Forum Discussion

HadassaPam1's avatar
HadassaPam1
Qrew Member
2 years ago

online payment option

Can someone walk me through how to set up an online payment option.  My preference is to use paypal.  I have a form the user fills out.  It totals various child records they add as they fill in the...
ChayceDuncan's avatar
ChayceDuncan
Qrew Captain

Do you need some kind of formal invoice to go along with it or just payment? The paypal API uses Oauth2.0 which based on other posts and other experience with Pipelines - you won't be able to successfully authenticate because Pipelines can't respond to the redirect URL that is required for Oauth authentication. I looked at Venmo - but the same issue will persist. 

I would suggest looking into a platform like a Quickbooks or another invoicing type processor. In that sense - you can integrate Quickbase to send the information from your form as an Invoice - and then those platforms typically have their own payment processors that could process the payment and you could sync back to Quickbase. 



------------------------------
Chayce Duncan
------------------------------
JamesCalloway's avatar
JamesCalloway
Qrew Trainee
2 years ago

OAuth isn't always a problem in Pipelines. We're currently connecting via OAuth to an external service, and also did so with a previous external service. The implementations of OAuth differed between the two exernal services, so "results may vary".

In our current usage, the redirect URL was necessary only for the initial set up and whenever we changed authorizations, which for us hasn't happened often, so we did that manually to harvest the initial token and refresh token. From there, it was easy to automate it in Pipelines going forward. The previous external service did not require the redirect URL at all.



------------------------------
James Calloway
------------------------------
  • HadassaPam1's avatar
    HadassaPam1
    Qrew Member
    2 years ago

    James,

    Are you connecting to Paypal?  I am really not familiar at all with how to set up webhooks.  Can you walk me through the steps?



    ------------------------------
    Hadassa Pam
    ------------------------------
    • JamesCalloway's avatar
      JamesCalloway
      Qrew Trainee
      2 years ago

      No, we're connecting to HubSpot. PayPal security may reasonably be stricter than HubSpot, so I can only walk through how we handled it.

      First of all, even though we use Webhooks with HubSpot, we don't actually use the Webhooks Channel. We found we can do what we needed with the JSON Channel. 

      For us, the outgoing connections from Quickbase to HubSpot are where we use OAuth. The first step was to set up the initial authorization. For HubSpot, that involved "creating an app", which meant registering Quickbase as our "app" and identifying which parts of the HubSpot API we wanted to grant Quickbase access to. This generated an authorization URL for that app, along with a Client ID and Client Secret, which we used to get an Access Token and a Refresh Token by logging as a HubSpot user having all the access we were authorizing for the "app" and manually loading the authorization URL in the same browser. This was the part that involved the OAuth redirect. The authorization URL went to a page that asked us to select the appropriate account and returned us to the redirect URL with the two tokens added to the redirect URL as query strings. We manually copied them both for use in our Pipelines. 

      In our case with HubSpot, the Access Tokens only last for 30 minutes, so each outgoing pipeline refreshes the token by making a Fetch JSON step to POST the Client ID, Client Secret and Refresh Token to HubSpot, which responds with a new Access Token, which can be parsed out with an Iterate Over JSON Records step. After refreshing the Access Token, we use additional Fetch JSON steps to connect to the various endpoints documented for the API.

      For incoming updates, we set up an Incoming JSON Pipeline. That generated an endpoint URL that the other side uses for sending Webhooks event notifications.This may be where you run into trouble with PayPal, because the only security modes that the Incoming JSON step supports are JWT, which we have yet to find any other system that uses, and the old HTTP Basic. (The Incoming Request step in the Webhooks Channel, by the way, supports only JWT.) The only other option is no security,  so if PayPal even permits sending Webhooks notifications without security, you'll have to assess the risk level to your Quickbase application.

      Assuming you can use the Incoming JSON step, the next step in the Pipeline is to Iterate Over JSON Records to interpret the notification. We couldn't find any documentation in HubSpot for the format of the notifications, so we had to trigger events and intercept the notifications to figure out a JSON schema sample that would parse them. From there, we use whatever steps are applicable to create, update or, if you permit deletions, delete records.

      I hope this helps, and in any case, good luck with your project.



      ------------------------------
      James Calloway
      ------------------------------
      • ChayceDuncan's avatar
        ChayceDuncan
        Qrew Captain
        2 years ago

        Hadassa - 

        To add some additional comments to what James provided above - you will need to become more familiar with the Paypal API, and I'd suggest mapping out the exact process in pseudo-code and the exact API calls you'll need before you start trying anything with the actual webhook. The Pipelines process and setting up your webhook isn't the challenge - it will be the authorization and then getting your process setup that you can successfully use that token to make the proper API calls to Paypal and then monitor. 

        Oauth is tricky with Pipelines because it won't automatically refresh and store your access token. James' example works because they can manually reset and store the token themselves. I skimmed the Paypal docs again and the only mention I see is related to a timeout for the token which is represented by the 'expires_in' value. You need to focus on a way to refresh and store that token first and foremost otherwise no matter what your webhook setup looks like you won't have successful authorization in order to make that calls in a way that isn't a constant battle for you or your admins. 

        The actual webhook setup you'll end up needing will be unique to the process you want to setup. If you're trying for a single charge - then you'll need to identify what part of the Paypal API has the right request type for your need. Then your webhook in Pipelines would just mimic whatever the documentation dictates which includes the request type (GET or POST) and then how request body should be structured. 

        Ultimately I might recommend reaching out to a Quickbase Partner or external consultant who have an integration team that can help you map out the exact process in more detail. Their support can likely help you work through getting the authorization sorted out as well as identify the exact process/calls in Paypal that you'll need. 



        ------------------------------
        Chayce Duncan
        ------------------------------