While we make websites were we need to upload images such as in event organizing server, the image for the event needs to be shown in various different sizes in different pages. But an image with high resolution might be an overkill for using at a place where we just need it to be shown as a thumbnail. So what most CMS websites do is re-size the image uploaded and store a smaller image as thumbnail. So how do we do that? Let’s find out.
{ Repost from my personal blog @ https://blog.codezero.xyz/accepting-stripe-payments-on-behalf-of-a-third-party }
In Open Event, we allow the organizer of each event to link their Stripe account, so that all ticket payments go directly into their account. To make it simpler for the organizer to setup the link, we have a Connect with stripe button on the event creation form.
Clicking on the button, the organizer is greeted with a signup flow similar to Login with Facebook or any other social login. Through this process, we’re able to securely and easily obtain the credentials required to accept payments on behalf of the organizer.
For this very purpose, stripe provides us with an OAuth interface called as Stripe Connect. Stripe Connect allows us to connect and interact with other stripe accounts through an API.
We’ll be using Python’s requests library for making all the HTTP Requests to the API.
You will be needing a stripe account for this.
The OAuth flow is similar to most platforms.
access_token, refresh_token and other credentials.https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_8x1ebxrl8eOwOSqRTVLUJkWtcfP92YJE&scope=read_write&redirect_uri=http://localhost/stripe/callback
The authorization url accepts the following parameters.
client_id – The client ID acquired when registering your platform.required.response_type – Response type. The value is always code. required.redirect_uri – The URL to redirect the customer to after authorization.scope – Can be read_write or read_only. The default is read_only. For analytics purposes, read_only is appropriate; To perform charges on behalf of the connected user, We will need to request read_write scope instead.The user will be taken to stripe authorization page, where the user can login to an existing account or create a new account without breaking the flow. Once the user has authorized the application, he/she is taken back to the Callback URL with the result.
The user is redirected back to the callback URL.
If the authorization failed, the callback URL has a query string parameter error with the error name and a parameter error_description with the description of the error.
If the authorization was a success, the callback URL has the authorization code in the code query string parameter.
import requests data = { 'client_secret': 'CLIENT_SECRET', 'code': 'AUTHORIZATION_CODE', 'grant_type': 'authorization_code' } response = requests.post('https://connect.stripe.com/oauth/token', data=data)
The client_secret is also obtained when registering your platform. The codeparameter is the authorization code.
On making this request, a json response will be returned.
If the request was a success, the following response will be obtained.
{ "token_type": "bearer", "stripe_publishable_key": PUBLISHABLE_KEY, "scope": "read_write", "livemode": false, "stripe_user_id": USER_ID, "refresh_token": REFRESH_TOKEN, "access_token": ACCESS_TOKEN }
If the request failed for some reason, an error will be returned.
{ "error": "invalid_grant", "error_description": "Authorization code does not exist: AUTHORIZATION_CODE" }
The access_token token obtained can be used as the secret key to accept payments like discussed in Integrating Stripe in the Flask web framework.
It’s an open protocol which allows to secure an authorization in a simple and standard method from web, mobile and desktop applications.Facebook, Google Twitter, Github and more web services use this protocol to authenticate user. Using Oauth is very convenient, because it delegates user authentication to the service which host user account. It allows us to get resources from another web service without giving any login or password. If you have a service and want to prepare a authentication via Twitter, the best solution is to use OAuth. Recently Open Event team met a problem in an user profile page. We’d like to automatically fill information about user. Of course, to solve it we use Oauth protocol, to authenticate with Twitter After a three-steps authentication we can get name and profile picture.If you need another information from Twitter profile like recent tweets or followers’ list. You have to visit Twitter API site to see more samples of resource which you can get
All services have a very similar flow. Below i will show you how it looks in our case.
Before starting you need to create your own twitter app. You can create app in Twitter apps site https://apps.twitter.com/. If create an app you will see a CONSUMER KEY and CONSUMER SECRET KEY which shouldn’t be human-readable, so remember not to share these keys.
