How can I make a browser extension payments system? [closed] - google-chrome

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I've found today in my inbox an email from google where they announce that CWS payments API is deprecated
I'm working to create a Chrome extension that I want to release with the in-app payments support to let the user purchase a license to unlock full features. I was oriented to the CWS native payments API, but Google's decision to deprecate the API is a very bad news.
At the moment I've found a nice Wordpress plugin that will manage licensing, I'm thinking of using it to create a licenses backend but I'm not sure about it because it's mainly focused to be used for wordpress themes or plugins, so to implement it on client side for an extension would require some workarounds.
How do you will manage your in app purchases and licensing for Chrome extensions or Electron apps?

Alright, so as I am in the same situation as you are, I did a little bit of research. Here is a summary of my findings and comments on the matter.
There are three things to think about before you get started with the implementation:
The type of payment processing service you want to use;
The way you want to limit features for the free version (and for multiple tiers of plans);
The security of your users information through your extension.
Let's go through each of these one at a time.
1. Type of payment processing
There are two main types of service providers that will allow you to collect payments in you extension. Payment processing platforms are the first type: they allow you to process payments and will generate receipts, but they won't manage the different taxes and regulations of different countries. If you operate solely in one country, or in a few countries where taxes and regulations are the same, this won't affect you.
However, if you have users around the world, especially in Europe, implementing the rules to handle all of the different taxes and regulations can get really complicated and messy. But you have to do it, otherwise you put yourself in a situation where you are at risk of getting fined. That is where the second type comes in: the merchants of record. These are companies that will charge the users on your behalf, removing all of the complexities of taxes and regulations from your plate. They're essentially acting as a reseller of your products. Of course, they take a small cut from your revenue to pay for the weight that they're taking off your shoulders and putting onto their own.
Payment processing platforms will be cheaper (ex.: 2.9% + 0.30$ per transaction for Stripe), while merchant of records take a bigger cut (ex.: 5% + 0.50$ for Paddle). However, if you deal internationally, the 2.1% higher price is likely more advantageous for you, just because it saves you a lot of time and development work.
It's important to note however that merchant of records are unlikely to take on a brand new project, especially for Chrome extensions. That's because the amount of revenue those extensions generate on average is pretty low, and often not really worth it for them. Still, I suggest you hit up a few of them before deciding do go the classic payment processing way, just in case you can get in touch with a salesperson who sees potential in your project and is willing to take you on.
Here are a few merchant of records:
Cleverbridge
2Checkout (offers both MoR and basic payment processing services)
Paddle (does not support new Chrome extensions at the moment)
FastSpring (does not support Chrome extensions anymore, as of 2021)
Here are a few payment processing platforms:
Stripe
Paypal (from my experience, Paypal is a lot less developer friendly than Stripe)
2. Limiting features for free or tiered plans
The way features are limited for non-paying users will differ from one extension to the other.
If the features you want to limit in your extension already rely on a backend, to fetch or process data for example, it would make sense to implement the limitations on the server side. You would simply pass the user's ID, which could be stored in chrome.storage, to each request made to the backend. In addition to that, you could also disable the related elements on the client side, such as hiding or greying out buttons, tabs or fields, to make it clear to the user that those features are locked. You'll want to make sure the limitations are in place on the backend as well however, because otherwise a user could just inspect your extension and enable premium features without paying.
If your extension mostly or only operates on the client-side, then you will have to render the interface conditionally, based on the user's plan. The scripts or interfaces that will be added will most likely have to be returned by a backend, as pretty much anything that is done only on the client-side could potentially be inspected and exploited. In that case, any backend technologies or platforms you are most familiar with can probably be used to set things up.
Keep in mind that most of the payment processing and MoR listed above have APIs and guides on how to implement them securely in apps and websites. However, if you know Wordpress well and can set up a secure communication between your Wordpress and your extension, go ahead. If you want to use an online service like Zapier to link existing authentication and licensing services together, go ahead and do that!
There could be a lot more details in this section - there is a ton of material to cover, so I suggest you look for articles and tutorials online to help guide you in this process if you don't have much experience in the matter.
3. Security
This section won't be long, but it is very important one. No matter which payment processing platform you decide on or how you limit access to features in your extension, it is crucial that you make sure that your users information can never fall into the hands of another user. That includes reverse engineering and exploits of your system.
The more things you decide to handle yourself, the more risk there is, especially if you are not experienced. Keep that in mind when making your decision(s).
That's all for me. I hope that helps a bit!
I know it's probably a lot of information without any detailed "how-to", but without having in-depth knowledge of your product and situation, it is impossible to say what you should do exactly.
P.S.
If that can offer any guidance, here's what I will be doing for my own extension. Seeing as it's already very reliant on a PHP backend, I will add a few features to the backend in order to communicate with the Paddle API. So all of the limitations will be implemented on the backend, and I will add messages and visual indicators on the frontend to inform the free users of what they can and cannot do.
[Edit]
I just received a message from Paddle indicating that they do not support new Chrome extensions at the moment. Sorry for the misleading there.
[Edit: June 2021]
After an update earlier this year, FastSpring has updated their security standards, which makes it unusable within Chrome extensions. After I enquired, their support agents informed me that they do not support Chrome extensions anymore (and that it was only "accidentally" supported before).

