Forum Discussion

Re: online payment option

Do you need some kind of formal invoice to go along with it or just payment? The paypal API uses Oauth2.0 which based on other posts and other experience with Pipelines - you won't be able to successfully authenticate because Pipelines can't respond to the redirect URL that is required for Oauth authentication. I looked at Venmo - but the same issue will persist. 

I would suggest looking into a platform like a Quickbooks or another invoicing type processor. In that sense - you can integrate Quickbase to send the information from your form as an Invoice - and then those platforms typically have their own payment processors that could process the payment and you could sync back to Quickbase. 



------------------------------
Chayce Duncan
------------------------------

7 Replies

  • HadassaPam1's avatar
    HadassaPam1
    Qrew Member

    Just payment is fine...a formal invoice is not needed.  I just need to be able to pass off to paypal the amount they owe.



    ------------------------------
    Hadassa Pam
    ------------------------------
    • ChayceDuncan's avatar
      ChayceDuncan
      Qrew Captain

      You'll need to at least handle the integration piece outside of Quickbase then in terms of actually interacting with Paypal. Pipelines can't handle Oauth authentication, so if you go that route you'd need to setup your own custom integration outside of Quickbase entirely to actually handle the Paypal transaction. Keep in mind that many applications such as Paypal given the nature of their platform will require you to register your application/integration for Production use

      The only things Pipelines could do is actually send out the request to your server with the necessary information for your script to process. Pipelines might also be able to be the listener for webhooks coming from Paypal so you could process the payment recording. 



      ------------------------------
      Chayce Duncan
      ------------------------------
      • ChayceDuncan's avatar
        ChayceDuncan
        Qrew Captain

        It does look like Stripe has an API Key based authentication system which can be handled through Pipelines. 

        https://stripe.com/docs/api/authentication

        Without going through their entire API document I'm not 100% sure which endpoints you would need and so you'd need to map it out in more detail. I quick scan looks like the PaymentsIntent is what you'd want to focus on for a single payment transaction. Pipelines would be able to make the request to their API and log the information accordingly so you could write back to QB once it has been paid. 



        ------------------------------
        Chayce Duncan
        ------------------------------
  • JamesCalloway's avatar
    JamesCalloway
    Qrew Trainee

    OAuth isn't always a problem in Pipelines. We're currently connecting via OAuth to an external service, and also did so with a previous external service. The implementations of OAuth differed between the two exernal services, so "results may vary".

    In our current usage, the redirect URL was necessary only for the initial set up and whenever we changed authorizations, which for us hasn't happened often, so we did that manually to harvest the initial token and refresh token. From there, it was easy to automate it in Pipelines going forward. The previous external service did not require the redirect URL at all.



    ------------------------------
    James Calloway
    ------------------------------
    • HadassaPam1's avatar
      HadassaPam1
      Qrew Member

      James,

      Are you connecting to Paypal?  I am really not familiar at all with how to set up webhooks.  Can you walk me through the steps?



      ------------------------------
      Hadassa Pam
      ------------------------------
      • JamesCalloway's avatar
        JamesCalloway
        Qrew Trainee

        No, we're connecting to HubSpot. PayPal security may reasonably be stricter than HubSpot, so I can only walk through how we handled it.

        First of all, even though we use Webhooks with HubSpot, we don't actually use the Webhooks Channel. We found we can do what we needed with the JSON Channel. 

        For us, the outgoing connections from Quickbase to HubSpot are where we use OAuth. The first step was to set up the initial authorization. For HubSpot, that involved "creating an app", which meant registering Quickbase as our "app" and identifying which parts of the HubSpot API we wanted to grant Quickbase access to. This generated an authorization URL for that app, along with a Client ID and Client Secret, which we used to get an Access Token and a Refresh Token by logging as a HubSpot user having all the access we were authorizing for the "app" and manually loading the authorization URL in the same browser. This was the part that involved the OAuth redirect. The authorization URL went to a page that asked us to select the appropriate account and returned us to the redirect URL with the two tokens added to the redirect URL as query strings. We manually copied them both for use in our Pipelines. 

        In our case with HubSpot, the Access Tokens only last for 30 minutes, so each outgoing pipeline refreshes the token by making a Fetch JSON step to POST the Client ID, Client Secret and Refresh Token to HubSpot, which responds with a new Access Token, which can be parsed out with an Iterate Over JSON Records step. After refreshing the Access Token, we use additional Fetch JSON steps to connect to the various endpoints documented for the API.

        For incoming updates, we set up an Incoming JSON Pipeline. That generated an endpoint URL that the other side uses for sending Webhooks event notifications.This may be where you run into trouble with PayPal, because the only security modes that the Incoming JSON step supports are JWT, which we have yet to find any other system that uses, and the old HTTP Basic. (The Incoming Request step in the Webhooks Channel, by the way, supports only JWT.) The only other option is no security,  so if PayPal even permits sending Webhooks notifications without security, you'll have to assess the risk level to your Quickbase application.

        Assuming you can use the Incoming JSON step, the next step in the Pipeline is to Iterate Over JSON Records to interpret the notification. We couldn't find any documentation in HubSpot for the format of the notifications, so we had to trigger events and intercept the notifications to figure out a JSON schema sample that would parse them. From there, we use whatever steps are applicable to create, update or, if you permit deletions, delete records.

        I hope this helps, and in any case, good luck with your project.



        ------------------------------
        James Calloway
        ------------------------------