Monthly Archives: March 2014

Get a Sneak Peek into PayPal Accessibility Showcase

By and

As a technology-driven company, PayPal strives to promote the best development and design practices across our organization. One of the disciplines we have been especially proactive in fostering is accessibility. Making our products accessible to as many people as possible makes sense, not only from a business point of view, but also supports our goals to deliver high quality products our customers love.

The PayPal Accessibility Team works closely with product teams to make sure they are delivering the best accessible user experiences possible.

While the need for creating accessible products is understood by product managers, designers, and developers, most of them do not have experience working with people with disabilities that use our products.

The PayPal Accessibility Team created the Accessibility Showcase where employees get a chance to experience, first-hand, what it is like to use our products by simulating the experience of people with disabilities. Some of the simulations visitors experience  are:

  • Low vision conditions: Visitors wear goggles that are hard to see through and then share their experience and the strategies they would use to remedy a problem. As visitors navigate a site, they better understand the importance of design choices that affect readability such as size, and color contrast for content, and the coding practices that enable resizing and zoom in the browser and assistive technology such as screen enlargers.
  • Experience of a blind user: We turn off the monitor and ask participants to navigate a Web page using a screen reader. This experience reinforces the importance of the non-visual metadata and page structure such as labels for form fields, alt attributes for images, and the use of HTML headings. Since a blind user does not use a mouse, this simulation also emphasizes the importance of keyboard navigation principles
  • Limited use of arms:, Participants are asked to type their name using their nose as an input device. This simulation shows that technology should be agnostic of the input device the user may be relying on to interact with the computer.

Since the official launch of the Accessibility Showcase as part of the Global Accessibility Awareness Day, on May 9, 2013, over 170 PayPal designers, developers and product managers have experienced first-hand what it feels like to browse the Internet as a user with a visual or physical disability. Surveys and visitors’ feedback indicate the experience has changed the way they think about accessibility and the importance of creating products that work for everyone.

Check out the video below to learn more about the Accessibility Showcase and how it works!


PayPal Cordova Plugin released


With the release of our PayPal Mobile SDK v2 we’ve also published a plugin for Cordova / PhoneGap to make the integration of PayPal in cross-platform projects as easy and intuitive as possible. As you might remember we’ve had a plugin for PhoneGap before which is going to be deprecated in favour of the new SDK. Version 3 adds lots of great functionality like package manager that helps making the life of JavaScript developers easier.

Getting started

To setup the project and install the required dependencies please follow the steps outlined here. The plugin adds 2 files that need to be used in your project cdv-plugin-paypal-mobile-sdk.js and paypal-mobile-js-helper.js.

cdv-plugin-paypal-mobile-sdk.js is a wrapper around the SDK and provides access to the PayPalMobile object. By adding paypal-mobile-js-helper.js you get access to PayPalPayment, PayPalPaymentDetails and PayPalConfiguration which is needed for the client’s configuration.

A basic example implementation can be found here. The example showcases both the usage of simple PayPal payments and our newly added Future Payments which authorize multiple payments.


Found any issue or just have general feedback? We’d love to hear about it over here!

REST Invoicing API


I’m happy to announce that another great capability was just added to our REST API yesterday: Invoicing. This enables sending and managing invoices through the API and makes a great addition for merchants and even freelancers.

As you might remember there has been a NVP- and SOAP-based Invoicing API at PayPal for a long time already. To make the usage of this API even easier, we’ve made it consistent with our new APIs: A true REST-scheme, OAuth 2.0 Bearer tokens for authentication and an easy to read JSON format.

An invoice differs to a regular PayPal payment in the following way: Instead of defining a payment method a receiver (email) is defined and passed in the billing info. After creating the invoice you can send it to the receiver by passing its ID to the endpoint for sending invoices: /v1/invoicing/invoices/{invoiceId}/send.

Once the invoice arrived the receiver is able to pay with PayPal, a check, debit card, or credit card.

As you can see the usage of the Invoice API is very similar to the Payments API and should enable you to start right away! We’re always looking for feedback regarding this capability to make even more improvements in the future.

PayPal Hosts Inaugural NodeDay


NodeDay logoSince the launch of krakenJS in September, there’s been a ton going on: great JavaScript and node.js conferences, meetups, hackathons, talks, trainings and other events. Good times, great people and useful information to be sure, but there seemed to be something missing.

Isaac Schlueter noted in his talk at NodeSummit 2013 how the Node user base has shifted drastically over the past year. Based on npm stats, he showed that peaks of activity switched from weekend nights, into a more familiar territory: Weekdays, nine to five.

The nametags on attendees at these conferences and events have changed. Instead of seeing individuals on a quest for personal knowledge, I’ve started seeing employees being sent by their companies to figure out how to make this node.js thing work for them.

node.js might have started as the sole domain of the curious, the bold, the weekend warriors who love to be on the bleeding edge of technology; those who go home after work to learn new stuff. Well, that is no longer the case. Node has been adopted within the industry.

As I’ve attended events, I’ve been struck by how much interest there was that PayPal started using node.js. While we were certainly not the first company to do so, we were among the biggest to take the plunge.

People are hungry for information. Topics like “How to write a Node App” are no longer sufficient. They want to hear “How to write a BIG Node App. And how to deploy it. And how to scale it.”

