Even though it is hard for me to understand everything completley I still find the video very useful and leading to me in the right direction. Thank you for making this video.
Hi Dennis! Thanks for the tutorial. It was extremely useful. I have however a question with regards to safety. With the current set up, wouldn't it be possible for someone to inject post requests manually and mess with your database? basically sending post requests to your completed URL containing a json (with potentially valid product ID's)
For anyone who is curious: developer.paypal.com/docs/checkout/integration-features/auth-capture/#5-capture-the-authorization, you'll have to authorize it via Paypal.
Did something happen to PayPal's client side integration? When I created my business account on PayPal, PayPal only shows server side integration in their SDK materials. I cannot get any of the client side code Dennis was using (noticing his video is now 3-years old).
Seems like anyone who looks at the code can see the format of the paymentComplete() endpoint and push Order records into the database. For this to actually be sufficient, there needs to be server side validation of order from Paypal (including validating that the purchase_units record wasn't manipulated before Paypal processing occurs. Alternatively, using Paypal webhooks to validate the order and create the Order objects could work as well.
Very good video Dennis get me a question, is it possible for the user to change the price of the product by inspecting the browser and sending the changed value to paypal? Or when the page loads, we already make a call to an API and it already holds this fixed value.
Dennis, Hello! I like what you doing. Are you from Russia? I know that you do not live in Russia, I mean do you speak russian? Is it hard for you to learn Python (Django) and JS (React) ?
Hry Dennis, why it's never capturing credit and debit cards payment, it always shows " something went wrong, try again later" Is there a different code for credit and debit cards ?
Hi Dennis, I have come to your video, for learning how to add paytm for an app I'm developing in django. I would like to know if it is safe to do client side integration or would it make things easier for a hacker.
When I try to deploy in heroku I get error:"Requested runtime (python-3.8.3) is not available for this stack (heroku-20)" even though I am running python 3.8.3 and its set in 'runtime.txt'
@Dennis , It's great content ever I found on Google and UA-cam to add payment gateway into django website . you described everything well and very clearly . But my question is that , Is that is enough to receive secure transactions ? Can someone copy our payment content from browser inspector and miss use them ? You talked about server link in this video what is that and Is that play any important role to receive payments ? I love your videos . I am new on django but very crazy to build a secure website . Thank you for this video , I am waiting for your next video on django .
I'm looking at this and as a pentester, I don't see anything that precludes me from directly interacting with the backend endpoint for paymentComplete() to push valid orders into the database while totally bypassing the PayPal processing. Or, just as easily, changing the orders json object that gets pushed into Paypal for approval. What really needs to be covered is either server side validation of the order payments or a description of using Paypal Webhooks to validate the order process completed as expected.
@@WilliamMcVey-wam Gheesh thank goodness! Im a fish out of water with this web dev stuff, but was having the hardest time imagining this as secure, and was hoping to see something just like this. THANKS! Alsssooo if you dont mind my asking, im a lil lost on where to start with validating the orders on the backend. Where do I begin??
Thank you Dennis this is so awesome and simplified. Can you make a video as your mention implementing the server side of PayPal integration with Django for video subscription. Thank you in anticipation.
Hey Dennis, i got started with django abt a month ago and was wondering whats the best frontend library,or how do i go about learning frontend development after grasping a bit of the django backend. Thanks.
Like Pari Mentioned, you will need to get a base understanding of HTML/CSS but I recommend you try using plain JavaScript before moving to a framework like React or Vue.
How would you redirect to another page after you completed an order? I used the the action.redirect function like suggested in the script but it keeps saying that it must be a fully qualified url. I'm using the url template tag too for my redirected url.
amount = 5 is hard coded. How can we take input from user and pass it to stripe checkout. Also, say i enrol for course on teachable. Will there be space to ask such questions. Thank you
hey dennis, when i change my value in the paypal setup transaction which value:total, my sandbox can't seem to load when i click on paypal payment option. Can anyone help me out?
Dear Dennis, When I submit each of my orders they do not add automatically in my admin panel, would you please let me know where is my problem? (every other works properly...)
No you can select the "Sole-proprietorship" option and this will just require a social security number, at least in the US. Paypal makes it simple for individuals to use
@@DennisIvy Damn I wish I would have looked more into it, their documentation wasn't very good when I made my Django shopping site and I assumed it would be a similar situation. Thanks man!
Hello Dennis, i have an important question, can someone make the browser send a post request without actually buying the product?? I don't think the csrf token will prevent that. please correct me if i am wrong. happy coding :'D
Hi, great tutorial series, unfortunately PayPal and Stripe are not supporting in my country, there is only QIWI international payment system, is it possible to integrate QIWI ?
