Why is DoExpressCheckoutPayment required for Paypal?
I am trying to build a very simple paypal-backed shopping cart so users can purchase multiple items. I want paypal to handle all the payment details. I don't even want an order confirmation. I will manually check for order confirmation on paypal.
At first I wanted to use "Website Payments Standard" because it seemed easy to create a form that will post to paypal and let paypal handle it from there. But no, this did not work because the "Website Payments Standard" buttons/form do not support submitting multiple items. I tried all sorts of key/value in my form, and it never worked.
Then I tried Express Checkout using the instructions found here. It largely worked, but as I understand it, after sending a SetExpressCheckout, you have to listen for a request from paypal and do a DoExpressCheckoutPayment to complete the transaction. SO reference.
I find this a bit troublesome, because what if my server fails to receive the request from paypal and I never send a DoExpressCheckoutPayment? So a customer THINKS they have finished submitting an order, but the order was never received.
Does anyone know of a way to skip this "confirmation" step? I find it unnecessary, and not sure why paypal requires it.
Answer
That's because Express Checkout and Website Payments Standard are fundamentally different products.
To use Express Checkout, you would call the SetExpressCheckout API. In the API call, you specify the details of the products, amounts, and the RETURNURL.
Once you post this data to PayPal's API endpoint, you receive a token in return.
You would then redirect the buyer, and append the token to the following URL: https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-XXXXXXX
Once the buyer has agreed to your purchase, he is redirected back to the URL you specified in the RETURNURL.
You should now show the order confirmation, and call the GetExpressCheckoutDetails API**.
When calling GetExpressCheckoutDetails, supply the token. In the GetExpressCheckoutDetails API response you'll find a PayerID.
Now you're ready to call DoExpressCheckoutPayment, and charge the buyer. Remember to include both the token and the payerID when calling DoExpressCheckoutPayment.
Note: If you want to charge the buyer immediately by calling GetExpressCheckoutDetails and DoExpressCheckoutPayment immediately, redirect the buyer to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-XXXXXXX&useraction=commit.
The useraction=commit will change the "Continue" button on the PayPal 'Review your payment' page to a "Pay now" button.
--
The reason there's such a significant difference between Express Checkout and Website Payments Standard, is that Website Payments Standard is intended to be a drop-in working solution where PayPal handles the whole transaction flow. Express Checkout is a more flexible solution which allows you to integrate it deeply with an existing checkout flow of a website / shopping cart.
For your use case; lookat using PayPal 'cart upload' buttons. See for an example https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_cart_upload
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="item_name_1" value="Item Name 1">
<input type="hidden" name="amount_1" value="1.00">
<input type="hidden" name="item_name_2" value="Item Name 2">
<input type="hidden" name="amount_2" value="2.00">
<input type="submit" value="PayPal">
</form>
Note however, that this is insecure by default, as the amounts you're going to charge will be plainly visible in the HTML.
** The PayerID is appended in the GET of your RETURNURL as well. So you could skip calling GetExpressCheckoutDetails if you wanted to.