var create_payment_json = {
intent: "sale",
payer: {
payment_method: "paypal"
},
redirect_urls: {
return_url: "http://0c95effc2751.ngrok.io/success",
cancel_url: "http://0c95effc2751.ngrok.io/cancel"
},...}
paypal.payment.create(create_payment_json, function (error, payment) {
if (error) {
console.log(error)
throw error;
} else {
for(let i = 0;i < payment.links.length;i++){
if(payment.links[i].rel === 'approval_url'){
console.log(payment.links[i].href)
res.redirect(payment.links[i].href);
}
}
}
});
In my backend Node.js code, I use middleware to require authentication so all routes are accessible with authorization header. After payment approval on a PayPal page, the redirection back to the success route happens without this authorization header, so the success route is unfortunately inaccessible. How can this be resolved?
Advertisement
Answer
The best solution is to not use any redirects. At all.
Instead, make two routes on your server, one for ‘Create Order’ and one for ‘Capture Order’, documented here. These routes should return only JSON data (no HTML or text). The latter one should (on success) store the payment details in your database before it does the return (particularly purchase_units[0].payments.captures[0].id, the PayPal transaction ID)
Pair those two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server