Can user inspect checkout page and change the amount? What is going to happen if the user will change that amount and submit payment? How you are validating the right amount?
Yes that's coming next :) I try to make these videos before hand so I can just reference them and not have to teach paypal/stripe integration in one video. I'm gonna do something similar with the dashboard video where I will teach "Charts" and "google maps" in separate videos so you guys have time to learn.
Hi Dennis! Thank you for great stuff! Can you advise wich settings I should use in settings.py file for my django site to deploy my site to real server to make it more secure?
In production you should have a separate settings.py called, I have not taught on this yet. The main thing is to make sure DEBUG is set to false when you are live and try to put any items such as passwords and secret keys into environment variables, especially if you are sharing your code with others.
Hi, I wanna ask if this video still valid until this date. I'm asking because of the variations of django. Your projects is far powerfull(I'm now in chat application project, it's far nice), and I hope this also be valid
hey Dennis, I like the content you are making, currently, I am having a hard time learning authorization and permissions with multi-tenant model. example, saas webapp with various companies and multi levels of users in that company. can you explore on that topic in your next video?
hi, how do i REDIRECT IN OTHER PAGE ? // Finalize the transaction onApprove: function(data, actions) { return actions.order.capture().then(function(details) { // Show a success message to the buyer actions.redirect(); completeOrder() alert('Transaction completed by ' + details.payer.name.given_name + '!'); });
That's tricky to answer but in short ,yes. When learning django you are not just learning the framework but including python, maybe some front end framework or language like JS and other technologies. By becoming a full stack "Django" developer you are covering alot of topics therefore becoming a "Developer" and not just a "django developer". This can make you well rounded and ready for many types of positions.
Let's hope the image URL does not change 🤭️ Thank you for the information shared . Alternatively you can use the fetch() API without using getCookie function. "X-CSRFToken": "{{ csrf_token }}", //put this in the header tag
@@DennisIvy On udemy? I would like a project course with connecting to postgres etc. I feel that when I pay for a course on udemy I am more dedicated to learning it rather then just from youtube. Idk maybe thats just me wanting to spend money jaja
Nope. It’s up to you to add in something on the backend to ensure the user doesn’t manipulate the price. I always query the database for the product/price and ensure that the value matches. If not, just send back an error.
Don't forget to check out my Complete Django course! dub.sh/NvGboTI
denis is just a gift from heaven
Even though it is hard for me to understand everything completley I still find the video very useful and leading to me in the right direction. Thank you for making this video.
Dude😍!!!!
Just say, thank you so much 😍😍 for this kind of content.
My pleasure Mian!
Hi Dennis,
Which of the two you consider he most plug'n play between Stripe and Paypal as you played around with the 2 APIs ?
Hey Dennis,
I just need Paypal integration in my PHP application and this video definitely helped me out.
Thanks.
Received the notification right away and clicked the play button 🔥
Haha I appreciate your support Khosam :)
Hi Dennis! Thanks for the tutorial. It was extremely useful. I have however a question with regards to safety. With the current set up, wouldn't it be possible for someone to inject post requests manually and mess with your database? basically sending post requests to your completed URL containing a json (with potentially valid product ID's)
For anyone who is curious: developer.paypal.com/docs/checkout/integration-features/auth-capture/#5-capture-the-authorization, you'll have to authorize it via Paypal.
Thanks dude, I am inspired by you so much. You really are a great developer and a great programmer. Thank you so much and happy coding!
Damn bro!!!!! God bless you. I'm without words, I've spent months on this shit to no avail, thanks bro 100%
great content, i would appreciate a tutorial about PayPal integration in the back-end with a monthly subscription for example
Thank you Dennis- much appreciated!
Did something happen to PayPal's client side integration? When I created my business account on PayPal, PayPal only shows server side integration in their SDK materials. I cannot get any of the client side code Dennis was using (noticing his video is now 3-years old).
same problem bro
Seems like anyone who looks at the code can see the format of the paymentComplete() endpoint and push Order records into the database. For this to actually be sufficient, there needs to be server side validation of order from Paypal (including validating that the purchase_units record wasn't manipulated before Paypal processing occurs. Alternatively, using Paypal webhooks to validate the order and create the Order objects could work as well.
Very good video Dennis get me a question, is it possible for the user to change the price of the product by inspecting the browser and sending the changed value to paypal? Or when the page loads, we already make a call to an API and it already holds this fixed value.