Below example shows how to get basic information about twitter profile
We use oauth2 python library https://github.com/joestump/python-oauth2
consumer = oauth2.Consumer(key=TwitterOAuth.get_client_id(), secret=TwitterOAuth.get_client_secret()) client = oauth2.Client(consumer)
TwitterOAuth.get_client_id() – CONSUMER KEY
TwitterOAuth.get_client_secret() – CONSUMER SECRET KEY
Then we send GET request to request_token endpoint to get oauth_token
client.request('https://api.twitter.com/oauth/request_token', "GET")
Response: oauth_token=Z6eEdO8MOmk394WozF5oKyuAv855l4Mlqo7hhlSLik& oauth_token_secret=Kd75W4OQfb2oJTV0vzGzeXftVAwgMnEK9MumzYcM& oauth_callback_confirmed=true
Next step is to redirect user to Twitter Authentication site
You can see in an url a redirect_uri. So after sign in Client will get a callback from Twitter with oauth_verifier and oauth_token params
The last step is to get an access token. If we have an oauth_verifier and an oauth_token it’s pretty easy
def get_access_token(self, oauth_verifier, oauth_token): consumer = self.get_consumer() client = oauth2.Client(consumer) return client.request( self.TW_ACCESS_TOKEN_URI + 'oauth_verifier=' + oauth_verifier + "&oauth_token=" + oauth_token, "POST")
Where TW_ACCESS_TOKEN_URI is https://api.twitter.com/oauth/access_token
Final step is to get our user information
resp, content = client.request("https://api.twitter.com/1.1/users/show.json? screen_name=" + access_token["screen_name"] + "&user_id=" + access_token["user_id"] , "GET") user_info = json.loads(content)
In an user_info variable you can get a profile picture or a profile name.
Summarizing, oauth protocol is very secure and easy to use by developer. At the beginning an oauth flow can seem to be a little hard to understand but if you spend some time trying tp understand it, everything becomes easier. And it’s secured. because you don’t need to store a login or a password, and an access token has an expired time. This is the main feature of Oauth protocol.
So this week I was working with getting some data from the sqlite database in android and someone who was a beginner in android also asked me to help him with the same. I asked him what he knew and he said that even after reading up a lot he wasn’t able to figure out what exactly to do with the data he wants to save and use in his app. I have seen that this is a problem with a lot of people starting to develop android apps. So, I decided to write a blog on how can you handle your data in your android apps.
Most of the android apps need to save data even if only to save some user preferences. So primarily there are 3 ways to save your data :
So let’s go step by step. When we need to store just some preferences of the users like if they want notifications or what kind of theme they want : light or dark etc. So basically if we want to store a key value in the persitant storage of the app we can do that using SharedPreferences. To use sharedpreferences, we initialise the sharedpreference object like
SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(this);
in oncreate and cache it. Then we just need to add or retrieve what we want using this cached SharedPreferences object. To Add a key value pair :
sharedPreferences.edit().putString("someKey", "someValue").apply();
Also you can put all kinds of stuff here. For example right now we added a string with key “someKey” and Value “someValue”. We can also add Booleans, Floats, Ints, Longs, StringSets etc.
To retrieve the same value we do something like this
sharedPreferences.getString("someKey", "DefaultValue");
Now if you want some logs or some values that can be exported and sent to your server, you should write them to files and maybe read some json inputs etc. as well.
Basically android has a File system similar to other platforms. All android devices have two file storage areas : “Internal” and “external” storage. The difference between them is as follows :
Internal :
Best to use this when you want to be sure that neither the user nor the other app’s can access your files
External :
Now to read and write files, you need extra permissions
So now let’s get down to it. How do I save and read files in my app?
You first initialise the File object
File file = new File(context.getFilesDir(), filename);
This will create a file with filename in the internal storage. For external storage
first check if the storage is available, then just create a file using getExternalStoragePublicDirectory
File file = new File(Environment.getExternalStoragePublicDirectory(
Environment.DIRECTORY_PICTURES), albumName);
if (!file.mkdirs()) {
Log.e(LOG_TAG, "Directory not created");
}
return file;
This is for writing public files.
Now we move onto the most used part in an android app which is a database.Android has a built in SQLite database package which helps us in writing databases in files with syntax similar to SQL.
You need to add 2 classes which are mandatory and another class which basically helps you get organised. So the first is a Contract. This is where you actually write statements that will be executed later on to initialise or create the tables we want. For this make an a static abstract inner class that implements BaseColums like
public static abstract class Microlocation implements BaseColumns {
public static final String TABLE_NAME = "microlocation";
public static final String ID = "id";
public static final String NAME = "name";
public static final String LATITUDE = "latitude";
public static final String LONGITUDE = "longitude";
public static final String FLOOR = "floor";
public static final String[] FULL_PROJECTION = {
ID,
NAME,
LATITUDE,
LONGITUDE,
FLOOR
};
public static final String CREATE_TABLE =
"CREATE TABLE " + TABLE_NAME
+ " ("
+ ID + INT_TYPE + PRIMARY_KEY + COMMA_SEP
+ NAME + TEXT_TYPE + COMMA_SEP
+ LATITUDE + REAL_TYPE + COMMA_SEP
+ LONGITUDE + REAL_TYPE + COMMA_SEP
+ FLOOR + INT_TYPE
+ " );";
public static final String DELETE_TABLE = "DROP TABLE IF EXISTS " + TABLE_NAME;
}
Here we are making static final Strings for column names and then creating a static final String CREATE_TABLE which is basically a statement that creates the table Microlocation with the specified key, columns, data types etc.
