Validating user's API credentials - Rails, ActiveMerchant, and PayPal Express Gateway
-
21-08-2019 - |
Question
I'm building a marketplace application that uses PayPal Express. I've got a form for sellers to input their PayPal API credentials, but I need a way to validate them by making some sort of call to PayPal.
I'm using the PaypalExpressGateway in ActiveMerchant, and I don't see anything other than the standard purchase controls. Is there any sort of null-operation that can be used?
Any help would be greatly appreciated!
Solution
For security reasons there isn't a way to check if the email is a valid paypal account. You can always make a small transaction and then void it if account validity is really required.
OTHER TIPS
I am using the TransactionSearch operation for this purpose. By specifying STARTDATE=2100-01-01 00:00:00
it basically results in a no-op.
It will validate the credentials for you, without requiring any additional input from the seller.
I don't have the answer personally. But I know Ryan Bates of Railscasts.com has recently devoted six (!) episodes to ActiveMerchant and Paypal in particular. Check out episodes #141 through #146 at railscasts.com.
Ok, after 4 hours...
module ActiveMerchant #:nodoc: module Billing #:nodoc: class PaypalExpressGateway < Gateway def get_balance(options = {}) commit 'GetBalance', build_get_balance_request(options) end private def build_get_balance_request(options) xml = Builder::XmlMarkup.new :indent => 2 xml.tag! 'GetBalanceReq', 'xmlns' => PAYPAL_NAMESPACE do xml.tag! 'GetBalanceRequest', 'xmlns:n2' => EBAY_NAMESPACE do xml.tag! 'n2:Version', API_VERSION xml.tag! 'n2:ReturnAllCurrencies', '1' end end xml.target! end end end end class SellerMerchantValidator < ActiveModel::Validator def validate(record) paypal_attrs = ['paypal_api_username', 'paypal_api_password', 'paypal_api_signature'] if record.paypal_merchant? && (record.changed - paypal_attrs).size < record.changed.size # one of paypal_attrs changed response = record.gateway.get_balance unless response.params['balance'].present? record.errors[:base] << "Please check the PayPal details and make sure all three are entered correctly." end end end end
Thanks to Neils for the idea to check the TransactionSearch.
Please let me know if there is a better way to check if any of the api field changed.
There is also a call for GetBalance in the API. Some sample code
Looks like the simplest (and quickest?) way.
PayPal does have an AddressVerify
API. It confirms whether a postal address and postal code match those of the specified PayPal account holder. I'm in the process of implementing it on our website right now, in fact.
You can read more about it here:
https://www.x.com/docs/DOC-1162#id0862M0QH02L
Right, so if you want to test a user's credentials using ActiveMerchant, use the transaction_search method on the gateway
This example will return a success (make sure to fill in your test credentials)
@username = ''
@password = ''
@signature = ''
gateway = ActiveMerchant::Billing::PaypalExpressGateway.new(
login: @username,
password: @password,
signature: @signature,
test: true
)
gateway.transaction_search({start_date: DateTime.now})