Buy now button never requests client information


I am trying to switch away from my current invoicing system because it is far too bloated.

Invoice Ninja seems to fit the bill perfectly, but I am having a bit of teething problems.

After searching for ages I found the buy now button. When visiting the generated URL on another device or incognito it creates an “empty” user (which doesn’t seem all that intuitive, it should prompt to login or register) but that is neither here nor there.

The problem I am having is when you click “Pay Now” it prompts with my two payment options, one is custom and the other is a payment gateway (PayFast). Upon selection, it redirects for payment or displays the custom text for my custom option. It never actually asks for the client’s details, therefore can’t fulfill the service.

I initially thought it had something to do with the custom gateway, so I removed it, still no luck.

I do think the flow is not at all user friendly in terms of associating a blank client only to populate it later. It creates really odd cases like the above and if the user does not follow through, loads of potential blank/spammy clients.

By prompting to login or create a client account and associating the invoice thereafter solves:

  1. Linking to existing clients
  2. Ridding blank clients
  3. Allows the overall reduction of spam by allowing implementation of reCAPTCHA on login or registration
  4. Still satisfies the not-null fk constraint on the client_id in the invoice table

In the interim, I would love to know why invoices are not prompting for the clients details because I truly believe IN is the way to go. I will create a feat request regarding the login/registration.

Thanks in advance,

Buy now buttons currently require using an onsite gateway (ie, Stripe or to capture the client’s details during payment. We’re looking into changing this in a future release.

You can pass the client fields in the buy now URL, a possible workaround is to use a form to capture the details and then redirect to the buy now URL.

Thanks for the speedy response.

So this work around currently does not allow for existing clients to make orders? Wouldn’t this cause a conflict if the same email addresses is passed via the URL or would it associate it with that client’s account?

I believe it’s possible to link a buy now button to an existing client by passing the contact_key value in the URL, you need to use the API or database to get this value though.

If the email exists we create a new client. We don’t support linking to an existing client for security reasons, it would provide access to all previous invoices/payments for the client.

Hmmm, if I had to pass the contact_key, that poses the exact same security risk as passing the email I would imagine?

The only way it would be more secure was if I handled the login myself and then redirected with the contact_key.

On another note, does the hosted version offer the API functionality?

Not sure I agree… the contact_key is harder to guess than an email address.

Yes, the hosted version provides the API.

I understand it is harder to guess, bordering impossible. That’s why I said I would need to handle some form of login for that user because doing a simple lookup to get the contact_key without doing any validation is just as good as passing the email.

I appreciate the quick responses. I will have a look into the advised work around and see if it is viable for me.

Understood, agreed.

Good luck!