Slashdot Mirror

← Back to Stories (view on slashdot.org)

PayPal Introduces Open API

Posted by timothy on from the freedom-to-pay dept.

m2pc writes "PayPal has just announced the availability of their Open API under the 'PayPal X Program.' This enables developers to integrate PayPal payment processing services without forcing users to redirect to PayPal's website to enter payment information. This new initiative is designed to allow the company to better compete with the likes of Google and Amazon, which offer similar services. I wonder how much they paid for their domain: x.com?"

10 of 128 comments (clear)

  1. API??? by click2005 · · Score: 4, Insightful

    Another Price Increase

    --
    I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
  2. redirect is better by bolthole · · Score: 5, Insightful

    I personally LIKE the redirect. I LIKE only inputting my credit card/whatnot information to paypal.com directly, instead of some random site that I'm doing a one-time transaction with and will probably never see again.

    1. Re:redirect is better by webheaded · · Score: 4, Insightful

      Yeah, I'd have to agree. I generally shy away from websites that directly ask me for a username and password for another site. I don't care who you are, but after all the phishing emails and such we've seen over the years, you'd have to be pretty dense to not feel at least a little uncomfortable with something like this.

      --
      "Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - BenF
    2. Re:redirect is better by DigitalCrackPipe · · Score: 3, Insightful

      I hope they continue to allow the explicit paypal.com visit. Otherwise I forsee bailing out of a number of transactions due to the sketchiness of giving free access to your bank account to some random site.

    3. Re:redirect is better by tlhIngan · · Score: 3, Insightful

      Not to mention, there'll be a whole host of XSS crap going on so that sites can grab your login information to Paypal from their website. After all, their site has to include the paypal stuff in it, who's to say that "submit" button isn't "send us and paypal your login"?

      If using Paypal, I expect to visit Paypal's site to log in. (There were some XSS used to get the site's inventory into Paypal, but that's a different issue, and it happens before login).

      My Paypal information is valuable - I don't want to trust some oddball website with it. I hope there's a "Redirect to Paypal" link I can use instead of this stuff...

  3. Bummer! by timeOday · · Score: 5, Insightful

    As an end user, to me the value in going through a centralized payment service is the security of having only one reputable company (PayPal) handling my personal information, instead of having every vendor out there from whom I've ever bought anything potentially putting my CC# into their database. Forget disintermediation via this API, I'd rather go the other way and have assurance from the middleman that the vendor will never get anything they don't need for order fullfillment - that is, just my name and mailing address.

  4. Security? by Manip · · Score: 3, Insightful

    This is sad news for me personally.

    I always liked that I got redirected to PayPal.com to enter my PayPal details. Allowing me to check the SSL certificate and avoiding certain kinds of phishing fraud. Plus keeping my login details out of the hands of third parties who might enjoy looking at my payment history (which I agreed to in line 9999 subsection 5, amendment 3 of the T&C).

    Ironically while PayPal moves away from a redirection systems the big credit card companies (VISA, Mastercard, etc) are moving into one. Now often bringing up a password page operated by your CC company in order to verify that you haven't stolen card details.

  5. This is a bad idea because... by phiz187 · · Score: 5, Insightful

    This is going to make users accustomed to entering their paypal credentials into all sorts of unique interfaces, on a variety of websites. It is going to condition users to be less guarded about their paypal credentials. As it stands now, you basically only enter your PayPal credentials into either the PayPal.com or Ebay.com domains. Users know that if anywhere else asks for their credentials, that it is a phishing site. I think this is going to be a minor disaster for PayPal. But hey, maybe they're cash-flush enough to eat the cost of all the new fraud claims that are going to result.

    --
    Pretend I said something meaningful or insightful here.
  6. Poor choice of words... by raehl · · Score: 5, Insightful

    He meant greedy business entity strongly financially motivated to avoid any uncontrolled release of your information.

    PayPal very diligently acts to protect their bottom line. You may not like their policies on withholding balances, but that same financial diligence also goes in to maintaining security to prevent the huge financial losses that would occur should the public no longer perceive paypal as secure.

    --
    paintball
  7. Re:As a Developer by Jherico · · Score: 3, Insightful

    The problem here is if I'm not redirected to PayPal, I'm offering up my palpal authentication information to a third party in the hope that they're going to use it for the transaction I've authorized and nothing else.

    --

    Jherico

    What can the average user can do to ensure his security? "Nothing, you're screwed"