I wondered if I could request some assistance. We had some code written by an external contractor to allow us to automatically set up billing agreements in paypal (client approves and future requests are automatically paid).
We have a sandbox environment making a call via https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=
This works fine.
In production this was changed to https://api.paypal.com/webscr?cmd=_express-checkout&token=
This hangs.
I have updated the username, password and signature to production values, but we still have the same issue.
I also spent a lot of time reading through a lot of developer docs, but found them to be quite difficult to understand.
I also submitted a paypal "App" request for approval (this seemed to be required in the docs), and it has been approved. However it says we should provide the production App ID when making a request, but there is no argument to do it.
Any assistance appreciated.
The first URL you show looks like that would be the redirect to PayPal, not the actual API endpoint.
The endpoint URLs should be...
Sandbox: https://api-3t.sandbox.paypal.com/nvp
Live: https://api-3t.paypal.com/nvp
Related
To give you an overview of my platform, I am using Angular.js 1.5 and Laravel 5.1.
I am using the Paypal REST API SDK for PHP. I have followed the instuctions from this Medium article. On my front end Angular side, once I successfully call the first "postPayment" function, I receive the redirect url, which I redirect to. Once the user completes their payment successfully on the paypal side, the return url comes back to my confirmation page where I handle the "getPaymentStatus" function from the Medium article.
I am using a Sandbox account for testing purposes right now, but I am able to successfully complete the transaction when a user logs in on the Paypal side. However, when a user tries to go through as a guest "Debit/Credit card", enters their information, and completes the transaction, I receive this 400 error in the console:
POST sandbox.paypal.com/webapps/xoonboarding/api/onboard/guest 400 (Bad Request)
jquery.min.js:5
On my Paypal profile settings, I have activated the Account Optional in the My Selling Tools->Website Preferences. I have been looking for other instances of this, but I cannot find a solution. I have tried using the test credit cards with various phone numbers, but that does not resolve this issue.
Has anyone dealt with this issue before? I am in the dark and do not know how to handle this.
I would appreciate any help in this. Thanks in advance!
up the pay-pal advance in magento . I have fill all the credentials in magento admin . BUt when i go to frontend and click pay-pal button it gives
PayPal gateway has rejected request. Security header is not valid
(#10002: Security error
i have googled a lot and found some suggestions like
Remove API Username, API Password and API Signature from
Admin->configuration->Paypal->API/Integration Settings. clear cache
and test again
i have tried all these but it still gives the same error.
Please suggest me what can be the issue
The Security header is not valid error is only caused for two reasons:
Wrong credentials
Make sure that you've put your API Username, API Password and API Signature correctly. Sometimes it happens that during copy and paste there is accidently a space added, this would trigger this error.
Doublecheck this settings in the SDK or in the admin panel of your third party shopping cart.
Wrong Endpoint
This error would come up if you send the data to the wrong endpoint. Make sure that you sending the live credentials and data to our live endpoint. When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account.
If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.
You can check for your credentials here too:
FOR LIVE
https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
FOR SANDBOX
https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
Just Substitute the user, pwd and signature and enter in your browser.
You should get ACK = SUCCESS if you have input your credentials correctly.
You can also get your credentials here : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true
This error simply means your credentials are wrong.
Please check with the credentials. If you are using sandbox then you are supposed to provide facilitator related credentials.
Dont let the others fool you, they just type in stuff here they googled on the internet.
Look for the number you get here: https://developer.paypal.com/docs/classic/api/errors/
Because the information provided by these code is a delicate matter, they display this error message instead of you account is locked, account restricted, limit exceeded and so on.
Thats what they told me, at least.
We also get this code from time to time, after hundreds of paypal transactions, so wrong paypal credentials from the side of the shop owner is quite unlikely, isnt it? ;)
If you are using PayPal Payments Advanced with Magento, you should be using your PayPal Manager credentials, and not your API Credentials.
This could be the reason you are getting Security Banner Header not valid 10002.