Dennis, Hello! I like what you doing. Are you from Russia? I know that you do not live in Russia, I mean do you speak russian? Is it hard for you to learn Python (Django) and JS (React) ?
how to get cvv no for that debit cards im stuck [I cant select standard paypal account(banking) not showing]
It's really cool! Thank you man.
Dennis Please! post the 2nd video of paypal integration...
Hry Dennis, why it's never capturing credit and debit cards payment, it always shows " something went wrong, try again later"
Is there a different code for credit and debit cards ?
Hi Dennis, I have come to your video, for learning how to add paytm for an app I'm developing in django. I would like to know if it is safe to do client side integration or would it make things easier for a hacker.
When I try to deploy in heroku I get error:"Requested runtime (python-3.8.3) is not available for this stack (heroku-20)" even though I am running python 3.8.3 and its set in 'runtime.txt'
this saved me days of work
Awesome as always
@Dennis , It's great content ever I found on Google and UA-cam to add payment gateway into django website . you described everything well and very clearly . But my question is that , Is that is enough to receive secure transactions ? Can someone copy our payment content from browser inspector and miss use them ? You talked about server link in this video what is that and Is that play any important role to receive payments ? I love your videos . I am new on django but very crazy to build a secure website . Thank you for this video , I am waiting for your next video on django .
I'm looking at this and as a pentester, I don't see anything that precludes me from directly interacting with the backend endpoint for paymentComplete() to push valid orders into the database while totally bypassing the PayPal processing. Or, just as easily, changing the orders json object that gets pushed into Paypal for approval. What really needs to be covered is either server side validation of the order payments or a description of using Paypal Webhooks to validate the order process completed as expected.
@@WilliamMcVey-wam Gheesh thank goodness! Im a fish out of water with this web dev stuff, but was having the hardest time imagining this as secure, and was hoping to see something just like this. THANKS!
Alsssooo if you dont mind my asking, im a lil lost on where to start with validating the orders on the backend. Where do I begin??
Hi @Dennis, if i right click and go to console, i can change the amount.
How to prevent from that ?
Thank you so much sir adding Paytm and paypal type request using Django thank you Sir....
Thank you Dennis this is so awesome and simplified. Can you make a video as your mention implementing the server side of PayPal integration with Django for video subscription. Thank you in anticipation.
Thanks, Dnnis!!
Just in case, image url explanation 19:31.
Hey Dennis, i got started with django abt a month ago and was wondering whats the best frontend library,or how do i go about learning frontend development after grasping a bit of the django backend. Thanks.
Learn CSS and JavaScript first and if you already know learn React or Vue
Like Pari Mentioned, you will need to get a base understanding of HTML/CSS but I recommend you try using plain JavaScript before moving to a framework like React or Vue.
very nice explanation sir, keep it up
How would you redirect to another page after you completed an order? I used the the action.redirect function like suggested in the script but it keeps saying that it must be a fully qualified url. I'm using the url template tag too for my redirected url.
amount = 5 is hard coded. How can we take input from user and pass it to stripe checkout. Also, say i enrol for course on teachable. Will there be space to ask such questions. Thank you
hey dennis, when i change my value in the paypal setup transaction which value:total, my sandbox can't seem to load when i click on paypal payment option. Can anyone help me out?
What if someone will just type completeOrder() in console? He will skip payment and get order without it.
Dear Dennis, When I submit each of my orders they do not add automatically in my admin panel, would you please let me know where is my problem? (every other works properly...)
After the user completes the payment, how do I give him access to the content that he bought?
Do you need to have a licensed business to use this in production? I had to register an LLC to use Stripe, and it's such a headache.
No you can select the "Sole-proprietorship" option and this will just require a social security number, at least in the US. Paypal makes it simple for individuals to use
@@DennisIvy Damn I wish I would have looked more into it, their documentation wasn't very good when I made my Django shopping site and I assumed it would be a similar situation. Thanks man!
I really appreciate the content of this video. Would you please share a link of the backend integration?
wathe about membership and plans. can you help me I have a big problem to implement this in my project
Hello Dennis,
i have an important question, can someone make the browser send a post request without actually buying the product?? I don't think the csrf token will prevent that. please correct me if i am wrong.
happy coding :'D
In theory yes but in a real application we can right rules in our view to ensure the proper data is there, like a Transaction ID.
@@DennisIvy alright yes.
Thanks man, Stay safe.
Hi, great tutorial series, unfortunately PayPal and Stripe are not supporting in my country, there is only QIWI international payment system, is it possible to integrate QIWI ?
Can user inspect checkout page and change the amount? What is going to happen if the user will change that amount and submit payment? How you are validating the right amount?
Hi Dennis, will you record a guide on how to create e-commerce?
