It's hard for me to integrate - and find the current documentation for integrating PayPal PayFlow Pro into my website.
There is a similar question here for PayFlow Link - https://stackoverflow.com/questions/15808604/result-1-respmsg-userauthenticationfailed-in-test-transaction-for-mastercard - but I would like to go over to the features.
I want to use Transparent Redirect with the SILENTTRAN parameter to:
- credit card information is sent directly to the gateway (i.e. not through my server).
- the user is redirected back to the designated page to confirm the transaction or error (response page).
Now I am reading this document: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf
This is indicated as the Payflow Gateway Developer Guide (PDF) on this page - https://developer.paypal.com/webapps/developer/docs/classic/products/payflow-gateway/ - so I assume this is the current documentation.
According to page 28, the process should be:
- A customer clicks “Buy” to buy a product on their website. [DONE]
- You request a secure token by passing a secure token identifier to the gateway server. In the request, you pass a name-value pair, SILENTTRAN = TRUE. The name-value pair does not allow the display of hosted pages. [DONE]
- The Gateway server returns the protected token and identifier of your token to your site. [DONE]
- You show the credit card fields to the customer on the checkout page on your website. [DONE]
- The customer enters their credit card number, expiration date, and other confidential data in the credit card fields and "Submit" clicks. [DONE] The browser sends the payment data directly to the gateway server, avoiding your website and reducing PCI compliance requirements. [PROBLEMS HERE]
The following is an example of a secure token request for transparent redirection. I used the placeholder instead of my real-time PayFlow Pro real-time data (this account indicated “Payflow SDK / API (full access) Live” in the Service Manager.paypal.com dashboard), but I used my real PayPal credentials in the actual request. Similarly, I used public pages for my return URLs:
USER=MYUSER&VENDOR=MYUSER&PARTNER=VSA&PWD=MYPASSWORD&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Doe&BILLTOSTREET=123 Fake Street&BILLTOSTREET2=&BILLTOCITY=Sydney&BILLTOZIP=2000&BILLTOPHONENUM=5555555555& EMAIL=me@email.com &BILLTOSTATE=NSW&AMT=0.05&RETURNURL=http://www.example.com&CANCELURL=http://www.example.com&ERRORURL=http://www.example.com&TRXTYPE=A&SILENTTRAN=TRUE&VERBOSITY=HIGH&CREATESECURETOKEN=Y&TENDER=C&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA
I am performing a token transaction using server-side code, and I see that I am getting the answer like this:
RESULT=0&SECURETOKEN=TOKENWASHEREsdsdfjkj&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA&RESPMSG=Approved
So, it looks like the account is authenticating here correctly. I confirmed with Fiddler that I am sending this request https://payflowpro.paypal.com .
Then I take this answer and put it in the HTML form, which is sent back to the gateway, for example:
<form id="form" action="https://payflowpro.paypal.com" method="post"> <!-- <input name="MODE" class="inpPPField" id="hdn_pp_mode" type="hidden" value="Test"> --> <input name="SECURETOKEN" class="inpPPField" id="hdn_pp_securetoken" type="hidden" value="TOKENWASHEREsdsdfjkj"> <input name="SECURETOKENID" class="inpPPField" id="hdn_pp_securetokenid" type="hidden" value="VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA"> <input name="CARDNUM" class="inpPPField" id="hdn_pp_CardNum" type="hidden" value="4111111111111111"> <input name="EXPMONTH" class="inpPPField" id="hdn_pp_expMonth" type="hidden" value="11"> <input name="EXPYEAR" class="inpPPField" id="hdn_pp_expYear" type="hidden" value="16"> <input name="CVV2" class="inpPPField" id="hdn_pp_cvv2" type="hidden" value="123"> <!--<input name="SILENTTRANS" class="inpPPField" id="hdn_pp_silenttrans" type="hidden" value="Y">--> <input name="VERBOSITY" class="inpPPField" id="hdn_pp_verbosity" type="hidden" value="HIGH"> <input class="inpPPField" type="submit" value="Submit" /> </form> </body>
Please note that I used the same identifier and token as what was returned in the response to the token - these are placeholders. I also used the actual credit card number and other credit card field values.
This sends me to https://payflowpro.paypal.com , which simply indicates the answer (in the body of the page):
RESULT = 1 & RESPMSG = User Authentication Error
Should I not return me to the error page? Or does this fail in this process, so the gateway never tries to interpret the token and redirect it? I tried setting the URLs to return the website urls and it doesn't seem to make any difference. I also tried posting this from a public web server, not localhost, but the result is the same.
Another problem I am having is finding the appropriate documentation. Here is the document "Testing the service of payment systems": https://ppmts.custhelp.com/app/answers/detail/a_id/456/kw/payflow%20pro%20transparent%20redirect%20error%20page%20get%20codes
This page is dated 2007 and the link under the heading Testing using the Payflow Pro heading (i.e. the manual is available on x.com) is broken. The guide is a bit vague, and the only code examples I found are in PHP (see https://go.developer.ebay.com/developers/community/blogs/pp_integrations_nate/payflow-transparent-redirect ). I rewrote the logic in the example as an ASP.Net application.
In conclusion, my questions are:
- Am I using the correct logic to process a transaction with a credit card?
- If not, can someone indicate where I am mistaken and where I can find the most current and relevant documentation.
- Link (s) for the most recent test procedure documents
My next idea is to try to set up a test account using the following instructions: https://ppmts.custhelp.com/app/answers/detail/a_id/929/ Obviously this applies to hosted PayFlow pages, but I suspect that the procedure should be the same if I specify the SILENTTRAN parameter. I tried unsuccessfully for the test account to work earlier for a week, but it seems like the next logical task to try at this point.
I already opened a support ticket, opened with the help of PayPal engineers, and they are studying this, but it would be great to find out if anyone in the community has managed to solve a similar problem.
EDIT: according to the PayPal engineer, I just spoke with the SILENTTRANS value, it is only required in a request for a secure token. I commented on this in the form of the transaction request above, but this did not solve the problem. We also confirmed that you can execute a non-secure-token request (i.e. opaque-redirected) to https://pilot-payflowpro.paypal.com/ using my account details.
EDIT 2: I was instructed by PayPal to use https: // payflowlink .paypal.com / (not https: // payflowpro .paypal.com) for the transaction URL, but to continue using https://payflowpro.paypal.com for request token. This allows me to go to my confirmation page using transparent redirection (which is a great result), but it doesn't really matter to me that I use "payflowlink" and not "payflowpro", the gateway. I also found this tutorial that seems to support this https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial
Can anyone use the PayFlow Pro Transparent Product, please confirm that this is correct (or otherwise).