After adding this structure for all the tables we want to have in our database, we move on to adding a DbHelper class that extends SQLiteOpenHelper which basically has two Abstract methods called onCreate(SQLiteDatabase db) and onUpgrade(SQLiteDatabase db) which are called when the database is created and database version is changed respectively. We call all our CREATE_TABLE static Strings in onCreate which in turn creates all the tables. Something like this :
@Override
public void onCreate(SQLiteDatabase db) {
db.execSQL(DbContract.Speakers.CREATE_TABLE);
db.execSQL(DbContract.Sponsors.CREATE_TABLE);
db.execSQL(DbContract.Sessions.CREATE_TABLE);
db.execSQL(DbContract.Tracks.CREATE_TABLE);
db.execSQL(DbContract.Sessionsspeakers.CREATE_TABLE);
db.execSQL(DbContract.Event.CREATE_TABLE);
db.execSQL(DbContract.Microlocation.CREATE_TABLE);
db.execSQL(DbContract.Versions.CREATE_TABLE);
db.execSQL(DbContract.Bookmarks.CREATE_TABLE);
db.execSQL(DbContract.EventDates.CREATE_TABLE);
}
You can also call DELETE_TABLE Strings in onUpgrade and the call onCreate again if you like but it’s not compulsory.
Now that you’re database is initialised, let’s add some records into it. For example I have to add a new Micrlocation I’d create a method in my data model where I’ll add a basic structure for the query and then format it with the values for a particular object of the model. Something, like this
public String generateSql() {
String insertQuery = "INSERT INTO %s VALUES ('%d', %s, '%f', '%f', '%d');";
return String.format(Locale.ENGLISH,
insertQuery,
DbContract.Microlocation.TABLE_NAME,
id,
DatabaseUtils.sqlEscapeString(StringUtils.optionalString(name)),
latitude,
longitude,
floor);
}
and then I’d execute the string returned by the call
String query = model.generateSql();
by this
public void insertQuery(String query, DbHelper mDbHelper) {
SQLiteDatabase db = mDbHelper.getWritableDatabase();
db.beginTransaction();
db.execSQL(query);
db.setTransactionSuccessful();
db.endTransaction();
}
Where db is just a SQLiteDatabase instance.
Now that we have records we want to retrieve them according to usage and for that we create helper methods. This is an example of the retrieving all the microlocations added to the database in ASCENDING order of NAME
public ArrayList<org.fossasia.openevent.data.Microlocation> getMicrolocationsList(SQLiteDatabase mDb) {
String sortOrder = DbContract.Microlocation.NAME + ASCENDING;
Cursor cursor = mDb.query(
DbContract.Microlocation.TABLE_NAME,
DbContract.Microlocation.FULL_PROJECTION,
null,
null,
null,
null,
sortOrder
);
ArrayList<org.fossasia.openevent.data.Microlocation> microlocations = new ArrayList<>();
org.fossasia.openevent.data.Microlocation microlocation;
cursor.moveToFirst();
while (!cursor.isAfterLast()) {
microlocation = new org.fossasia.openevent.data.Microlocation(
cursor.getInt(cursor.getColumnIndex(DbContract.Microlocation.ID)),
cursor.getString(cursor.getColumnIndex(DbContract.Microlocation.NAME)),
cursor.getFloat(cursor.getColumnIndex(DbContract.Microlocation.LATITUDE)),
cursor.getFloat(cursor.getColumnIndex(DbContract.Microlocation.LONGITUDE)),
cursor.getInt(cursor.getColumnIndex(DbContract.Microlocation.FLOOR))
);
microlocations.add(microlocation);
cursor.moveToNext();
}
cursor.close();
return microlocations;
}
First we create a cursor and then just iterate of the cursor to get microlocation objects and add them to an Arralist and return the Arraylist to the calling method.
So This are most of the things that are there to handling data in Android. Should be sufficient to get you started.
Sorry for the long post but the content couldn’t be made any smaller but I hope you gain something from this post. You can checkout implementations I have followed for the Open event project in the github repo https://github.com/fossasia/open-event-android. You can also write to me anytime on FB, Twitter, Email etc. and I’ll be happy to answer any queries. Adios!