Yes that's coming next :) I try to make these videos before hand so I can just reference them and not have to teach paypal/stripe integration in one video.
I'm gonna do something similar with the dashboard video where I will teach "Charts" and "google maps" in separate videos so you guys have time to learn.
It is that I was looking for, but do you have a tutorial with integration in backend side?
ua-cam.com/video/33pnWTslX2E/v-deo.html
Hi Dennis! Thank you for great stuff! Can you advise wich settings I should use in settings.py file for my django site to deploy my site to real server to make it more secure?
In production you should have a separate settings.py called, I have not taught on this yet. The main thing is to make sure DEBUG is set to false when you are live and try to put any items such as passwords and secret keys into environment variables, especially if you are sharing your code with others.
@@DennisIvy ok. but what about allowed hosts? Maybe you can show how settinds.py file should looks like?
Hi, I wanna ask if this video still valid until this date.
I'm asking because of the variations of django.
Your projects is far powerfull(I'm now in chat application project, it's far nice), and I hope this also be valid
hey Dennis, I like the content you are making, currently, I am having a hard time learning authorization and permissions with multi-tenant model. example, saas webapp with various companies and multi levels of users in that company. can you explore on that topic in your next video?
Hi I know it's random but
Can you help me out ith making n level user based upon dynamic sidebar bootstrap menu in django
I might get to that when I create my subscription based website with permission levels. I'll do my best to answer your question when I get to it :)
@@DennisIvy thanks for replying, any idea when might that be?
Hello are you planning to do some videos about Phyton?
You are Big ! THX for sharing
how to learn django full course i have basic idea of django
can you suggest me??
follow his Django series he had already uploaded those tutorials
Ashok already mentioned my course but I will keep adding more content to advance such as this video.
@@DennisIvy I am eagerly waiting for those video sir
hi, how do i REDIRECT IN OTHER PAGE ?
// Finalize the transaction
onApprove: function(data, actions) {
return actions.order.capture().then(function(details) {
// Show a success message to the buyer
actions.redirect();
completeOrder()
alert('Transaction completed by ' + details.payer.name.given_name + '!');
});
Can you create a tutorial how to pay with cryptocurrency and Django?
so how to l integrate live paypal account with django then
Please make video on solr search integration to Django website search
Hi when will you upload the server side integration for this sir? im a beginner in integrating this things
Is there a way to get the transaction ID with this?
What if the user changed the value in the front end to 0.0$?
Were is the Server-Side version of this video?
Do you think that I can get a job at FANG as a django developer?
That's tricky to answer but in short ,yes. When learning django you are not just learning the framework but including python, maybe some front end framework or language like JS and other technologies.
By becoming a full stack "Django" developer you are covering alot of topics therefore becoming a "Developer" and not just a "django developer". This can make you well rounded and ready for many types of positions.
@@DennisIvy and do you think django is better for a beginner who only knows the basics in python than flask?
Good tutorial, thank you
Hi Dennis
Kinly do Django industry based projects
Thank you .
Can you help me out ith making n level user based upon dynamic sidebar bootstrap menu in django
its helpful thanku so mucha sr
Una joya de vídeo! :)
ma man life saver
Thanks 😊 man!!
the source code is not available
thanks dude!
thank you very much.
Good bro
thank you sir
Let's hope the image URL does not change 🤭️
Thank you for the information shared
.
Alternatively you can use the fetch() API without using getCookie function.
"X-CSRFToken": "{{ csrf_token }}", //put this in the header tag
Bro pls upload Django middleware tutorial series
well done
Thank you Giuseppe:)
Thanks!
You bet!
You should make a django tutorial on udemy!
I'm working on a few courses :)
@@DennisIvy On udemy? I would like a project course with connecting to postgres etc. I feel that when I pay for a course on udemy I am more dedicated to learning it rather then just from youtube. Idk maybe thats just me wanting to spend money jaja
Please make server side too. Client side can bieeasily manipulated
At the product page you can go to the console and type total=0.01. Then you can buy the product for 0.01. What a security flaw.
Nope. It’s up to you to add in something on the backend to ensure the user doesn’t manipulate the price.
I always query the database for the product/price and ensure that the value matches. If not, just send back an error.
@@DennisIvy This is a pretty big thing not to mention man... Still think you're a lifesaver tho. Keep up the good work!
This is completely insecure you could just send use the completorder function
Hello Dennis Ivy,
Please upload a video how we can use/intregate a machine learning model with a django site
Please upload it as soon as possible.
it's not complete
Gango
Create one game bri
Thank you so much
You're most welcome Sifad :)