To get to where we are today on our Node journey, we’ve had to clear technical, political and cultural hurdles . We have some answers to these questions, but we’re not the only ones who do.

node.js is built around a thriving and vibrant open source community. Many individuals have poured their blood, sweat, and tears into it; but as this ecosystem continues to evolve we as a company also have a responsibility to be good corporate citizens and contribute to it. Open sourcing Kraken was a first step, but there is still more that we can do.

NodeDay was born out of a quick conversation, because the idea is such a natural fit for the times: Bring together people from pioneering companies and organizations that have embraced (or are thinking about embracing) Node and allow them to share information, best practices, advice, tips, tricks, and horror stories. Anything and everything that is relevant to the enterprise.

Last Friday we hosted the inaugural NodeDay with over 400 node.js enthusiasts in attendance. This conference was not aimed at individual developers. It was for the companies that see Node as a viable technology to embrace, but are not quite sure how to go about it; for those who are ready to move from toy projects and pilots to major rollouts.

While we don’t presume to have all the answers, we will contribute enthusiastically to the Node ecosystem. And we hope other companies will follow our lead. A stronger industry presence gives more credibility to Node – which will in turn benefit the industry.

Won’t you join us?

You can check out some of the presentations from our successful NodeDay here. Check back for more information on future NodeDays.

Open sourcing kraken.js


kraken-logoIt wasn’t far into our move to node.js that we began to notice an opportunity to contribute back to the community. There were plenty of web application frameworks out there, but items like localization, country adaption, security, and scalability for large development teams were largely missing. We deal with money, and we do it in 193 markets covering 80 languages and 26 different currencies. That’s a lot of complexity and requires multiple teams to develop. Kraken was created to make this process easier.

What kraken offers

Kraken uses the popular express web application framework as a base platform and adds environment-aware and dynamic configuration, advanced middleware capabilities, application security, and lifecycle events. These features make Kraken ideal for enterprise-size companies where consistency across teams is needed, but also useful for node.js beginners who want to focus on building their application and not the application’s framework.

Pre-configured, but customizable

All of the technologies you need to build a web application are pre-configured and stitched together for you by generator-kraken. Creating a new kraken app is as easy as running yo kraken and answering a few questions.

By default, this scaffolding includes dust for templates, LESS for CSS preprocessing, RequireJS for JavaScript modules, and Grunt for task handling. This is our recommended setup, but using different technologies is supported as well.


If you’ve used express before you’ve probably written code to configure how your cookies are parsed, if you have a favicon or not, how you’re accepting multipart forms, etc. It’s extremely flexible, but that code can add complexity and, more importantly, if your applications are spread across teams they’re not guaranteed to be doing it the same way. Kraken solves this by moving this setup out of the code and into configuration files.

Configuration example

Application and middleware configuration is stored in JSON files, creating a consistent implementation and removing the need for tribal knowledge when configuring items, e.g. does bodyParser need to come before cookieParser or vice-versa?

These files are also environment-aware, so overriding values when you’re in development, debug, or test mode is easy. To override a value in config/app.json for development you would create config/app-development.json with the delta and then start your app using NODE_ENV=development node index.js.

Globalization and localization

As an application grows in popularity it’s developers inevitably need to support different regions. At PayPal we support 193 countries across the globe.

Applications created via generator-kraken have built-in support for externalized content when using dust templates. This content is stored in it’s own file using key/value pairs. We opted to not use JSON or any other complex format and instead opted for a simpler data structure which was easy enough to be hand edited if needed, but powerful enough to support the flexibility we needed.

Each template has an implicit binding to a content file of the same path and will automatically resolve strings within them. In other words, if you have templates/account/user.dust then content will be merged from locales/DE/de/account/ for German users. This removes the hassle of needing to manually wire up your content source.

Content example

Shortly, we’ll also release support for template specialization when using dust in Kraken. Experiences often need to deviate based on locale, but also for AB tests and device types. It’s subpar to have this logic cluttering your code, and specialization solves this.

Application security

Security is important to us and, while there are a good amount of best practices available for web applications, most are typically not enabled by default. Kraken enables these for you and uses configuration to set up smart defaults. A few of the more useful ones to call out are:

  • CSRF – Cross-site request forgery support is enabled by default. A token will be added to your session and if the user is going to perform any data changing method, e.g. POST, PUT, DELETE, then the template must return the token value. This protects against malicious websites changing data on your user’s behalf.
  • XFRAMES – Using an HTML frame element to frame another website and trick users into performing actions they did not intend is called click-jacking. XFRAMES headers protect against this by restricting who can frame the web application. By default this is set to SAMEORIGIN, which means only you can frame your website.
  • CSP – Content Security Policy enables to you tell the browser what type of resources are allowed and enabled for your web application.

How open source has changed PayPal

Kraken was the first major release for PayPal into the open source world and has been hugely successful in changing the way we think about software. In a way, it helped paved the way for us to hire Danese Cooper as our first head of open source at PayPal! We have historically been a company who kept to themselves and thus a lot of code which may have been useful to the community was instead developed in a proprietary manner.

Kraken was built to be the opposite of this: it is publicly available. This allowed us keep out what I consider PayPal’isms – the secret sauce specific to PayPal – and to give back to the node community and fill any gaps for others benefit.

The node community itself has been very welcoming and we’ve seen both great interest in our adoption of node and multiple external contributions the kraken codebase. This has been inspiring and has definitely solidified that we made the right choice in going open source.

Try it out

If you’re interested in trying out kraken, head on over to where you can find instructions and sample code to get you on your way. You can find other open source offerings from PayPal at

If any of this sounds interesting come work for us!