Payments inside desktop application

Marek

Hi
My question is related more to the best practice than particular function in code, if that ofends someone, I'm sorry.
I need to implement payments inside Qt desktop application, client should pay for a license, it should be world-wide with credit cards, so I thought about Pay-Pal.
My question is: There are generally two aproaches.

1. Make payment from application itself (connect to pay-pal, make a payment)
2. Create server written in Qt, available somewhere on the net, make secure connection connection from application, pass card details and amount, then payment (connection with pay-pal) is done by server.

In first approach I would have to hardcode inside application some sensitive data for a connection to pay-pal
In second approach, all sensitive data is handled by server, and connection between server and desktop application is secured with "custom" certificates (eg. server is Certificate Authority)

Is here someone with experience in payments? I have done one mobile application with payments and I have done it with second approach, but application had to be connected to server anyway to download other data, so no problem. Now I need to implement payments in desktop application that does not connect to any server by itself and I need to recommend some solution to the client, so second approach? or is this just over the top? Any other safety considerations?

Best Regards
Marek

mrjj

Hi
Due to the new GDPR rules.
If you operate within EU, i would go for paypal integration to avoid
the extra care one must take to store sensitive information according to the new rules.
Its can incur hefty fines if your Qt server is compromised.

Marek

@mrjj
Hi
But do you mean paypal integration just right from desktop application, or through the server?
I don't intend to store any card information on my Qt server, so I shouldn't be worry, server just keeps data to pay-pal account.

Best,
Marek

mrjj

@Marek
Hi
well, often one has to store info for the actual transaction for accounting etc.
But might not be needed in your use case.
I mean by open up server directly. not integrated.
Like open webpage.
Not super integrated but since its a one time deal, i think it would work pretty fine ?
At least many apps i bought worked this way.

Marek

@mrjj
Sorry, I did not quite understand what you mean.
Regarding server I can store information like who paid and how much, but without credit card details, so it won't be a problem.
Can you please refraze what you have written about integration with paypal ?

Best,
Marek

mrjj

@Marek said in Payments inside desktop application:

about integration with paypal ?

Sorry if i'm unclear. i might need more coffee :)
Many apps i use , simply launch paypal website when you press the
Buy Now button. I was wondering of such simple use case would be enough for you .
You are then given a key and give that to App to register it.

update:
Storing real names are now much more involved due to GDPR . just so u are aware of it.

Marek

@mrjj
Sure, this sounds good, I assume I could use something lihe QtWebEngine inside window of my application and call pay-pal website - that sounds good. This should work primarily on Mac, but since this is not mobile app, QtWebEngine should work on Mac.

You are then given a key and give that to App to register it.

Do you mean that payment process on paypal website can actually return some data defined by my, like application serial number, which then I can save in app config?

I've heard about GDPR, yeah.

Best,
Marek

mrjj

@Marek said in Payments inside desktop application:

QtWebEngine

Good idea. minimum work and it would feel integrated.

I have not tried paypal's API so not 100% sure about it but
seems other sells premade keys as a product and simply open
the payment page and once you have paid, you are give the product which is just a key.
Not sure you can grab it directly. I always had to copy and paste the key into the app.

Marek

@mrjj Many Thanks for your help, I will try this.

Best,
Marek