ColdFusion Muse

Verifying a Paypal Account using Coldfusion

Paypal has many advantages over other forms of ecommerce. One of the chief advantages is that using Paypal allows you to shift many of the tasks of monitoring fraud and ensuring validity over to a third party that is well equipped to do it. In the old days (say... 3 years ago) Paypal was considered to be a step child of "real" ecommerce (mostly because of the previous requirement to have a Paypal account). This perception still persists among late adapters, but the ubiquity of eBay and the increasing number of features offered to Paypal account holders has made a significant dent in that bad impression.

One of our customers had a requirement that a user must have a Paypal account in order to use the system. The site owners wanted to be sure that they would be able to charge for fees when they occurred. After some level of banging our heads against the wall we tried Lewis Sellar's (intrafoundation.com) CFX tag, aptly named CFX_PayPalAPI. It allowed us to create a simple component that could be used throughout the site to check and make sure that an email address represented a valid paypal account holder. Setting it up wasn't what I'd call easy.

Requirements

Setting up the CFX is easy enough. Just follow the instructions. Set up the class path but be careful with editing the JVM.config file from the CF admin (not always a good idea). The CFX tag encapsulates calls to the Paypal service classes. That means you will need to install the Paypal SDK before you begin. I'm not sure if the download for the cfx tag includes this code or not. In any case, after you get the SDK and the cfx tag installed you still have some work to do. You will need the gather the following:

• Username and password to Paypal API that applies to your domain
• Key file for the certificate for your domain
• Password for the certificate (so that it can be imported)
• A license Key for the CFX tag

Getting that cert installed and ready for use is very challenging for some reason. It took us some time to get the paypal api to respond using the cert. When you finally get all the parameters in place making the call is pretty easy. We chose to encapsulate this code into a function that returns true or false. We then make our registration logic dependent on wether or not the user submitted a valid account. If not, we redirect the user to Paypal for sign up. If you have a site with repeat users who buy from each other - or you need to charge fees based on site activity of some kind - this can be a nice "extra check" along the way that can keep your site more productive.