Here is the integration steps from Magento:
PayPal Advanced Integration with Magento
You need to setup Layout C in PayPal Manager PayPal Manager Login.
Make certain that you include your error URL, cancel URL, and Return URL. Magento is very good about telling you what URL you should be using.
After you have setup Layout C in PayPal Manager you need to use your Manager Credentials in Magento.
Just in case you need it, here is the information on setting up your Hosted Checkout Pages in PayPal Manager:
PayPal Hosted Checkout Pages
Here is the information on where to find your PayPal Manager credentials:
Partner: Your PayPal Partner ID. Most direct Merchants have PayPal as the Partner
Vendor: Your PayPal user login name. Also known as Merchant Login
User: The ID of an additional user set up on your PayPal account. Same as Merchant login if you have not setup a separate user id in PayPal Manager.
Use your API Signature Credentials from your PayPal account for the Express Checkout setup.
In my case everything seemed fine at Magento level. I asked client questions about PayPal, at which point they tried to login to the paypal.com site and were unable to (authentication failed). Account had been locked. Client was able to resolve with PayPal tech support directly, no Magento issue after all.
I got the same problem and found the problem is
I type the API signature character by charter, the character "I" is similar to "l"
As there are multiple "I" in the signature, I have to tested one by one via the link mentioned by Vimalnath.
Then damn it, it works.
Therefore, copy is a better way while being careful about the spaces at the front or end.
When testing some donations on my local machine, I set various key=value pairs to do various things (return to specific thank you page, get POST data from PayPal and not GET data and others) I also built my code around the response from the PayPal sandbox.
BUT, when my code goes to the production server and we switch on live payments and test with real accounts and money, a few strange things happen;
We get a GET response from PayPal - the URL is filled with crap.
We get no transaction details. This is the biggie, no name, no txn_id, no dates, nothing. We get a handful of keys etc, its not totally empty and the payment has gone through, but nowhere near the verbosity of the sandbox.
Curious about why this might be? It doesn't really make sense to have a sandbox (or dev environment) that is substantially different from the production environment. Or, am I missing something?
EDIT: Still no response to my question in the PayPal Developer Forums. I don't even get a donation amount back from PayPal. Is this a setting maybe?
EDIT #2: Two of you have suggested to check PDT and Auto-Return. The data analytics guy for the project only 2 hrs ago suggested the same. I have asked the client to confirm this. I can't see a setting for it in the Sandbox so can assume that it is enabled by default?
Are you sure you have all of the PDT and Auto-Return stuff configured the same on your live account as you do on the Sandbox account? There hasn't been much help from PayPal in the x.com forums. I'd recommend posting a ticket to www.paypal.com/mts, although, they've been a little bit slow there, too. If you login to your account, though, and go into the Contact by Phone section, you'll see a direct phone number for tech support. This is probably your best bet.
Been integrating AuthNet's Automated Recurring Billing system alongside its Silent Post feature to create a paid features system inside our team's web app. The silent post feature has slim documentation, but I have come across several helpful threads on SO as well as a few blog posts authored by our members (especially John Conde's "All about Silent Post" ) to help guide the way. I have a few more specialized questions however I was hoping some of you more seasoned folks could help out with.
The Authorize.net documentation includes this notification:
Test environment accounts do not process ARB subscription transactions. If you are using
a test environment account, you will not receive these email notifications in any form. You
will also not be able to receive an ARB subscription transaction Silent Post while using a
test environment account.
I was wondering if anyone knew if this means accounts set to TEST MODE in their control panels, or does this refer to the developer-only accounts available to those working on AuthNet platforms independent of deployments? The account we are using for testing is an actual merchant account set in test mode and we're receiving silent posts for virtual terminal payments done through the AuthNet CP, but even successful ARB's are not showing silent posts.