Related

Which open source, extensible, potentially easy to use issue-tracker? redmine, trac, bugzilla, mantis, RT? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Looking for an issue tracker for a medium-sized web application open project with a distributed team. We are planning to run this on our own server. It must be very easy for new users to submit new issues, and it must integrate well with other software.
Our major requirements, in descending order of importance:
open source
capable of very new-user-friendly bug submit
submitting new issue must be as easy as possible, with only a single screen to fill out (after registration), and few fields visible (e.g. just "summary" and "description" would be good)
Google Code is an example of the sort of interface we like; Bugzilla's Bugzilla instance (https://bugzilla.mozilla.org/enter_bug.cgi) is an example of the sort of new bug submit interface that we would NOT like
it's fine if the default submit interface is not new-user-friendly as long as this is easily modifiable using templates/skins. It would be great to have an "advanced view" for bug editing with additional fields (such as who the issue is assigned to), in addition to the simple view for new user bug submission
has API; or, supports other applications concurrently accessing its db backend (we want to query and modify the issues from other, separate software running on another server)
Other desirable criteria, in descending order of importance:
not frustrating in daily use
has a relatively large community
integrates well with hg (mercurial)
amenable to integration with external:
support desk/request tracking software
project management software
auth systems (and/or supports OpenID login)
modular; if we modify the issue tracker, we want to release those improvements as a module that is easy for others to install
amenable to having some sort of simple, easy-to-use issue importance voting system, e.g. stars on Google code; we intend create or modify such a component to plugin to our own external voting system
amenable to integration with SugarCRM
When I say "amenable to", I mean that we are willing to code an extension to the issue tracker ourselves if necessary, however, the issue tracker's architecture should be amenable to that sort of extension.
Issue trackers which also include support desk or project management features are a plus provided that we can choose to integrate external software instead of using the included stuff. We don't need another wiki (we already have one that we like).
According to Google searches (see the comments), the most popular open source issue trackers are trac, bugzilla, mantis, RT (and possibly Launchpad's). I've also included Redmine because I've never seen a recent comparison between any of these issue trackers and Redmine in which someone had something bad to say about Redmine, and on polls Redmine sometimes beats these others. Feel free to suggest others (bearing in mind that one of the criteria is "relatively large community").
There are undoubtedly multiple good issue trackers out there; many of those listed above claim to be extensible and integrable with other software. What would be most helpful would be direct comparisons between issue trackers by people who have used more than one.
How do these compare to each other on extensibility, integratability, and skinnability?
If you have used more than one of these, which of them would you recommend, and which others have you used?
Which of these are already integrated with a large number of auth systems/support desk systems/etc?
Comments explaining why a particular popular open-source issue tracker (especially one of those listed above) is NOT suitable for our situation are very welcome; this will save me time.
thanks!
Redmine. Been using for a while. Simply excellent.

Balancing level of integration with ease of adding new software in an intranet: portals, cms, etc?