References : 1) developers.android.com
2) https://github.com/fossasia/open-event-android
In my previous post I talked about approach for Multiple Ticket feature’s user-interface [Link]. In this post I’ll discuss about Flask back-end used for saving multiple tickets.
Since the number of Tickets a user creates is unknown to the server, details of tickets were needed to be sent as an array of values. So the server would accept the list of values and iterate over them. To send data as an array the naming had to include brackets. Below are some input fields used in tickets:
<tr>
<td>
<input type="hidden" name="tickets[type]">
<input type="text" name="tickets[name]" class="form-control" placeholder="Ticket Name" required="required" data-uniqueticket="true">
<div class="help-block with-errors"></div>
</td>
<td>
<input type="number" min="0" name="tickets[price]" class="form-control" placeholder="$" value="">
</td>
<td>
<input type="number" min="0" name="tickets[quantity]" class="form-control" placeholder="100" value="{{ quantity }}">
</td>
<!-- Other fields -->
</tr>When the POST request reaches the server, any of the above fields (say tickets[name]) would be available as a list. The Flask Request object includes a form dictionary that contains all the POST parameters sent with the request. This dictionary is an ImmutableMultiDict object, which has a getlist method to get array of elements.
For instance in our case, we can get tickets[name] using:
@expose('/create', methods=('POST', 'GET'))
def create_view(self):
if request.method == 'POST':
ticket_names = request.form.getlist('tickets[name]')
# other stuff
The ticket_names variable would contain the list of all the Ticket names sent with the request. So for example if the user created three tickets at the client-side, the form would possibly look like:
<form method="post">
<!-- Ticket One -->
<input type="text" name="tickets[name]" class="form-control" value="Ticket Name One">
<!-- Ticket Two -->
<input type="text" name="tickets[name]" class="form-control" value="Ticket Name Two">
<!-- Ticket Three -->
<input type="text" name="tickets[name]" class="form-control" value="Ticket Name Three">
</form>After a successful POST request to the server, ticket_names should contain ['Ticket Name One', 'Ticket Name Two', 'Ticket Name Three'].
Other fields, like tickets[type], tickets[price], etc. can all be extracted from the Request object.
A problem arose when a checkbox field was needed for every ticket. In my case, a “Hide Ticket” option was needed to let the user decide if he wants the ticket to be shown at the public Events page.
The problem with checkboxes is that, for a checkbox of a particular name attribute, if it is not selected, POST parameters of the request made by the client will not contain the checkbox input field parameter. So if I define an input field as a checkbox with the following naming convention, and make a POST request to the server, the server will receive blah[] parameter only if the input element had been checked.
<input type="checkbox" name="blah[]" >
This creates a problem for “Hide ticket” checkboxes. For instance, at the client-side the user creates three tickets with the first and last tickets having their checkboxes selected, the server would get an array of two.
<form>
<!-- Ticket One -->
<input type="checkbox" name="tickets[hide]" checked>
<!-- Ticket Two -->
<input type="checkbox" name="tickets[hide]">
<!-- Ticket Three -->
<input type="checkbox" name="tickets[hide]" checked>
</form>ticket_hide_opts = request.form.getlist('tickets[hide]')ticket_hide_opts would be an array of length two. And there is no way to tell what ticket had its “Hide ticket” option checked. So for the hide checkbox field I had to define input elements with unique names to extract them at the server.
There is also a hack to overcome the unchecked-checkbox problem. It is by using a hidden field with the same name as the checkbox. You can read about it here: http://www.alexandrejoseph.com/blog/2015-03-03-flask-unchecked-checkbox-value.html.
In this tutorial, I will show you how to write your first Dockerfile. I got to learn Docker because I had to implement a Docker deployment for our GSoC project Open Event Server.
First up, what is Docker ? Basically saying, Docker is an open platform for people to build, ship and run applications anytime and anywhere. Using Docker, your app will be able to run on any platform that supports Docker. And the best part is, it will run in the same way on different platforms i.e. no cross-platform issues. So you build your app for the platform you are most comfortable with and then deploy it anywhere. This is the fundamental advantage of Docker and why it was created.
So let’s start our dive into Docker.
Docker works using Dockerfile (example), a file which specifies how Docker is supposed to build your application. It contains the steps Docker is supposed to follow to package your app. Once that is done, you can send this packaged app to anyone and they can run it on their system with no problems.
