Seeking Xojo solution for using in-app Paypal Payment

I like to add in-app payment via Paypal to my (desktop) apps.

I guess the easiest solution would be to use the Web Checkout REST API.

Has someone written a Xojo wrapper for this task already (and is willing to share it, of course)?


I have the my desktop app display a list of products (from a MySQL database, so I can edit the details). They can only highlight one product at a time. When they highlight a product a ‘Buy’ button becomes enabled. If they click this Buy button it looks up the MySQL database for the PayPal URL to display. It loads this URL into an HTMLViewer on the same page. This HTMLView displays the normal PayPal purchase window. They enter their details as per normal.
I have set up PayPal to jump to a special web page when (and only when) the purchase is complete. The HTMLViewer has an event to check whether that URL is loaded. If it is, I mark in the database that the purchase is complete.

Sorry it is not a REST API solution, but it was super easy to set up and requires no special server app to be running.

Hi David, this would be my last resort as it relies on side effects and the communication might get lost in the middle, and then I would not be able to unlock the user’s license automatically.

Can you confirm that this works on all desktop plaforms, at least Mac and Win? I recall that older Windows versions use the old IR engine. Can you intercept the redirection URL there, too?

Also, which Paypal technique are you using where you can specify the “success” URL? There are so many now.

I realize now that the REST API is a huge beast. I am only interested in handling Webhooks. And that requires setting up SSL on a server and have a cgi or other kind of server app listen for calls from Paypal, then process the received json data. I am currently trying to do that with Apache2 and PHP, but it’s not easy for me with near-zero PHP experience. Wanted to tey it with python but cannot find examples for setting up a ssl capable server with a oxthon handler, yet. Nothing involves Xojo, though.

[quote=352106:@Thomas Tempelmann]Can you confirm that this works on all desktop plaforms, at least Mac and Win? I recall that older Windows versions use the old IR engine. Can you intercept the redirection URL there, too?
Yes it works cross platform for macOS/Win/Linux.
In Xojo I use the HTMLViewer.DocumentComplete parameter String called ‘URL’ to check if it is on the URL PayPal has sent it to:

I can confirm that this technique does work and as David says is very simple to implement.

Alright. I’m almost convinced.

My main concern is that this procedure allows a hacker to generate his own licenses. With the proper method thru Paypal, Paypal would talk directly to my server, and my server, as long as that’s not getting hacked, can then create the license and give that to the app. OTOH, with the simple approach proposed here, a cracker can look at my app’s code to figure out how to unlock it.

And I plan to use this in-app purchase with my next app, which is targeting forensics experts, who are good at hacking by profession :slight_smile:

The embedded payment window is viable but as a user I tend to hate it. I have no idea if your application is capturing my payment details and sending it somewhere. The beauty of web hooks is you can open the users preferred browser, let them conduct the transaction, get notified in the background, and send them the appropriate licensing information.

Phillip, good point, and I already am considering this - one more reason why I want to use Webhooks:

With the webhooks solution, I can simply open the user’s std browser thru ShowURL, and then simply keep polling my server for confirmation that it has received the callback from Paypal. Like you said (I should really read your comment to the end before I start commenting on the first line :slight_smile:

So, have you implemented a web hook on your server successfully? How did you do it, which language, etc? I’d need a solution that would then record the successful payment in a simple database and then also provide a URL that my app would poll to get the payment result. Have you done this all?

What is your timeline for this? I have about half of PayPal and Stripe built for a new ecommerce kit I plan to market to the Xojo community.

Web hooks are not difficult. The most challenging aspect is bootstrapping it. I.E. you have to get a server running and accepting web hooks so you can do the preliminary work of accepting the web hooks and reacting to them accordingly. It is a bit of a nuisance to get started.

Right. I managed to get the basic server with SSL working thru apache. I can trigger a web hook call from the paypal dev site and see in the apache log that it came thru.

