Handling Transaction Between Paypal and Local Datasase

旧街凉风 提交于 2020-01-24 13:34:13

问题


What is the best practice to handle transaction between application and paypal.

Consider:

  • I'm Alice and I want send money to Bob
  • In my DB I see that Bob has $200 and I want to send him $150.
  • Once transaction is sent I want to update the Bob's account such that it would contain $50.

Now according to PayPal API I can send Pay and receive success. However what happens if I for example send Pay it succeeds but I fail to receive a response due to network problem. So I assume that error happened and try again and technically I'll send $300 to Bob instead of $150?

How can I handle such a transaction - between a local database that keeps an account and the remote PayPal API?


回答1:


I had this exact concern recently with an ASP.NET MVC project I was completing for a client.

I learned two things:

  • Communication between Paypal and your database cannot be trusted (well, didn't really learn this, but it was entirely reinforced)

  • I now understand why so many websites that have Paypal as a transaction type mention there could be a processing period between the time that the transaction was completed and shipping/delivery of the product is completed.


The way you handle the situation is similar to the way a business could handle personal checks:

  • A personal check looks like currency (and typically is), but many businesses would like some sort of verification from the bank that funds are available before they accept payment - so they use a machine that asks the bank if funds are actually available.
  • If the machine says the funds are available, the business trusts it and you complete the transaction. However, the machine can give an error message that typically means "the funds are not available or something went wrong" and the business has a decision to make:
    • We can trust the customer and accept the check, deliver the product, and hope for the best when later depositing the check to the bank.
    • Or we can tell the customer that it will take time for the check to clear, deposit the check, wait for the funds to actually arrive in our account, and (if successful) deliver the product after the business receives funding.

This sounds inefficient with the way many businesses operate today, but it is something that does come up. In fact, this is why a lot of businesses stray away from accepting personal checks, they are unreliable when compared to other methods of payment.

Now how does this correlate to handling a Paypal payment?

  • A Paypal payment looks like currency (and it typically is), but many businesses would like some sort of verification from the Paypal that funds are available before they accept payment - so they use Paypal PDT, IPN, or other method for checking that the transaction was handled appropriately.
  • If Paypal properly responds to one of the verification requests, the business can trust it and complete the transaction. However, your website may throw an error of some sort (i.e. Paypal could reply with an IPN response of NOTVALID, or you could never get a reply from Paypal). The business has a decision to make:
    • The business can trust the customer and accept that they have made a Paypal payment and everything should be alright (very bad decision in the case of a Paypal transaction)
    • Or the business can tell the customer at check-out time that there may be a 72 hour processing period for Paypal payments.

This may not sound like the best way to operate your business, but it is the way we have to deal with an imperfect internet.

I would set up the Paypal payment flow similar to this:

  1. UserA wants to send $100 to another UserB using Paypal
  2. UserA enters the value in the 'checkout field' and is sent over to Paypal to verify the transaction.
  3. UserA is sent back to your website from Paypal and your website performs the IPN check with the details that Paypal has POSTed to your site(I chose IPN in this case - as if we were using Express Checkout as opposed to some other payment gateway that Paypal offers).
  4. If the IPN is VALID, process the transaction as expected.
  5. If the IPN is not VALID, mention to the customer that there may be a delay in processing, have your application send you a notification that a possible Paypal transaction issue has occurred (you may want to include a reference id so that you can quickly find which transaction this notification is referencing), and mark the transaction as pending as opposed to complete or something similar.
  6. An admin of the site who handles these notifications will manually investigate the transaction (or force the website to check with Paypal again - see the Paypal API documentation for details on this) and manually mark the transaction as complete or failed.
  7. Notify those involved of the status of the transaction.

It is annoying that we have to have extra steps involved to make sure the money was transferred, but, as mentioned earlier, we are using an imperfect system and we want to be very certain of the success / failure of financial transactions.

An added bonus to this process is that there is likely to be notifications when someone is tampering with the Paypal payment system - leaving you better equipped to deal with evil-doers in the future.




回答2:


Please refer this link ,Hope PayPal Authorization & Capture method will be suitable for you ,since you don't want lose the response as well as miscalculated amount transfers, PayPal provides correlation id that can be referred for PayPal to confirm your order status,it will be better to pass the order id to PayPal API.

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_admin_authcapture

http://www.scribd.com/doc/6303345/40/CorrelationID-for-Reporting-Problems-to-PayPal

Good Luck!




回答3:


This is known as 2-phase commit. As long as paypal does not participate in the same transaction, you will run into problems.




回答4:


I would debit Alice the $150 and reflect the transaction is "Pending Confirmation", then periodically poll PayPal to synchronize your DB, since you have no control of when the network or PayPal may be available, post, reverse or adjust the transaction. Once PayPal processes the transaction, you can change the status in your DB from "Pending" to "Completed". BTW, this how bank accounts and credit cards are processed. You could apply a double-entry accounting method to your DB. (see this Q&A)




回答5:


From what i see you need to make sure the transaction is complete otherwise nothing should be done .
If you deposit the money into PayPal API and you do not receive an response from PAYPAL API then you need to rollback the transaction in you DB.



来源:https://stackoverflow.com/questions/11535517/handling-transaction-between-paypal-and-local-datasase

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!