Let’s start with the project structure. You will have to keep Dockerfile at the root of your project. A basic project will look as follows –
- app.py
- Dockerfile
- requirements.txt
- some_app_folder/
- some_file
- some_fileDockerfile starts with a base image that decides on which image your app should be built upon. Basically “Images” are nothing but apps. So for example you want your run your application in Ubuntu 14.04 VM, you use ubuntu:14.04 as the base image.
FROM ubuntu:14.04
MAINTAINER Your Name <your@email.com>These are usually the first two lines of a Dockerfile and they specify the base image and Dockerfile maintainer respectively. You can look into Docker Hub for more base images.
Now that we have started our Dockerfile, it’s time to do something. Now think, if you are trying to run your app on a new system of Ubuntu, what will be the first step you will do… You update the package lists.
RUN apt-get updateYou may possibly want to update the packages too.
RUN apt-get update
RUN apt-get upgrade -yLet’s explain what’s happening. RUN is a Docker command which instructs to run something on the shell. Here we are running apt-get update followed by apt-get upgrade -y on the shell. There is no need for sudo as Docker already runs commands with root user previledges.
The next thing you will want to do now is to put your application inside the container (your Ubuntu VM). COPY command is just for that.
RUN mkdir -p /myapp
WORKDIR /myapp
COPY . .Right now we were at the root of the ubuntu instance i.e. in parallel with /var, /home, /root etc. You surely don’t want to copy your files there. So we create a ‘myapp’ directory and set it as WORKDIR (project’s directory). From now on, all commands will run inside it.
Now that copying the app has been done, you may want to install it’s requirements.
RUN apt-get install -y python python-setuptools python-pip
RUN pip install -r requirements.txtYou might be thinking why am I installing Python here. Isn’t it present by default !? Well let me tell you that base image ‘ubuntu’ is not the Ubuntu you are used with. It just contains the bare essentials, not stuff like python, gcc, ruby etc. So you will have to install it on your own.
Similarly if you are installing some Python package that requires gcc, it will not work. When you are struck in a issue like that, try googling the error message and most likely you will find an answer. 
The last thing remaining now is to run your app. With this, your Dockerfile is complete.
CMD python app.pyTo build the app run the following command.
docker build -t myapp .Then to run the app, execute docker run myapp.
Refer to the official Dockerfile reference to learn more Dockerfile commands. Also you may find my post on using Travis to test Docker applications interesting if you want to automate testing of your Docker application.
I will write more blog posts on Docker as I learn more. I hope you found this one useful.
{{ Repost from my personal blog http://aviaryan.in/blog/gsoc/dockerfile-basic.html }}
In the open-event-webapp generator we need to perform a lot of asynchronous tasks in the background like –
Sometimes tasks depend on previous tasks, and in such cases we need to perform them serially. Also there are tasks like image downloads, that would be better if done parallelly.
To achieve both these purposes, there is an awesome node.js library called async that helps achieve this.
To perform asynchronous tasks serially (one task, then another task), we can use something like this –
async.series([
(done) => {
someAsyncFunction(function () { done () })
},
//(done) => {..}, (done) => {..} more tasks here
(done) => {
someAsyncFunction(function () { done () })
});
}
]);
Basically async takes an array of functions. Each function contains a callback that you need to call when the internal task is finished. The 2nd task starts, only after the done() callback of first task is executed.
An example of it’s usage can be seen in the open-event-webapp project here
So I implemented the payment system and tax system for the payment part in the ticketing system. The first step was making a list of available countries and currency options for the system. So I created and added the following list:
PAYMENT_COUNTRIES = {
'United States',
'Argentina',
'Australia',
'Austria',
'Belgium',
'Brazil',
'Canada',
'Cyprus',
'Czech Republic',
'Denmark',
'Estonia',
'Finland',
'France',
'Germany',
'Greece',
'Hong Kong',
'Hungary',
'Ireland',
'Israel',
'Italy',
'Japan',
'Latvia',
'Lithuania',
'Luxemborg',
'Malaysia',
'Malta',
'Mexico',
'Netherlands',
'New Zealand',
'Norway',
'Philippines',
'Poland',
'Portugal',
'Singapore',
'Slovakia',
'Slovenia',
'Spain',
'Sweden',
'Switzerland',
'Taiwan',
'United Kingdom',
}
PAYMENT_CURRENCIES = {
'ARS Argentine Peso $',
'AUD Australian Dollars A$',
'BRL Brazilian Real R$',
'CAD Canadian Dollars C$',
'CZK Czech Koruna Kč',
'DKR Danish Krone Dkr',
'EUR Euros €',
'HKD Hong Kong Dollar HK$',
'HUF Hungarian Forint Ft',
'ILS Israeli Shekels ₪',
'JPY Japanese Yen ¥',
'MYR Malaysian Ringgits RM',
'MXN Mexican Pesos Mex$',
'NZD New Zealand Dollar NZ$',
'NOK Norwegian Krone Nkr',
'PHP Philippine Pesos ₱',
'PLN Polish Zloty zł',
'GBP Pounds Sterling £',
'SGD Singapore Dollar SG$',
'SEK Swedish Krona Skr',
'CHF Swiss Franc Fr',
'TWD Taiwan New Dollars NT$',
'THB Thai baht ฿',
'USD U.S. Dollars $',
}
This is the list of currently supported countries and currencies. Thus the user can choose from the above list in the following step on the first page of event creation:
If the user chooses a Paid ticket or a Donation ticket then he/she has to compulsorily choose a country and a currency for the event. Next in line is the system of payments – the way in which the organizer wants payments to be made for his/her event. They include the option of Online Payments and Offline Payments. The organizer has to tick the checkbox in order to enable the payment option. On enabling the PayPal and Stripe checkboxes he/she is represented with the following:
On enabling PayPal option the organizer has to enter the PayPal email and for Stripe he has to connect it with Stripe account.
