(519) 282-8272
GO WHERE YOU WANT. let me help you get there.

Adding e-Commerce to a Website

by Chad Tiffin

There are a lot of options out there when it comes to adding a checkout to your website, aside from building your entire website on a full e-commerce platform. I have 3 different solutions that I've come to use frequently, depending on how complex the needs are:

Paypal Express Checkout

Paypal is by far the biggest player in this space, and they offer a number of different options from very simple embedded Buy Now buttons, to an enterprise scale, fully flexible API, and everything in between. Paypal Express Checkout, which is Paypal's name for the checkout that handles the embedded "Buy Now" and "Add to Cart" buttons.

For very simple payment implemenations Paypal Express Checkout works very well, and chances are you've used it to buy something in the past. The simple implementation (without payment notifications) seems to be geared for the non-developer, so adding it your site is very straightforward and just a matter of creating the button in the Paypal admin and pasting the code into your website.

It can handle either a single product purchase, or a shopping cart that can allow the user to collect several products first before checking out.

Fully Hosted

It's also a completely hosted solution, which means Paypal handles most of the serious security concerns. It also means however that every time the customer adds a product to his cart, or wants to view his cart, he's taken off-site to Paypal, which can be a clumsy experience and is far from seemless. It also means we have zero control with how the checkout and shopping cart looks and behaves -- we're completely tied to the Paypal branding.

Instant Payment Notification

For verification of payment, such as when you want to deliver a digital good, or perhaps update your on-site database for some reason based on whether the payment was successfull or not, you can use the built-in "Instant Payment Notification", also know as the Paypal IPN. If you have IPN turned on, Paypal will post a notice of the checkout details to a URL of your choosing, which you can then "catch" and parse, and extract what info you need from it.

I've used IPN a lot, and unfortunately, the "Instant" in the name is a bit of a misnomer. In reality it often takes up to 5 minutes for the IPN to hit your server, so its not really useful for instantly showing an invoice, and usually I find the best solution is to send the user to a generic "thank you page", and then email them their invoice when the IPN does come through, that way the user isn't stranded in limbo waiting for an invoice page to load if the IPN notice is tardy. If you want instant gratification, you need to combine IPN with another parallel Paypal notice system, called PDT, or "Payment Data Transfer".

In practice, for anything other than a very simple buy now button, I find the Paypal developer experience is incredibly frustrating. The paypal site logs you out after a ridiculously short time of inactivity, so I find I'm constantly having to re-login when I'm working on sites and need to stay logged into Paypal as well. So for e-commerce requiring any sort of integration or complexity, I find myself moving more and more towards Stripe.


If you're a developer and getting your hands dirty in server-side programming doesn't put you off, Stripe is a fantastic solution. They have a really powerful REST API, and excellent documentation to show you how to do just about anything. When I need to build a checkout that is a little more complex, or I have need for a more seemless, custom checkout experience, Stripe is the tool I reach for.

Stripe is what I guess I would call a "semi-hosted solution. The checkout form can be created either by you, or you can use their standard payment form, but either way its hosted on your website for a seemless experience. However the nice thing is that credit card details never hit your server, so security implications are sill pretty straightfoward and you don't have to worry about PCI compliance (but you definitely need to support SSL on your site). What happens on checkout is Stripe sends the credit card details off to their server, and then creates a token which is sent to your server. Then on your server you write the code to communicate with Stripe and initiate a charge of the customer's credit card using the token, and at the same write any code to issue a receipt, update your database, or respond in some other way. It's a far more elegant solution than trying to communicate with Paypal's IPN system.

I like this approach as it puts the developer in the driver seat with regard to integrating payments into your website, while leaving all the security implications of storing credit card information with Stripe.


While Stripe is purely a payment processor, FoxyCart is purely a shopping cart. FoxyCart differs from a full e-commerce platform in that it is ONLY a shopping cart & checkout, but it does those 2 things fantastically. It doesn't dictate how you should build your website or manage your products. It's a bit of a niche use-case, when you want a shopping cart but don't want to use a full e-commerce platform, but I've used it on occasion, and really love working with it.

Integration with a variety of payment processors are very straightforward, and it also has support for webhooks (which serves the same purpose as Paypal's IPN), although as I write this they're still using XML as the data format rather than JSON, which is a bit of an outdated standard, and a little trickier to work with.

Like Paypal Express, FoxyCart is a hosted solution, meaning the checkout page lives on FoxyCart's servers, but it differs in that they have an excellent templating system that let's you build the checkout pages to match your site for a seemless checkout experience, the actual shopping cart acts as a plugin to your site, so customers don't have to go off-site to manage their shopping cart.

Categories: General, Tips for Clients, Freelancing Tips, Web Development,

Chad Tiffin

Chad Tiffin

In addition to running his own freelance web development company, Chad often works on long-term contract for companies in need of an in-house developer for ambitious software projects.