I'm fairly new to the PayPal API and am a bit confused about using API signatures to attach to the REST API. I'm creating shopping cart software, and I'd like to allow merchants using the software to attach the system to their PayPal account using their API using PayPal username, password, and signature. They'd enter this information into the account settings when setting up their cart.
On the merchant's side, it seems like this is easily possible, and says to do this to grant API access specifically to shopping carts:
htttps://paypal.com/us/cgi-bin/webscr?cmd=_profile-api-access (once logged in as a merchant).
I personally am using PHP to call CURL, though that probably is not important. What I don't understand is that in the REST API documentation, including the "make your first call" doc, it notes I should send my "clientid" and "secret," but not the merchant's "username","password," and "signature".
https://developer.paypal.com/docs/integration/direct/make-your-first-call/
Now, when I originally logged in as a developer, I was able to obtain my "clientid" and "secret," but that was for my application. I've successfully made test calls with them, using PayPal's test pages. But these of course seem to be for me, not for a particular client.
Now the "Classic API" documentation does have information on connecting to the SandBox using the merchant's info.
https://developer.paypal.com/docs/classic/permissions-service/ht_permissions-invoice/
So I think I'm just mentally missing something, or misunderstanding something fundamental. Assuming I have both my developer credentials, and the API credentials of a merchant, what are the general steps in making a payment to the merchant (not me). What's the logical step I'm missing?
Thanks much to anyone who can help.
Unless corrected by Paypal folk, this seems to be the flow (just went through it):
Ask the merchant to add you as a User, I suppose with API access privileges (only)
They will set your user id and pwd, which they should then provide to you.
You'll then login with that User Id (not an email address) into Paypal (at this point, you're a "user" of that merchant/account) with whatever privileges your merchant provided you.
create the App in the developer site for your merchant - you'll notice that when you get there, it's the Merchant's name displayed (it's not "your" developer account)
At this point you should be set (sandbox and live REST credentials of the merchant from the app you created). One thing I noticed (good) is that it somewhat already helps you see what "live privileges" the account has..so it helps guide you as to what to integrate (scope) and/or advise your merchant to do - e.g. may or may not be eligible for direct credit card payments (only Paypal account payments).
Hth..
#EdSF and anyone else looking into this, I just received a response from PayPal merchant help. Turns out you were spot on Ed. They don't have this ready for REST. Seems pretty odd given that they're 1.) pushing REST on their developer site but 2.) showing that the signature set is how to connect to a shopping cart on their merchant side.
So answer is to use the old API for now, or have them go through the extra hoops of the steps you/they mention, instead of following the directions on the PayPayl site :-P Oh well. Their response in full below.
Hi ...
I am writing this email regarding your questions on PayPal Permission Service. Unfortunately the Permission Service is not available in REST API; however I will file feature request to our development team for their further consideration.
It is not possible to use API username, password, and signature in REST API because they are actually not the correct credentials. REST API uses Client ID and Secret for integration. If you develop your application for other merchants, you can ask them to obtain Client ID and Secret by creating apps in PayPal Developer Portal (https://developer.paypal.com). Here's the steps:
1) Go to http://developer.paypal.com and log into the website with PayPal account's login
2) Click 'Dashboard'
3) In the My REST apps page, click "Create App"
4) Enter the App name, and click 'Create app'
5) You should be able to see 'Client ID' and 'Secret' for 'sandbox credentials'. If you want to integrate with your live account, click 'Show' at the Live Credentials section.
Hope the above information helps. Thanks.
Sincerely,
...
Merchant Technical Support
PayPal, an eBay Company
Related
Is there anyway to do the following using the Paypal APIs in PHP? I can't seem to find exactly what I need.
We are a merchant - we have several businesses who list their goods on our website.
Customers will need to pay for these goods using a credit/debit card. We don't want to force Paypal use/registration - in fact, we don't really want the customer to interact with Paypal at all.
We'd like to create a payment form where they enter their credit card details - we would then use the API to pay this directly to the business' Paypal account using their email address.
