Paypal credentials to apple review team - ios

I have integrated paypal sdk in my application. The app get rejected from apple review team. They want information about account information, including passwords, in the Review Notes section of iTunes Connect App Information. Should i provide my paypal account details in Review Notes? Secondly if they use my paypal account to test , amount will be deducted from my paypal.

If you really need to, create a PayPal account for Apple to test with. You can deposit some minimal amount if need be. Once your app is approved, change the password.
Since the amount will be deposited in your merchant account, you wouldn't really loose the money. (You can also log in to your merchant account and refund the transaction if need be.)
NOTE: Do NOT give out your merchant account info; The transaction will fail if buyer == seller, and you really don't want to give anyone else access to your core business account anyway.

Related

iOS - Allow my app's users to take payment from their own customers?

I currently have an app that allows users to manage their customers. That said, I want my app's users to be able to take payment from their own customers, and have the funds deposit to their own bank accounts. Does anyone know if Stripe, Paypal, or Square has an SDK that would allow users to login to their own payment accounts to take payment? Any help and/or tips are super appreciated!
For PayPal, use a regular Checkout integration (Web JS SDK, Native SDK, and/or server-side REST API integration, as desired) and when creating the order specify a payee object with an email_address or merchant_id that is to receive the payment
See the documentation for details.

iOS inapp purchase subscription serverside validation security

The logic of the app.
You register with login password. Then if you doesn't have subscription (checked by server) you go to "Buy subscription page".
Problem.
I register user1. buy subscription. token1 goes to server.
I register user2. as he doesn't have subscription he goes to "Buy subscription page", clicks "Buy", apple says "You already bought subscription" and gives token2 (why does it give different token?)
var receiptUrl = NSData.FromUrl(NSBundle.MainBundle.AppStoreReceiptUrl);
return receiptUrl.GetBase64EncodedString(NSDataBase64EncodingOptions.None);
token2 goes to server. As a result we have 1 bought subscription but 2 users that use the same subscription.
Is there any way to identify itunes of user? to save along the token and be able to check if that itunes user already bought subscription for some server side account
This is a fundamental problem in StoreKit receipts and I think most developers don't realize it.
The problem is that Apple doesn't give developers a way to identify which iTunes account a receipt belongs to. This makes it trivial for a user to share their iTunes credentials with other users and unlock subscriptions.
The correct way to handle this is to, in your database, store the actual transaction_id from the Apple verifyReceipt response, and ensure it is unique in your database. This is a lot of work, so it may not be worth it.
It is further complicated by the fact that sometimes, you want an iTunes account to be usable with different app side accounts. For example if a user creates an account and purchases a subscription, lets the subscription expire, then later creates a new account and tries to purchase again, it should be permitted, even though the same receipt is now being used by multiple accounts.
If you don't want to deal with it, I have a service that handles all these edge cases automatically.

Create Token With Apple Pay Without Payment

I have two questions:
Is there a way to create an STPToken using Apple Pay without a payment? In my iOS app, the customer either enters in their payment info or decides to use Apple Pay when registering. When the customer decides to make a purchase (some time in the future after signing up), their card will be automatically charged. There is a method that I can call to check if the payment request can be made, but it seems that I have to actually run the payment and charge the card in order to get the token. Note that I can create a customer and saving a card without charging the customer if the customer enters in the payment info manually. This issue only comes about if the customer decides to use Apple Pay.
For testing purposes, when I do use the payment to create the token and charge the customer's card during the sign up process, I've noticed that the dynamic_last4 and expiration date fields do not match the actual card. I have verified this not just in my program, but also when I log into Stripe's website and check the customer's record. Although these fields do not match the actual card, I can indeed charge the card correctly. Are these fields being masked in some way by Stripe or Apple on purpose?
You need to invoke the Apple Pay payment process in order to get the Apple-generated token. While strictly speaking you don't actually have to process the payment to get the token, what would you do with it otherwise? Store it? They're not re-usable and you don't get the card details to otherwise store a customer/card pair from it for future token generation. If you're not already familiar with it, I would strongly recommend reviewing the Apple Pay Identity Guidelines doc: https://developer.apple.com/apple-pay/Apple-Pay-Identity-Guidelines.pdf with respect to offering your customers multiple payment options including Apple Pay.
Yes, with Apple Pay the last4/exp values are disassociated from the actual card for security purposes.

Can we use Apple Pay for Customer to Customer application?

I am new to Apple Pay. We need to develop an application in which we need to pay from Customer to Customer. I have checked out official documentation of ApplePay for payment from the documents given on below link.
https://developer.apple.com/apple-pay/
They have mentioned that customer can pay to merchant for Service or goods.
But if we need to accept make payment one customer to other customer then it is possible or not? If it is possible then how can we accept it?
Thanks in advance!
Apple Pay can be used to make any payment into a merchant's account, using one of the payment providers that Apple Pay supports. Currently Apple Pay supports payments using Braintree, Stripe and others (see their web page). It's up to you what you do with the money once you receive it, you could transfer it to another user, but not using Apple Pay.
You'd want to use a payment provider that supports customer to customer payments, like Paypal.

Using iTunes store client data for authenticating users in iPhone App

I know that the iTunes Store stores client information, such as the client name and credit card information. Eg, if you want to buy a game, you have to log in using your apple account and provide credit card details. These details are already stored with Apple
I want to build an app that uses this credit card information stored with Apple to allow clients to make payments. Note: I do not want to use the in-app purchase model.
Does Apple provide an API that given the client username and password, allows me to access the credit card information and then make payments?
The idea is to build a charity donation app around this. But the in-app model does not support this.
In a nutshell, we basically want to use the existing iTunes infrastructure to build a charity donation app. Any ideas?

Resources