RSVPMaker now integrates with PayPal via its REST application programming interface (API).
If you previously set up integration with the older Express Checkout / NVP API method, RSVPMaker still supports it. PayPal also still supports it but is not adding new features to that version. You probably want to switch to the new method anyway because the user experience is better and more tightly integrated with your website.
The pay by PayPal / pay by credit card buttons will appear as part of the confirmation message when someone registers for one of your events.
Attendees who click on the PayPal button will get a pop up prompt inviting them to log in and pay.
Those who prefer to pay by credit card can click one of the credit card icons (or the button on the screen above that says Pay with Debit of Credit Card) and be prompted for credit card information.
To obtain the required credentials for the REST API, go to developer.paypal.com and log in with your PayPal password. The developer’s dashboard allows you to register multiple sandbox accounts for testing and create an app for your integration. Creating an app just means you are generating the API access keys required for the integration with RSVPMaker. Just give your app a name, associate it with a sandbox account for testing, and click the Create App button.
Then copy the keys (the client id and client secret) for both the Sandbox (test) and Live versions of the app.
Once you have copied and pasted all the credentials, into the Payments Tab of the RSVPMaker settings, it’s a good idea to toggle the Operating Mode setting from Production to Sandbox. Create a sample event with sample pricing and test the integration. For testing, you can make payments using one of the sandbox accounts associated with your developer account on PayPal, which is funded by imaginary money.
Once you are satisfied that everything is working properly, go to the Payments tab in RSVPMaker settings and toggle the integration from Sandbox to Production to accept live payments.
If you charge for some of your events, you now have the option to use the Stripe payment service rather than PayPal. This is a new feature (call it “beta” if you like), so if you try it please report back with a comment below to confirm that it worked for you.
Rather than writing my own API integration code for Stripe, I’m supporting this with an assist from the WP Simple Pay Lite for Stripe plugin. (There is also a Pro version for you to consider, but the free version seems to work just fine for my purposes). Once you install and activate the plugin, you will see a checkbox option to “Use Stripe instead of PayPal” on the RSVPMaker settings screen.
Update: The integration method I used is based on what the latest release of WP Simple Pay defines as its “legacy” shortcode and settings.
You will also need to have SSL security enabled on your site (or at least on the event page) to use Stripe payment in production. These days, SSL is becoming more and more of a default requirement for all websites, and there are good free options for obtaining SSL certificates. The reason SSL is not required for RSVPMaker’s default PayPal integration is that the responsibility for encrypting the financial transaction is delegated to PayPal’s website. After users complete the transaction at paypal.com, they’re redirected back to your WordPress site, and the payment is logged to the RSVP record.
You may find the Stripe integration to be a nicer user experience because the user never leaves your website and is presented with a straight credit card entry form, rather than a choice between between paying by credit card or with a PayPal account. According to this comparison, Stripe’s fee schedule also includes fewer surcharges.
For the sake of the demo below, I have WP Simple Pay enabled but in test mode.
The latest release of RSVPMaker supports more complex pricing scenarios with different price breaks, associated with deadlines for each tier (“early bird”, “on time”, and “late” registration for an event). This is one of several ways the new RSVPMaker improves the process of setting up events and accepting payment via PayPal and adds flexibility.
The example embedded below is loosely based on the variety of pricing packages my local Toastmasters district uses for its regional conferences. Click on the “RSVP Now!” button, and you will see two sets of prices with the “early bird” rates available until about 1 month before the event date. After that deadline, all the early bird prices will disappear from the options website visitors can select from the menu. (I picked a date in 2018 to keep the expiration dates from arriving too quickly.)
The corresponding administrative user interface for setting up pricing looks like this:
As part of my preparation for a webinar on RSVPMaker, I have been working on satisfying some longstanding requests from users of the plugin to simplify the PayPal setup and the setup of the RSVP form itself. These improvements are in version 3.7, just released.
Just the other week, I heard from a wedding planner who wanted to prompt users for a meal choice for themselves and any guests — and including those choices for guests was not something RSVPMaker handled well until now.
Another bit of motivation is related to my WordPress for Toastmasters project, which is based on extensions to RSVPMaker. It used to be that enabling PayPal support required manually editing and uploading a configuration file. But now I’m hosting sites on behalf of Toastmasters clubs in a WordPress multisite setup where it wouldn’t be practical for those who want to add PayPal support FTP access. So I’ve provided a little PayPal Setup wizard on the RSVPMaker settings screen to streamline the process.
Note on Security
The reason I didn’t simplify PayPal setup before now is justified paranoia: I didn’t want to be responsible for someone getting unauthorized access to your PayPal account. I still don’t. This is why I don’t store your PayPal credentials in the WordPress database. From time to time, WordPress has been known to be hacked.
While nothing is completely secure, the file system is a little more secure than the database — if an attacker has FTP access to your site, you’re already in big trouble. The PHP file containing your user credentials is set up to prevent someone from browsing to it and viewing the contents. By giving it a random filename, rather than calling it “paypal_constants.php,” I also make it less likely that an attacker will find it in the first place.
If you do have FTP access to your site, one thing you may want to do for extra security is move the file to a location outside of web root. For example, instead of storing it in /home/rsvpmaker/public-html/wp-content/uploads/2016/02/stringofjibberish.php I might put it above the public-html directory in /home/rsvpmaker/.