Quick background: i'm the portal admin for our medium sized company. Currently, our intranet policy is to try to integrate everything into our intranet portal, (which we use mostly as a CMS, with a handful of applications integrated as well). This means that all of our software appears to the end user to come from one site, which is good. But it also means that we have to modify just about every piece of software that we want to incorporate into the website to fit into the portal. The disadvantage of this is that each component of our portal (the cms, the blogging, forums, etc) are not best-of-breed, and to be quite honest, they are pretty bad compared to their free and open source counterparts (wordpress, phpbb, mediawiki, are examples that come to mind). Because the users are forced to use these subpar tools, they aren't happy.
We are currently looking at the other end of the spectrum, where each piece of software in our intranet isn't integrated, but we are able to use best-of-breed free software. We would be able to much more rapidly roll out new services to our company, but the down side is that the services wouldn't be integrated. A users profile in wordpress (movable type, in our case) is not connected to their profile in the other applications, for example. The software overlaps, finding information is more difficult, users aren't happy either.
How does your company balance the ability to rapidly integrate new tools with the desire to have a single coherent interface presented to the user? Do you pick one enterprise platform and force yourselves to stay wtihin its boundries or do you attempt to provide cohesion between many disparate tools?
Unfortunately every tool needs separate analysing and very often difficulty depends on many different factors (technology, frameworks, design). But the most important is integration level and integration points (Identity, interface).
Edit:
btw, good idea would be to spend some time on some prototyping and evaluation of potential solutions.

How to leverage an Open Source Project commercially? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Assuming you have been involved in an open source project (GPL'ed) that has been around for as long as 5-10 years, during this time it has been fairly successful - despite a good handful of commercial/proprietary alternatives.
Now, you've come to realize that the long term contributors would like to leverage the project commercially, possibly even in order to make a living or start a company based on it. So that they can exclusively work on it, without depending on other, unrelated, work.
So, what are some of the viable and recommended steps to turn an open source/GPL project into a commercial "success" (in the sense of self-sufficiency), so that long term contributors may preferably be paid to work on the project, without affecting the open source nature of the project itself?
In other words, what are generally some of the more common revenue-creating mechanisms for open source software, and how can these be successfully introduced/implemented - also, what prerequisites/conditions apply?
I saw a company a few years back that took a handful of OSS spam and virus filters, built a web interface to administer them all at once, put it on a 1U server, and sold it as a network security appliance.
It was a nice product for mid sized companies that wanted a single solution for all spam and virus filtering, that auto-updated itself and was easy to administer.
Technically they were just selling the server, and the web admin tool, all the OSS components were freely available, if you wanted to spend the time setting them all up individually.
You should think in terms of the "product halo," which refers to all of the related items and services surrounding a product that are not the product itself. For example, MySQL is open source and freely downloadable, but its product halo could include services like installation, customization, consulting, training, etc. Or Zend contributes heavily to PHP and offers Zend framework, but they also have a number of commercial products surrounding those offerings. Active State creates the Komodo IDE and has an open source version and then a commercial version that extends the open source version. Or take Linux...or any other number of examples. A book that you might find interesting on the topic is Wikinomics.
I think the main issue is the business model adopted by the project owners and the ones who want to turn it into revenue. It will depen on what kind of project is it, such as end-user product or as software API. In the case of end-user projects, Software as a Service seems a very good choice as a business model.
Look out for examples, and case studies on successful projects, such as apache, firefox, sugarCRM...
Focusing on specific niches is also a very important thing.

