PayPal’s New API: So Close, Yet So Far
I got an email from the PayPal Developer Network today announcing PayPal’s new “NVP” (or “Name-Value Pair“) API. Clearly they’ve learned that the complexity of SOAP is counter productive to adoption. Here’s what the email had to say about their new API:
NVP Is Your Integration MVP
We’re proud to announce that PayPal’s Name-Value Pair API has launched. Complex SOAP structure is now gone. All API methods are supported, except for AddressVerify. Get exclusive sample code – download two SDKs (Java and .NET). Get Details
Taking a look at their examples (in .ASP, .PHP, or ColdFusion) and their SDKs (for Java and ASP.NET [v1.1]) it’s nice to see they are using POST instead of GET. The following is one of their functions from their PHP examples (CallerService.php) that illustrates how their code is calling their NVP API (I edited for line-length only):
function hash_call($methodName,$nvpStr)
{
//declaring of global variables
global $API_Endpoint,$version,$API_UserName,
$API_Password,$API_Signature,$nvp_Header;//setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);//turning off the server and peer verification
//(TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);//if USE_PROXY constant set to TRUE in Constants.php,
//then only proxy will be enabled. if USE_PROXY constant
//set to TRUE in Constants.php, then only proxy will be
//enabled.
//Set proxy name to PROXY_HOST and port number to
// PROXY_PORT in constants.php
if(USE_PROXY)
curl_setopt ($ch,
CURLOPT_PROXY,
PROXY_HOST.”:”.PROXY_PORT);//NVPRequest for submitting to server
$nvpreq= “METHOD=”.urlencode($methodName).
“&VERSION=”.urlencode($version).
“&PWD=”.urlencode($API_Password).
“&USER=”.urlencode($API_UserName).
“&SIGNATURE=”.urlencode($API_Signature).$nvpStr;//setting the nvpreq as POST FIELD to curl
curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);//getting response from server
$response = curl_exec($ch);//convrting NVPResponse to an Associative Array
$nvpResArray=deformatNVP($response);
$nvpReqArray=deformatNVP($nvpreq);
$_SESSION[’nvpReqArray’]=$nvpReqArray;if (curl_errno($ch)) {
// moving to display page to display curl errors
$_SESSION[’curl_error_no’]=curl_errno($ch) ;
$_SESSION[’curl_error_msg’]=curl_error($ch);
$location = “APIError.php”;
header(”Location: $location”);
} else {
//closing the curl
curl_close($ch);
}return $nvpResArray;
}
Much nicer and simplier than having to go to all the effort to set up a SOAP call.
Unfortunately, PayPal missed a huge opportunity to make their new API fully RESTful. Instead of designing a URL-centric REST interface (with a hypermedia component to keep the purist or the pure RESTafarians happy) they instead tunneled method calls over HTTP! They used methods like “DoDirectPayment” and “RefundTransaction” Sheesh! (Note: these links to their methods load slower than any website I can remember visiting in ages and while loading my browser does lots of clicking. What the heck is going on in there I have no idea! You can go to the main docs via a much faster downloading PDF here. Wow, if that isn’t usually an oxymoron!)
Though much easier than calling SOAP, clearly not very RESTful. Three steps forward, and two steps back. Sigh…