And the final step is the addition of tax for the event. The organizer can choose whether he/she wants to enable tax for the event or not:
On choosing Yes he is presented with the tax form:
If the organizer wants to send invoices then on enabling invoices another form is displayed with details pertaining to Business Address, Registered Name etc….
Finally we have two options that whether we want to display the tax as separate fee or include in the price of tickets.
As per the PayPal documentation …
Express Checkout is a fast, easy way for buyers to pay with PayPal. Express Checkout eliminates one of the major causes of checkout abandonment by giving buyers all the transaction details at once, including order details, shipping options, insurance choices, and tax totals.
The basic steps for using express checkout to receive one-time payments are:
We will be using PayPal’s Classic NVP (Name-value pair) API for implementing this.
To begin with, we’ll need API Credentials.
We’ll be using the Signature API credentials which consists of
To obtain these, you can follow the steps at Creating and managing NVP/SOAP API credentials – PayPal Developer.
You’ll be getting two sets of credentials. Sandbox and Live. We’ll just stick to the Sandbox for now.
Now, we need sandbox test accounts for making and receiving payments. Head over to Creating Sandbox Test Accounts – PayPal Developer and create two sandbox test accounts. One would be the facilitator and one would be the buyer.
All the API actions will take place by making a request to the PayPal server. PayPal has 4 different NVP servers for 4 different purposes.
https://api-3t.sandbox.paypal.com/nvp – Sandbox “testing” server for use with API signature credentials.https://api-3t.paypal.com/nvp– PayPal “live” production server for use with API signature credentials.https://api.sandbox.paypal.com/nvp – Sandbox “testing” server for use with API certificate credentials.https://api.paypal.com/nvp – PayPal “live” production server for use with API certificate credentials.We’ll be using the Sandbox “testing” server for use with API signature credentials.
To create a transaction, we’ll need to make a request with all the transaction details. We can use Python requests library to easily make the requests. All requests are POST.
We’ll be calling the SetExpressCheckout method of the NVP API to obtain the token.
import requests import urlparse data = { 'USER': credentials['USER'], 'PWD': credentials['PWD'], 'SIGNATURE': credentials['SIGNATURE'], 'SUBJECT': credentials['FACILITATOR_EMAIL'], 'METHOD': 'SetExpressCheckout', 'VERSION': 93, 'PAYMENTREQUEST_0_PAYMENTACTION': 'SALE', 'PAYMENTREQUEST_0_AMT': 100, 'PAYMENTREQUEST_0_CURRENCYCODE': 'USD', 'RETURNURL': 'http://localhost:5000/paypal/return/', 'CANCELURL': 'http://localhost:5000/paypal/cancel/' } response = requests.post('https://api-3t.sandbox.paypal.com/nvp', data=data) token = dict(urlparse.parse_qsl(response.text))['TOKEN']
Here,
USER represents your Sandbox API Username.PWD represents your Sanbox API Password.SIGNATURE represents your Sandbox Signature.SUBJECT represents the facilitator’s email ID.PAYMENTREQUEST_0_AMT is the total transaction amount.PAYMENTREQUEST_0_CURRENCYCODE is the 3 digit ISO 4217 Currency code.RETURNURL is where the user will be sent to after the transactionCANCELURL is where the user will be sent to if he/she cancels the transaction.A URL-Encoded, Name-value pair response would be obtained. We can decode that into a dict by using Python’s urlparse modules.