Hosting an open source project at several sites [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Say I had an open-source project which I wanted to try and generate some exposure for. Would it be considered unethical to set up a project entry for it on several sites such at github, sourceforge and google code, for example?
This would be purely for giving it greater exposure. I realise there might be some practical reasons for doing this, such as wanting to use github for source control, and sourceforge for issue tracking, forums and such. For the sake if this question I'm wanting to focus more on the case where you use one of the sites as the main site for the project, and make "stub" projects on the other sites that point back to the main site.
My gut feeling is that while it may not be outrightly unethical, it might be bordering on the sleezy side...
Stick with one provider. "If you build it, they will come" :)
Besides, once people do start coming, they'll just google the project name anyway. Finding the same project on Sourceforge, Github and Google Code is just going to annoy the hell out of people.
I don't know about the ethics, but consider the practicalities:
you will have to do multiple repeated
uploads to several different sites,
doing it to a single site can be a
pain
users won't know which site to report
bugs at
if you use the SVN/CVS/git
repositories, you will have multiple
copies of your code in different
repositories - a very bad idea
I'm sure there are other problems. So stick to one site - I've been using Google Code for a small project I've just started (CSVfix, if anyone is interesed) and I can recommend Google as being very easy to set up.
I think this is fine, for the reason that each provider may have something you want. You should pick the services that are best for your project. For example:
Google code has file hosting, but the issue management is terrible, so
Launchpad has great bug tracking, but no wiki, and we use Mercurial, so
Bitbucket.org has mercurial hosting etc..
So it might be reasonable to use Launchpad for bug tracking, and Google code for hosting files and wiki, and Bitbucket.org for hosting source.
I would suggest choose your preferred host for your project. You can publish about your project on many forums. Exposure will come via search engines.
I don't know why you think it would be unethical or sleezy. Maybe you can say more about that so people could address your concerns directly. To measure that, consider if you are intentionally breaking the rules of the service, lying to anyone about how you are using the service, and being deceptive in some other way. If you are using multiple services, I don't think you have anything to hide.
Consider the Perl community, which is the one I deal with. Several projects are hosted on one of the source control services, such as SourceForge, Google Code, or Github. The main distribution for most Perl stuff is CPAN, though. Other people may distribute through Freshmeat or some other service. The main issue tracker comes from Best Practical, which hosts a free RT for every Perl module on CPAN. Most of the people I know use the best from more than one service. Indeed, the Web 2.0 way is to create applications by cobbling together services from multiple vendors. :)
You should also think about the social construction of these free sites. Places like SourceForge and Github give out free accounts, but they also sell services. They get the buzz through the free stuff that allows them to sell the premium services. I don't see anything wrong with that. If you're using the free services, just realize that in return for your free use, they get to use you as free tester, advertiser, and so on. Again, I don't see anything wrong with that. It's just part of the deal. You aren't just taking from them, you are also giving to them. There's an exchange between consenting parties.
What would be unethical, I think, is any service that forbids you to use another service or intentionally sets up a situation which would make it hard for you to use another service by not being compatible with common tools or not giving you access to your data (e.g. somehow disallowing git-svn, and so on).
Services spanning these various hosts will be inconvenient and difficult to maintain. For the above mentioned reliance on search engines to generate traffic take care to chose a name that differentiates your project from the web noise. A clear indication that traffic will not arrive is if your project first gets a re-recommendation on spelling. Take for example the people who brought you the chattr project from GNU. Immediately chatr is suggested as the proper search and your traffic will suffer accordingly.
as i has already been said having to maintain the code on several hosts will make it more trouble then it is worth. What you have to think is you would need to make sure that it uploads properly over several hosts, it would more then likely cause confusion to some over if one copy is legit and the others aren't which in turn could cause a bad name for the project before you even start.
End of the day there are much more, better ways to spread the word of your project, social networking sites, specific related forums are two main ones for you to consider, either way you would be better off spending your time posting to several sites then you would uploading and maintaining code on several sites.
I consider having several (independent) mirrors to be a benefit for the community, because such distributedness assures more reliable accessibility of your public work, now and in future (it will survive the failure of any single hosting site).
That's why I want to keep track of the available diffeent options to publicly host open-source projects:
Which public hosting sites for darcs projects are there?
Which public Git hosting sites are there that are free software?
I believe it's rather ethical (or moral) to put some effort into ensuring that your public work is published in the most accessible way (well documented, and with some guarantees about it being accessible at any moment when someone is interested).
The effort for you to push your work to several places independently (I mean, they won't depend on each other) and manage all this is probably not really a nightmare (as suggested in some other answers here), especially with a DVCS. For example, one can even set up Git so that one pushes to several places with just one command.
I feel that unless you are forcing someone to read something done by you, but you are rather just putting your stuff somewhere for it to be findable and accessible if someone is interested, you are not egoistic or ego-whatever.

