I would like to integrate python's paypal sdk into my project so that users can pay however much they choose. The current method requires a fixed price, https://developer.paypal.com/docs/api/quickstart/create-process-order/
However I want the user to be able to choose how much they want to send.
You linked to a server integration document, which is also for a deprecated API.
Do you want to create the order on the server side, or not? If yes, sending the amount from the client to the server that executes the orders API call is work you will need to do.
Begin your integration with the current v2/checkout/orders API by making two routes on your server, one for 'Create Order' and one for 'Capture Order', documented here. These routes should return only JSON data (no HTML or text). When a capture response is successful, store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) before sending your return JSON.
Pair those two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
Since your question was specific to setting a custom amount, you should probably add a JSON body to the createOrder's fetch call, to send the amount you want to your server.
For a simple client-side integration that uses no server-side API calls, see the documentation and
set the createOrder purchase units value: with some function or variable that gets the value you want. For instance:
value: document.getElementById(...).value
If you are not a programmer, you can even generate such a button for a custom amount via https://www.paypal.com/buttons/smart
Related
I intend to realize a search engine in a niche area where the results must be searchable only from the front page of my website not through API or web scraping by third parties. It is not therefore any kind of token for users authentications, as the access to the website will be public at least in the beginning (no paywall or user accounts involved.)
My question is which method would be less computationally expensive to generate for each user/visit when someone initiates a search. I thought to use local storage of a random token generated at page loading (such as when some bot is scanning the page to not be able to create the token and therefore to not access the API for receiving search results) however in order to check that a token was issued legit (by my server) this means to grow a continuous database storage with all tokens issued earlier and consumed by users.
This not being a practical solutions for a huge number of users when the traffic will increase I want to know if someone used with success something similar or some better approach.
I don't want to use reCaptcha as a validation method [for human users] as this would offer a very poor user experience on the platform, degrading also the speed of using the system to run the searching queries.
The frontend will be made on React or Vue and backend on Python.
You could go with a set of pre-generated UUIDs in a database to pick-up and flag as used when consumed or compute a SHA3-512 hash from originating IP address + timestamp. On both cases, you can make the back-end process to inject a Set-Cookie containing the token into the response with the proper cookie policies, this key will be automatically provided by web-browsers afterwards but not by bots.
I'm configuring MangoPay for my web application and it's now time for credit card registration. I'm using the python SDK that MangoPay recommends.
The workflow requires a CardRegistration to be created on the backend, which can be used to generate a form in the front end. On this form the user adds the credit card details, which are sent to a 3rd party tokenisation service and returned to the users front end. This token can be sent now to my backend and, added to the CardRegistration object, can be saved enabling the card for the user.
My issue is that I don't know how to store CardRegistration object between calls in the backend while I wait for the user to generate the token and return it.
Sessions can not be used, as the preregistration object contains sensitive data. To prove if it would have worked and I tried to use pickle but it raises a PicklingError, so serialization and storage doesn't look like an option either.
What should I look into? Is there some kind of design pattern I can use to store the object quickly for retrieval?
We are trying to get the owned games of a lot of users but our problem is that after a while the API call limit (100.000 a day) kicks in and we stop getting results.
We use 'IPlayerService/GetOwnedGames/v0001/?key=APIKEY&steamid=STEAMID' in our call and it works for the first entries.
There are several other queries like the GetPlayerSummaries query which take multiple Steam IDs, but according to the documentation, this one only takes one.
Is there any other way to combine/ merge our queries? We are using Python and the urllib.request library to create the request.
Depending on the payload of the requests you have the following possibilities:
if each request brings only the newest updates, you could serialize the steam ID's when you get the response that you've hit the daily limit
if you have the ability to control via the request payload what data you receive, you could go for a multithreaded / multiprocessing approach that consume the request queries and the steam ID's from a couple of shared resources
As #andreihondrari indirectly stated in his comment under his answer, one can request to get an API key which can get more then the 100.000 calls/ day. This is stated under part "License to Steam Web API & Steam Data" of the documentation:
You are limited to one hundred thousand (100,000) calls to the Steam Web API per day. Valve may approve higher daily call limits if you adhere to these API Terms of Use.
This may be complicated and there is of cause the possibility that you wont get approved, but this is pretty much the only stable way you can go.
Furthermore you could theoretically use multiple Steam Web API keys, BUT:
Each API key still has the limitation of 100.000 calls/day so you'll need to implement a fail safe and a transition between used keys and possibly need to create lots of accounts.
As each user has his own specific friendlist and blocked list the API key can "see" a portion of the Steam Community exclusively (friends data is not public otherwise). So it could be that you are using one API key which can't "see" a certain user when you could've used another to "see" it properly.
You'll need a unique email adress for each created account.
Note: Having multiple accounts actually complies with Valves ToS according to this post on Arqade.
I am making my first web app with Flask wherein a database of drinks is displayed on the front-end based on selected ingredients. Then the user selects a drink and an in-page pop-up appears with some drink info and a button "make", when the user hits "make" it calls some python code on the back end (Flask) to control GPIO on my raspberry pi to control some pumps.
Does this "make" need to call some route (e.g. /make/<drink>) in order to call the python function on the back end? I don't like the idea that any user could just enter the URL (example.com/make/<drink>) where is something in the database to force the machine to make the drink even if the proper ingredients are not loaded. Even if I did checking on the back end to ensure the user had selected ingredients were loaded, I want the user to have to user the interface instead of just entering URLs.
Is there a way so that the make button calls the python code without using a "dummy URL" for routing the button to the server?
As others mentioned, you can secure the endpoint so that a user has to provide credentials to issue a successful request to that endpoint.
In addition, your endpoint should be using proper HTTP semantics if its creating / updating data. i.e. POST to create a drink, PUT to update a drink. This will also protect you from someone just putting the URL into a browser since that is a GET request.
TL;DR
Secure the endpoint (if possible)
Add checks that the proper request body is provided
Use proper HTTP semantics
Currently, there are absolutely no code snippets of the Notification API in Python. I am currently at a loss as the documentation, as thorough as it is, seems to be missing important information necessary to actually code a solution for myself.
Currently, I have a single product that I wish to submit to Google Checkout along with a hidden item, which would be the userid of the user currently logged into my site. Upon payment completion, the callback URL will receive the information, and process the user's payment information (serial key, order number, userid) and update the database.
I am using Django.
Gchecky is there, but it doesn't seem to work - and I've attempted multiple times to get a hold of the developer.
Have a look at Chippy's Shop:
http://code.google.com/p/chippysshop/
http://code.google.com/p/chippysshop/source/browse/googlecheckout.py