From the response, we’re extracting the TOKEN which we will use to generate the payment URL for the user.
This token has to be retained since we’ll be using it in further steps of the process.
With the token we obtained, we can form the payment URL.
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=<TOKEN>
We’ll have to send the user to that URL. Once the user completes the transaction at PayPal, he/she will be returned to the RETURNURL where we’ll further process the transaction.
Once the user completes the transaction and gets redirected back to RETURNURL, we’ll have to obtain the confirmed payment details from PayPal. For that we can again use the token ID that we obtained before.
We’ll now be making a request to the GetExpressCheckoutDetails method of the API.
import requests import urlparse data = { 'USER': credentials['USER'], 'PWD': credentials['PWD'], 'SIGNATURE': credentials['SIGNATURE'], 'SUBJECT': credentials['FACILITATOR_EMAIL'], 'METHOD': 'GetExpressCheckoutDetails', 'VERSION': 93, 'TOKEN': TOKEN } response = requests.post('https://api-3t.sandbox.paypal.com/nvp', data=data) result = dict(urlparse.parse_qsl(response.text)) payerID = result['PAYERID']
A URL-Encoded, Name-value pair response would be obtained. We can decode that into a dict by using Python’s urlparse modules.
This will provide us with information about the transaction such as transaction time, transaction amount, charges, transaction mode, etc.
But, we’re more interested in the PAYERID which we’ll need to capture/collect the payment. The money is not transferred to the facilitators account until it is captured/collected. So, be sure to collect it.
To collect it, we’ll be making another request to the DoExpressCheckoutPaymentmethod of the API using the token and the PAYERID.
import requests import urlparse data = { 'USER': credentials['USER'], 'PWD': credentials['PWD'], 'SIGNATURE': credentials['SIGNATURE'], 'SUBJECT': credentials['FACILITATOR_EMAIL'], 'METHOD': 'DoExpressCheckoutPayment', 'VERSION': 93, 'TOKEN': TOKEN, 'PAYERID': payerID, 'PAYMENTREQUEST_0_PAYMENTACTION': 'SALE', 'PAYMENTREQUEST_0_AMT': 100, 'PAYMENTREQUEST_0_CURRENCYCODE': 'USD', } response = requests.post('https://api-3t.sandbox.paypal.com/nvp', data=data) result = dict(urlparse.parse_qsl(response.text)) status = result['ACK']
All the details have to be the same as the ones provided while obtaining the token. Once we make the request, we’ll again get a URL-Encoded, Name-value pair response. We can decode that into a dict by using Python’s urlparsemodules.
From the response, ACK (Acknowledgement status) will provide us with the status of the payment.
Success — A successful operation.SuccessWithWarning — A successful operation; however, there are messages returned in the response that you should examine.Failure — The operation failed; the response also contains one or more error messages explaining the failure.FailureWithWarning — The operation failed and there are messages returned in the response that you should examine.And, we have completed the PayPal transaction flow for Express Checkout. These are just the basics and might miss a few stuff. I suggest you go through the following links too for a better understanding of everything:
An Event can have multiple tickets for different purposes. For instance an Arts Exhibition can have multiple Galleries. The Organizer might be interested in assigning a ticket (let’s assume paid) for each Gallery. The user can then buy tickets for the Galleries that he wishes to attend. The feature that Multiple Tickets really provide is exclusiveness. Let’s say Gallery1 has a shorter area (by land) than others. Obviously the Organizer would want fewer people to be present there than other Galleries. To do this, he can create a separate ticket for Gallery1 and specify a shorter sales period. He can also reduce the Maximum number of order that a user can make (max_order). If we would have implemented single ticket per event, this wouldn’t have been possible.
To handle multiple tickets at the wizard, proper naming of input tags was required. Since the number of tickets that can be created by the user was unknown to the server we had to send ticket field values as lists. Also at the client-side a way was required to let users create multiple tickets.
A ticket can be of three types: Free, Paid and Donation. Out of these, only the Paid tickets need a Price. The Tickets holder could be a simple table, with every ticket being a table row. This became more complex afterwards, when more details about the ticket needed to be displayed. A ticket would then be two table rows with one of them (details) hidden.
Ticket holder can be a simple bootstrap table:
<table class="table tickets-table">
<thead>
<tr>
<th>Ticket Name</th>
<th>Price</th>
<th>Quantity</th>
<th>Options</th>
</tr>
</thead>
<tbody>
<!-- Ticket -->
<tr>
<!-- Main info -->
</tr>
<tr>
<!-- More details (initially hidden) -->
</tr>
<!-- /Ticket -->
</tbody>
</table>
To make ticket creation interactive, three buttons were needed to create the above three tickets. The type-name doesn’t not necessarily have to be shown to the user. It could be specified with the Price. For Paid ticket, the Price input element would be a number. For Free and Donation tickets, a Price input element wasn’t required. We could specify an element displaying one of the two types: Free or Donation.