Adopting Open Source Software in an organization [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
What are the pros and cons of adopting Open Source software for an organisation? Is there anybody out there who has done this and how well has it been working out with some examples of the softwares they adopted and how it has been in use?
Usually contributions come because people do it as a hobby, then how can we make sure that there will be continued support for it? IMHO, in case of proprietary software there is an incentive for the organisation (money), and they will keep hiring people to keep it under development as long as the software is profitable. Correct me if I am wrong. What are the arguments I might expect from a Manager who might oppose the suggestion to use Open Source softwares?
The term "Open Source" only describes a licensing model. Strictly speaking, the only pro that you are guaranteed to have are the freedoms given by the license, and there are no cons that you are guaranteed to have.
There are many Open Source products that are also commercial, created, maintained, and supported by a company for a profit. There are also many Open Source products that are maintained by volunteers but also supported commercially. For example, if you buy Red Hat Enterprise Linux, then Red Hat will support you on all of the products that come with it, even the ones that are maintained by volunteers.
As for how to be sure that there will be continued support, you can't. Not with Open Source, not with proprietary software, not with anything. With Open Source, if the community is large enough, you can be reasonably confident that the community will continue to maintain it (maybe under a new name) even if the current maintainers abandon it, and you have the option of maintaining it yourself or hiring someone else to do it. Maintaining it yourself may not be an attractive option, but it can be a life saver in a pinch.
With proprietary software, if the author decides to stop maintaining it, you are just plain out of luck. Consider, for example, the thousands of users of Visual Basic 6.
The main pro of Open Source software is illustrated by your comment:
[In the] case of proprietary software, there is an incentive for the organisation (money), and they will keep hiring people to keep it under development as long as the software is profitable.
The trouble is that if it ceases to be profitable (for example, because the code is so stable that people buy it and continue using it without needing upgrades), then the users of that software can be stranded with their nice stable product running on increasingly ancient machines until, one day, the machines crash, or must be upgraded to a new version of the operating system so that they can run some other system, but because the proprietary software is no longer maintained, you have to give up on the application. Indeed, it is not unheard of for companies that sell proprietary software to go out of business. And, if you did not ensure that there was a code escrow account for the software to protect you against the possibility of the vendor going out of business, then you are stuck.
If the code was Open Source and you were sensible (you obtained the source when you obtained the product), then you can take the old product and port it to the new system. How hard that will be depends on the nature and quality of the code - but it is possible. If the software was proprietary, you may never have the option.
The question is: what do you mean with "adopting open-source software". if you are planning to radically exchange every piece of closed-source software (CSS) with Open-Source Software (OSS), you will fail horribly.
I can guarantee you that your organisation is already using OSS in key parts of it's IT-infrastructure.
In my point of view, you only need to formalize how OSS may enter the company and if (and in which form) the company contributes back to OSS. Most companies require a support contract for mission-critical software and mandate that OSS needs to be bought through vendors which provide support.
In many cases, contributing back to OSS-projects is explicitly forbidden and only allowed after the CTO/CIO signs of on a specific contribution.
Simply make sure that your policies are flexible enough to allow what the IT-department currently runs.
It doesn't matter what Manager opposing Open Source is saying.
You have to know well Open Source product you are about to use.
You have to be sure that it right solution for company.
You have to be confident that you can find people on market who know or can learn to use that product.
You have to know TCO for that product.
Then you can argue with manager and give him good reasons how company can benefit from Open Source.
Keep in mind that cheapest solution is not best solution. Companies need to earn money not to save money.
Depends on the situation, but usually, for a, internal, non-critical, no need to secure system, like most of what is done in enterprise, open source is like Halloween and you don't really need to care as long as you follow enterprise policy.
For the other big, important, need to be secured projects, its really simple. You need to have a part in the projects you use and have an internal repository hosting the project (so you have an internal branch that is kept in sync with the external branch). The thing is that those apps are the ones that take a shit long time to make and are supported for thousands of years. The teams tends to change a lot and there's a lot of people involved. Somebody needs and can be assigned to repository/build management.
Now if its only about the manager, then its just about communication and argumentation. Usually they are scared about support because its the long term cost. They tend to like to hear about best practices, well tell them that's what the big companies do (and examples) and that they also tend to participate in the projects and other times they even or its possible to find support for it.
Also, any contractor will be glad to give support of an OSS. Who would say no to money and the ability to develop an OSS.