Also - what kind of parameters can be used to ensure that a silent post originated with AuthNet? I set up an endpoint and printed out the request objects from a silent post as well as the $_SERVER superglobal - it does not seem that they send any identification other than the MD5 hash set in the CP. This is fine, but I was wondering if there would be any advantage to limiting to specific remote addresses - I assume this is unlikely as the posts probably come from a datacenter with tons of IPs allocated for the task of sending silent posts.
Also, the ARB spec only sets a subscription status to SUSPENDED within AuthNet under very specific criteria (only if the failed payment is the first rebill and if not then after two attempts on subsequent days.) Is this a normal practice for suspending subscriptions? If we would like to make one decline trigger suspension, should the logic for revoking the feature also issue an UpdateSubscription API call and set to suspension manually in order to forgo the default spec?
I was wondering if anyone knew if this
means accounts set to TEST MODE in
their control panels, or does this
refer to the developer-only accounts
available to those working on AuthNet
platforms independent of deployments?
This refers to both. Any test ARB transactions will never be processed and not generate Silent Posts. It's probably why their developer forums are riddled with questions about testing ARB. Basically, the best you can do when testing it, besides setting up a live subscription, is to:
Test the API call by using a developer account. If you get a subscription ID back you know your integration is functioning properly.
Test Silent Post by sending a simulated POST submission to it. I can post a sample form for doing this.
Also - what kind of parameters can be
used to ensure that a silent post
originated with AuthNet?
The MD5 hash returned in the silent post is a hash of a string that includes an MD5 hash value (set in security settings) that presumably only Authorize and you know. Thus, you generate a hash on your end using the returned info plus the secret hash string and compare to validate the response. Specifics about the hash can be found here.
Is this a normal practice for
suspending subscriptions?
Normal practice? Honestly I don't know. I'm not sure how other companies handle it. There's a post somewhere in their community forums where an Authnet employee explains how it works but I was unable to find it to link to it here. It made sense to me when I read it.
If we would
like to make one decline trigger
suspension, should the logic for
revoking the feature also issue an
UpdateSubscription API call and set to
suspension manually in order to forgo
the default spec?
If a subscription fails it is automatically suspended by Authorize.Net so you don't have to do anything on your end. But you do need to update your user's account in your system and suspend it (assuming the subscription is for a user account of some kind).
I am developing a website in PHP that accepts PayPal payments. It uses the IPN from PayPal and has a custom payment template etc etc. It all works great through the Sandbox server but when it comes to showing my client, I don't want to have to tell them to login to/create a Sandbox account, create a buyer account and make a payment - he hasn't got time for that and probably won't be able to do it.
Therefore, my question is - is there any simple way that I can show my client the PayPal integration in "test mode" without him using the sandbox? I realise that I can set the transaction value to 0.01 and just test on the live PayPal server but that isn't an ideal solution.
Cheers!
Edit: Just to better explain what I mean, this is what my client sees when he first goes to checkout;
alt text http://img3.imageshack.us/img3/2545/67913734.png
As you can see, he has to login to his Sandbox account before then purchasing the item using the buyer email that he sets up. It's just confusing and totally non user-friendly.
Unfortunately there isn't a way around this problem via paypal. Their sandbox will always require you to be logged in to actually demo.
Here are the solutions I have taken especially with remote clients.
Use Skype or similar service so I can share my screen as I demo how it works. This solution seems to work fairly well, and eliminates the need for them to take the extra steps required.
When working on something I want to quick demo for a client and get their take, I have started using http://www.jingproject.com/ It allows me to make a quick video of the process. It uploads it to their server and provides a url I can send the client to watch what I did.
Wish I could provide a more elegant solution.
What I'd do is integrate with the actual PayPal live site and use real money. The great thing is you can refund the transaction (including the fees) so nobody pays anything. I believe the refund timeframe is 30 days, but there's no reason to wait too long and risk it. The added advantage is that you get to prove to your client that the PayPal integration really works.
If there's a concern with littering the seller account with test transactions and refunds then go ahead and set up a separate seller account. It's quick to set up as long as you don't expect your test account to be receiving thousands of dollars.