Here’s the holder table with a Free Ticket and a Donation Ticket:
Since only the Price field is changing in the three types of tickets, I decided to create a template ticket outside of the form and create a JavaScript function to create one of the tickets by cloning the template.
A Free Ticket with its edit options opened up. You can see other details about the ticket in the second table row.
This is a simplified version of the template. I’ve removed common bootstrap elements (grid system) including some other fields.
<div id="ticket-template">
<tr>
<td>
<input type="hidden" name="tickets[type]">
<input type="text" name="tickets[name]" class="form-control" placeholder="Ticket Name" required="required" data-uniqueticket="true">
<div class="help-block with-errors"></div>
</td>
<td>
<!-- Ticket Price -->
</td>
<td>
<input type="number" min="0" name="tickets[quantity]" class="form-control" placeholder="100" value="{{ quantity }}">
</td>
<td>
<div class="btn-group">
<a class="btn btn-info edit-ticket-button" data-toggle="tooltip" title="Settings">
<i class="glyphicon glyphicon-cog"></i>
</a>
<a class="btn btn-info remove-ticket-button" data-toggle="tooltip" title="Remove">
<i class="glyphicon glyphicon-trash"></i>
</a>
</div>
</td>
</tr>
<tr>
<td colspan="4">
<div class="row" style="display: none;">
<!-- Other fields including Description, Sales Start and End time,
Min and Max Orders, etc.
-->
</div>
</td>
</tr>
</div>
Like I said, the Price element of ticket will make the type obvious for the user, so a type field does not need to be displayed. But the type field is required by the server. You can see it specified as hidden in the template.
The function to create a Ticket according to the type:
I’ve commented snippets to make it easy to understand.
function createTicket(type) {
/* Clone ticket from template */
var $tmpl = $("#ticket-template").children().clone();
var $ticket = $($tmpl[0]).attr("id", "ticket_" + String(ticketsCount));
var $ticketMore = $($tmpl[1]).attr("id", "ticket-more_" + String(ticketsCount));
/* Bind datepicker and timepicker to dates and times */
$ticketMore.find("input.date").datepicker();
$ticketMore.find("input.time").timepicker({
'showDuration': true,
'timeFormat': 'H:i',
'scrollDefault': 'now'
});
/* Bind iCheck to checkboxes */
$ticketMore.find("input.checkbox.flat").iCheck({
checkboxClass: 'icheckbox_flat-green',
radioClass: 'iradio_flat-green'
});
/* Bind events to Edit (settings) and Remove buttons */
var $ticketEdit = $ticket.find(".edit-ticket-button");
$ticketEdit.tooltip();
$ticketEdit.on("click", function () {
$ticketMore.toggle("slow");
$ticketMore.children().children(".row").slideToggle("slow");
});
var $ticketRemove = $ticket.find(".remove-ticket-button");
$ticketRemove.tooltip();
$ticketRemove.on("click", function () {
var confirmRemove = confirm("Are you sure you want to remove the Ticket?");
if (confirmRemove) {
$ticket.remove();
$ticketMore.remove();
}
});
/* Set Ticket Type field */
$ticket.children("td:nth-child(1)").children().first().val(type);
/* Set Ticket Price field */
var html = null;
if (type === "free") {
html = '';
} else if (type === "paid") {
html = '';
} else if (type === "donation") {
html = '';
}
$ticket.children("td:nth-child(2)").html(html);
/* Append ticket to table */
$ticket.hide();
$ticketMore.children().children(".row").hide();
$ticketsTable.append($ticket, $ticketMore);
$ticket.show("slow");
ticketsCount += 1;
}
The flow is simple. Clone the template, bind events to various elements, specify type and price fields and then append to the ticket holder table.
We use the Datepicker and Timepicker JavaScript libraries for date and time elements. So fields using these widgets need to have methods called on the elements. Also, we use iCheck for checkboxes and radio buttons. Apart from these, the Edit-Ticket and Remove-Ticket buttons also need event handlers. Edit-Ticket button toggles the Ticket Details segment (second tr of a ticket). Remove-Ticket deletes the ticket. After the Price and Type fields are set, the ticket is appended to the holder table with slow animation.
You must be logged in to post a comment.