thanks guys. You've been amazingly helpful
<3 flashcoders
Quoting John Hattan <[EMAIL PROTECTED]>:
You don't send passwords to paypal. Just the transaction details (item
numbers, quantities, and prices) and your paypal address. The user
enters all the secure stuff on the paypal site so you don't have to
mess with that. The transaction you get from paypal only includes
the user's info (name, email, and snailmail address) and details
about the transaction (items purchased, quantities, and price).
There's no way for me to sneakily charge extra money from one of my
buyers' accounts.
As for security the other way (i.e. people faking a purchase to
you), there's a verify step. When paypal first contacts you to tell
you that somebody bought something, they send you a key, which is a
big string of random characters. You send this key to Paypal's
verification-server, and it sends you back a "VERIFIED" or "NOT
VERIFIED". If you get a "VERIFIED", then you can be sure that the
transaction came from Paypal.
Again, the sample-code takes care of all of this. Most of your
paypal solution will involve downloading their sample code in your
favorite server language (PHP, Perl, CF, etc) and modifying it to
serve your needs.
Google checkout is similar, security-wise, although it's entirely
XML-based and requires an encrypted connection so you can't talk to
it directly from Flash (at least not easily). In my case, I talk to
a little piece of PHP on my site that sends the transaction to
Google Checkout, because PHP has all the secure-connection stuff
built in.
One nice thing Google Checkout adds is that buyers can hide their
emails from sellers. I've gotten a couple of these with game
purchases. Instead of the user's real email address, I get something
like "[EMAIL PROTECTED]". This email
forwards to the buyer, but only for a limited time. That way buyers
don't have to worry about getting spammed by sellers after the fact.
----- Original Message ----
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: flashcoders@chattyfig.figleaf.com
Sent: Tuesday, April 24, 2007 4:42:01 AM
Subject: Re: [Flashcoders] flash and paypal
super-useful guys, thankyou
how secure is this? are there any passwords or seller account details
sent by flash to paypal?
Quoting Jordan Snyder <[EMAIL PROTECTED]>:
That was helpful John!
FYI, it seems your Google Checkout code is broken!
Cheers
On 4/23/07, John Hattan <[EMAIL PROTECTED]> wrote:
You don't need any third-party API's to talk to paypal. Since the
paypal site accepts standard GET and POST CGI data, sending a
transaction to Paypal can be done by setting up a LoadVars object,
setting the parameters to your shopping cart in the object, then
sending that LoadVars object to PayPal's little processor at
https://www.paypal.com/cgi-bin/webscr
(note that there's apparently a long-standing bug in Flash's
POST-handler, so I just use GET. It makes for ugly URL's, but it
works)
As for doing back-end processing from Paypal (i.e. being notified
that somebody bought something and you need to act on that
purchase), google for "IPN", which is Paypal's spec for creating
and acting on transactions. Paypal's got good sample code in
several server-side languages along with developer forums and a
sandbox (i.e. a "fake paypal" where you can test your code without
spending real money).
The process basically goes like this. . .
1. You send your shopping cart data to paypal (either from Flash or
some other browser-based shopping-cart solution)
2. The user is sent to paypal where he pays for the transaction.
3. Paypal contacts some server-side code telling you that somebody
bought something.
4. You verify the transaction with paypal (to make sure you're not
being spoofed)
5. If verified, do whatever's necessary to complete the
transaction, like email the user a download link.
Here's my little shopping-cart. Note that it also talks to Google
Checkout, which has a few more steps but is otherwise similar.
http://www.thecodezone.com/buy.html
----- Original Message ----
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: flashcoders@chattyfig.figleaf.com
Sent: Monday, April 23, 2007 11:23:40 AM
Subject: [Flashcoders] flash and paypal
i'm going to be producing a site which sells some exclusive, single
and multiple (ie shopping cart) products which i'd like to do in flash.
the client wants to use paypal to begin with (it's a startup).
Does anyone have any experience with using flash with paypal? Can you
recommend any good tutorial sites or 3rd party api's?
Hope you guys can help
thanks
a
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
--
Jordan Snyder
Applications Developer
Image Action LLC
http://www.imageaction.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com