It’s a server that serves multiple domains, each with SSL, so I cannot simply run a dedicated app on port 443. It has to be routed thru apache in my case. Probably meaning the web hook has to run either as a cgi or be called in some other way by apache, such as PHP (which I already have working as well).

Now I am struggling to write PHP code that would process the json and then write the information to a DB, and also provide a php page that my app can poll. I’d spend probably a day or more to get these simple things working, as I have little experience in this area (other than the experience that it always takes me extra long to get small things done in php :wink:

Oh, and I want to get this working over the weekend.

PHP has built in functionality for parsing JSON. If you get really stuck with the PHP send me an email and I can try to help. I don’t have a whole lot of time this weekend, but I’m glad to help where I can.

Thanks for the offer, Tim. I had to purchase a new x-plat desktop license for 2017r2 and so I decided to go Pro again and am now playing it doing this all in Xojo Web. I already got the cgi part working, with SSL, so I now have to decide if I want to do the extra authentication that Paypal wants me to do ith the payload they send me to make sure the messages really comes from Paypal. After all, who wants to make the effort hacking my protocol just to save $20 on a license…

Well… I’m now at the point where I can process https POST URLs sent from anywhere to my server. So far, so good.

Now I like to use the Webhooks I’ve configured in the Paypal Dashboard. I thought I could simply use ShowURL to open the Paypal website, providing a price and some key to my account along with it, and then the Paypal site would present the user with a checkout page, and once he has made the payment, I’d get my configured webhooks called.

But I can’t figure that part out - where are the docs that tell me how that URL looks like, i.e. what parameters I have to pass?

Or is this not possible?

I believe what you need is express checkout.

If you don’t need variable prices, the simplest remains Paypal buttons, which generate “mail code” that you can use easily anywhere.

Michel, I am using Paypal buttons now, and they suck, because I need to process the emails, which come in various (and rather bad) formats that are difficult to parse. And they do not provide the instant payment recognition in my apps that I try to achieve.

After more digging I come to the conclusion that Webhooks are simply the wrong mechanism here. I need to go with IPNs. But instead of doing what David and Wayne do, I will have the IPN point to my server, which updates a database, and which my app then will query. That’s more foolproof and allows the technique where the user performs the checkout via a trusted browser, like Philipp suggested.

Huh - what @David Cox shows in the image is not even IPN related, is it? I cannot find anything on this huge Paypal Website. Where does one enter these URLs? Oh, is that what the Paypal Buttons do? Jeez, I only used those URLs to link to a “thank you, please check your email” page before. That one is not fool-proof, right? If the user pays but then closes the browser window too quickly, will the redirection still take place, i.e. would my server get notified?

The Express Checkout Michel mentions does not appear to let me send the user to the Paypal website for the complete processing, or does it? I can’t find this explained. I feel so overwhelmed with this whole process when all I need is a simple callback to my server when someone send me money via Paypal. Why can’t I find a simple use-case documented for this? I can’t be the first who needs this.

Oh my… Part of the problem is that I was still on a personal account, and IPN requires a business account, it appears. Webhooks didn’t. Damn.

Ahhhh - finally: Having converted to a business account, I could set up a IPN URL in my settings, and now am receiving a notification whenever I receive money (even thru Paypal Buttons). Now I have to write the code that responds to Paypal so that it knows I’ve received the notification properly, which appears to be doc’d here:

Indeed. I have hundreds of web buttons and a Xojo based IPN listener, implemented in HandleSpecialURL. It’s been working perfectly for a couple years now.

The most up to date example code for php which I used to understand the process is using curl. But you can also receive the post with the handleURL, and post back with since it supports HTTP 1.1. This is what I did originally.

Implementing the Paypal SDK to use on your website allows you to email yourself the JSON output. I do that.
So my app here can parse that easily.

But for all sales I would highly recommend to not mess up with the tax department and use a service like FastSpring or Share-It.

If you need a PHP script that fully handles PayPal sales, refunds, e-checks, … let me know.