Taking online payments, address validation?

icicic
Contributor
Contributor
Posted on
‎Jan-05-2023 02:25 PM

I have the following, pretty standard, flow from product selection through to payment:
1. Customer adds a product to cart
2. Customer views cart
3. Customer selects ‘Checkout’
4. Customer enters shipping address
5. Shipping fee is calculated
6. Customer views full costs selects ‘pay now’
7. Cart item, and shipping details are sent to PayPal
8. Customer logs into Paypal, views purchase details and authorises payment
9. Customer returns to site

 

I’m wondering what security issues I should be considering, the payment is PayPal’s responsibility, and I’m not storing any customer details apart from sale tokens/details, but:
Is there anything should I be double checking?
What if a customer enters a shipping address that is different to the one they have stored at Paypal, are there any issues regarding Paypal seller guarentees, should I only send to the Paypal stored address?

Login to Me Too
Login to Reply or Kudo
6 REPLIES 6

MTS_Jennifer
Moderator
Moderator
‎Jan-08-2023 12:53 PM

Hello @icicic,

Thank you for posting to the PayPal Community.

You can use the shipping_preferences setting to assist you with passing the shipping address from your shopping cart into the PayPal transaction, and not allowing the shipping address to be changed.

Here are the possible values:

https://developer.paypal.com/docs/api/orders/v2/#orders_create

shipping_preference

enum

The location from which the shipping address is derived.

The possible values are:

  • GET_FROM_FILE. Get the customer-provided shipping address on the PayPal site.
  • NO_SHIPPING. Redacts the shipping address from the PayPal site. Recommended for digital goods.
  • SET_PROVIDED_ADDRESS. Get the merchant-provided address. The customer cannot change this address on the PayPal site. If merchant does not pass an address, customer can choose the address on PayPal pages.

If you use use SET_PROVIDED_ADDRESS and pass in the shipping address in the payment request the buyer cannot change the address when they are in their PayPal Account

 

Thank you,

Jennifer

MTS

PayPal

Login to Me Too
Login to Reply or Kudo

icicic
Contributor
Contributor
‎Jan-10-2023 12:34 AM

Thank you @MTS_Jennifer 

 

has the create order request changed recently? I've been using application_context rather than experience_context

Login to Me Too
Login to Reply or Kudo

MTS_Jennifer
Moderator
Moderator
‎Jan-12-2023 01:37 PM

Hi @icicic ,

Good catch! According to the documentation it looks like the fields in application_context are now available in experience_context, according to the documentation.

https://developer.paypal.com/docs/api/orders/v2/#definition-application_context

 

  • experience_context

    object

    Customizes the payer experience during the approval process for the payment.

I did test in sandbox if you change application_context to experience_context, although you will not receive an error message when creating the order, any details you normally have in application_context are completely ignored. This causes the buyer to be unable to complete the payment, since the return url is being ignored. As far as I can see experience_context has to do with experience profiles. If you are not using experience profiles, do not use the experience_context.

 

Thank you,

Jennifer

MTS

PayPal

 

Login to Me Too
Login to Reply or Kudo

icicic
Contributor
Contributor
‎Jan-15-2023 08:07 AM

Hi MTS_Jennifer,

 

but application_context has been deprecated, so what should I use?

Login to Me Too
Login to Reply or Kudo

icicic
Contributor
Contributor
‎Jan-15-2023 02:49 PM

In fact the sample request in the API documentation seems to have changed and displays an example that uses experience context, can application context still be used!?

 

 

curl -v -X POST https://api-m.sandbox.paypal.com/v2/checkout/orders \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <Access-Token>" \
-H "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a" \
-d '{
  "intent": "CAPTURE",
  "purchase_units": [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount": {
        "currency_code": "USD",
        "value": "100.00"
      }
    }
  ],
  "payment_source": {
    "paypal": {
      "experience_context": {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}'

 

Login to Me Too
Login to Reply or Kudo

JackieDaytona
Contributor
Contributor
‎Jan-15-2023 06:33 AM
Here is a great way to capture all data: var buyerInfo = [details.purchase_units[0].shipping.name.full_name, details.purchase_units[0].shipping.address.address_line_1, details.purchase_units[0].shipping.address.admin_area_2, details.purchase_units[0].shipping.address.admin_area_1, details.purchase_units[0].shipping.address.postal_code, details.id]; Hope this help you JD
Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.