The paypal rest api involves receiving credit cards on the server which means they are potentially in logs etc (that with App Engine you don't control). This complicates PCI compliance:
*Q: To whom does PCI apply?* *A: *PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts,* transmits* or stores *any cardholder data*. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. *Q: What is defined as ‘cardholder data’?* *A: *Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data. http://www.pcicomplianceguide.org/pcifaqs.php#2 If someone does achieve PCI compliance with the PayPal rest api and App Engine please document the process so others can benefit from your experience. I personally believe you're better off redirecting to PayPal and back than using PayPal rest. Enough said on my part... good luck On Monday, January 6, 2014 3:47:02 PM UTC-5, aschmid wrote: > > paypal has a rest api and you don’t need to redirect the customers to > paypal. but paypal is a pain to deal with in any case… and customer service > is very bad. > i believe you need to be PCI compliant only if you store the credit card > data, not if you just process the api call on server side. > > another great service is www.braintreepayments.com which works all over > the world. > > On Jan 6, 2014, at 3:26 PM, Kaan Soral <kaan...@gmail.com <javascript:>> > wrote: > > I was set on Braintree last time I assessed the market, currently deciding > on how to incorporate locally, Braintree seems to have the widest coverage > for a simplistic/elegant solution similar to Stripe > > I think Paypal is a major turn off from many aspects, I would use a layer > similar to Paymentwall to handle all-else payments other than credit cards > > Spreedly is also extremely promising, it's not a payment gateway but > rather a PCI workaround that enables one to switch from one provider to > another or use multiple providers etc > > (Paypal/Braintree acquisition was alarming, I hope they don't mess > braintree too :) > > A beautiful reference for anyone who are interested: > https://spreedly.com/gateways > > On Monday, January 6, 2014 10:16:56 PM UTC+2, Doug Anderson wrote: >> >> Stripe is working hard to expand their international support (add Canada >> to your list along with 8 other countries currently in beta). But I would >> agree that PayPal has the best international/currency support. With PayPal >> I can be located in the U.S. and accept payments in a variety of currencies >> (as long as I enable my account to allow it). But to my knowledge with >> PayPal you either have to transfer customers to the PayPal site for a >> portion of the processing OR deal with credit card numbers hitting your >> server and thus having to deal with PCI compliance. I don't even know if >> PCI compliance is possible with App Engine so that may just leave option #1 >> (transfering customers to PayPal for a portion of the processing... a >> perfectly viable option... just less than ideal imo) >> >> On Monday, January 6, 2014 2:41:42 PM UTC-5, Kaan Soral wrote: >>> >>> If you are inside US you probably didn't notice this, which is good for >>> you, however there is a HUGE barrier around payment services >>> >>> It's extremely hard to accept payments, you have to be a company at >>> least and procedures after that are blurry >>> >>> For example you can only use stripe from US/UK/Ireland - as far as I >>> remember >>> >>> On Saturday, January 4, 2014 9:51:13 PM UTC+2, Doug Anderson wrote: >>>> >>>> My advice would be to use Stripe.com for processing payments. You'll >>>> be amazed at how easy it is to get started AND customers don't have to >>>> leave your site! >>>> (I'm not associated with Stripe in any way... just using it with App >>>> Engine and can attest to its ease of use) >>>> >>>> I may re-add PayPal at some point (in addition to Stripe) but it's a >>>> pita to deal with the user leaving your site, processing the ipn >>>> notifications, and then HOPING the user hits the button to return to your >>>> site when he's finished on PayPal. With PayPal there's no guarantee the >>>> user will return to your site (although it's fairly likely). I've also >>>> noticed that the initial redirect to PayPal can take a while (for the page >>>> to load). Just my experience... I'm sure there are others that really >>>> like >>>> it. >>>> >>>> >>>> On Thursday, January 2, 2014 4:52:23 PM UTC-5, Robert Avram wrote: >>>>> >>>>> I'm trying to figure out how to process payments using paypal python >>>>> sdk and google app engine. >>>>> the following code seems to work, but I can't figure out, based on the >>>>> SDK, how to handle the exceptions (wrong credit card number etc). >>>>> I would like the customer to be able to see the error. I would >>>>> appreciate any input! thanks!!! >>>>> >>>>> >>>>> class Buy(generichandler.MainHandler): >>>>> >>>>> def get(self): >>>>> >>>>> api = paypalrestsdk.set_config( >>>>> >>>>> mode="sandbox", >>>>> >>>>> client_id="myclientid", >>>>> >>>>> client_secret="secret") >>>>> >>>>> api.get_token() >>>>> >>>>> paymentDic = {"intent": "sale", >>>>> >>>>> "payer": { >>>>> >>>>> "payment_method": "credit_card", >>>>> >>>>> "funding_instruments": [{ >>>>> >>>>> "credit_card": >>>>> { >>>>> >>>>> >>>>> "type": "visa", >>>>> >>>>> >>>>> "number": "4417119669820331", >>>>> >>>>> >>>>> "expire_month": "11", >>>>> >>>>> >>>>> "expire_year": "2018", >>>>> >>>>> >>>>> "cvv2": "874", >>>>> >>>>> >>>>> "first_name": "Joe", >>>>> >>>>> >>>>> "last_name": "Shopper", >>>>> >>>>> >>>>> "billing_address": { >>>>> >>>>> >>>>> "line1": "52 N Main ST", >>>>> >>>>> >>>>> "city": "Johnstown", >>>>> >>>>> >>>>> "state": "OH", >>>>> >>>>> >>>>> "postal_code": "43210", >>>>> >>>>> >>>>> "country_code": "US" }}}]}, >>>>> >>>>> "transactions": [{ >>>>> >>>>> "amount": { >>>>> >>>>> "total": "1.47", >>>>> >>>>> "currency": "USD", >>>>> >>>>> "details":{ >>>>> >>>>> "subtotal": >>>>> "1.41", >>>>> >>>>> "tax": >>>>> "0.03", >>>>> >>>>> "shipping": >>>>> "0.03"}}, >>>>> >>>>> "description": "This is the >>>>> payment transaction description." }]} >>>>> >>>>> payment = paypalrestsdk.Payment(paymentDic) >>>>> >>>>> payment.create() >>>>> Enter code here... >>>>> >>>>> >>>>> > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-appengi...@googlegroups.com <javascript:>. > To post to this group, send email to google-a...@googlegroups.com<javascript:> > . > Visit this group at http://groups.google.com/group/google-appengine. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
