plugin can override most any setting that you can set on the website. So, for example, if you change your ipn redirect url or anything in your "profile" on the website it will have no effect if you've also set it in your call from the rails app. I recently switched my site from http to https and couldn't figure out why PayPal kept sending my IPNs and PDTs to http even though I instructed https on the website. The answer was that I had forgotten that I was overriding the website with my orginal call from my app.
on 2008-10-30 21:30
> Like you, I spent some time trying to avoid this obfuscation for my > users but had no luck -- obviously, Paypal has set it up that way on > purpose to encourage Paypal usage. > I know it is possible to do it, because the peepcode.com website does it. As the developer of the website didn't even bother encrypting the params, I tried to look at the html code, but I was not able to identify any param that could alter this behaviour. It is probably a hidden option somewhere in the paypal Business profile. > Seperately, from the recesses of my brain here's one more little "tip" > if you adopt the plugin [...] > The code in this plugin is an absolute joke. Very php-compliant. Some methods simply call other methods without doing anything at all except passing the exact same args. I am also fed up having to hunt for these class vars scattered all over the place. I would not recommend using this plugin as is, it is better to understand it and refactor it... a lot. By the way, why do you use SSL for the IPN? Isn't Paypal's notification encrypted? PS: the developer of the Rails plugin by Paypal is a developer of ActiveMerchant.
on 2008-10-30 21:52
I checked out peepcode and it seems like I landed on the same PayPal page that my users land on. Specifically, there's this text on the left side of the Paypal page -- Don't have a PayPal account? Use your credit card or bank account (where available). <a>Continue</a> <--small, easily missed link The right side of the page has a big "Log In To Paypal" box. Yep, plugin seems to be haphazardly translated from some other source (as you sugggest--probably PHP). I cut and pasted what I needed and I'm not even sure how much of it I'm actually using any more. In that sense, it got the job done and I was grateful for it. You're right, SSL for ipn is overkill. It was quicker to just SSL the whole checkout controller instead of making an exception for my ipn_update action. My app has a lot of private data on it so for marketing purposes I often use https in places that don't really need it -- there's that small slice of observant people that perhaps take comfort in seeing https sprinkled around and maybe that's worth the extra server encryption overhead.
on 2008-10-30 22:02
John Clancy wrote: > I checked out peepcode and it seems like I landed on the same PayPal > page that my users land on. Specifically, there's this text on the left > side of the Paypal page -- > Don't have a PayPal account? > Use your credit card or bank account (where available). <a>Continue</a> > <--small, easily missed link > The right side of the page has a big "Log In To Paypal" box. > There is something paranormal going on, I just tested again peepcode, and I directly landed on the credit card form using Safari 3.1. Then I tried with Firefox 3, and I landed on the crappy paypal page where you must first click on the tiny link to get to the credit card form...
on 2008-10-30 22:11
Clearly, PayPal/Ebay has a bias for Mac users. Maybe PayPal's running a quick and dirty test on click-through rates and is using browser type to maintain a consistent presentation to the two classes of users. In the off chance that someone buys multiple items through WPS they won't keep seeing different versions of the landing page (assuming they always use the same web browser).
on 2008-10-30 23:04
I tested again on my WinXP box, you seem to be right, Paypal checks for the client Platform: I tested on my own website to see how it redirects to Paypal: Mac+FF3: crap page Mac+Saf: credit card form Win+FF3: credit card form Win+IE6: credit card form Best regards,