Using the REST API I've been able to do this to an extent - the only problem with this is that it doesn't seem dynamic i.e. I can't set the Payee email address to receive the payment - it's linked to my account via the ClientID and ClientSecret. Obviously this is not what I need - I want to pay into the account of the owner of the goods, not mine.
I've seen 'Guest Payments' mentioned but that seems to require the user being redirected to Paypal - something I'd rather avoid.
Thanks in advance.
I don't think the REST API is quite ready for what you're doing. The Classic API will handle it with no problem, though.
If you don't want any interaction with PayPal at all then you'll need to use Payments Pro, which allows you to tie credit card payments directly into your own forms via HTTP request/response with PayPal (no redirect or iframe).
Each business would need to be signed up with their own Payments Pro account, and then they would Grant API Permissions through their PayPal account profile for your app to make API calls on their behalf. Once they've done that, you just pass their email address or PayPal merchant ID into the SUBJECT parameter of API requests and it will use their account accordingly even though you're still using your own API credentials.
The Permissions API allows you to automate this and tie the grant permissions step directly into your app so business owners can do that quickly and easily from within their profile or during signup with your site. This works with auth tokens, though, as opposed to email addresses and merchant ID's.
up the pay-pal advance in magento . I have fill all the credentials in magento admin . BUt when i go to frontend and click pay-pal button it gives
PayPal gateway has rejected request. Security header is not valid
(#10002: Security error
i have googled a lot and found some suggestions like
Remove API Username, API Password and API Signature from
Admin->configuration->Paypal->API/Integration Settings. clear cache
and test again
i have tried all these but it still gives the same error.
Please suggest me what can be the issue
The Security header is not valid error is only caused for two reasons:
Wrong credentials
Make sure that you've put your API Username, API Password and API Signature correctly. Sometimes it happens that during copy and paste there is accidently a space added, this would trigger this error.
Doublecheck this settings in the SDK or in the admin panel of your third party shopping cart.
Wrong Endpoint
This error would come up if you send the data to the wrong endpoint. Make sure that you sending the live credentials and data to our live endpoint. When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account.
If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.
You can check for your credentials here too:
FOR LIVE
https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
FOR SANDBOX
https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
Just Substitute the user, pwd and signature and enter in your browser.
You should get ACK = SUCCESS if you have input your credentials correctly.
You can also get your credentials here : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true
This error simply means your credentials are wrong.
Please check with the credentials. If you are using sandbox then you are supposed to provide facilitator related credentials.
Dont let the others fool you, they just type in stuff here they googled on the internet.
Look for the number you get here: https://developer.paypal.com/docs/classic/api/errors/
Because the information provided by these code is a delicate matter, they display this error message instead of you account is locked, account restricted, limit exceeded and so on.
Thats what they told me, at least.
We also get this code from time to time, after hundreds of paypal transactions, so wrong paypal credentials from the side of the shop owner is quite unlikely, isnt it? ;)
If you are using PayPal Payments Advanced with Magento, you should be using your PayPal Manager credentials, and not your API Credentials.
This could be the reason you are getting Security Banner Header not valid 10002.
Here is the integration steps from Magento:
PayPal Advanced Integration with Magento
You need to setup Layout C in PayPal Manager PayPal Manager Login.
Make certain that you include your error URL, cancel URL, and Return URL. Magento is very good about telling you what URL you should be using.
After you have setup Layout C in PayPal Manager you need to use your Manager Credentials in Magento.
Just in case you need it, here is the information on setting up your Hosted Checkout Pages in PayPal Manager:
PayPal Hosted Checkout Pages
Here is the information on where to find your PayPal Manager credentials:
Partner: Your PayPal Partner ID. Most direct Merchants have PayPal as the Partner
Vendor: Your PayPal user login name. Also known as Merchant Login
User: The ID of an additional user set up on your PayPal account. Same as Merchant login if you have not setup a separate user id in PayPal Manager.
Use your API Signature Credentials from your PayPal account for the Express Checkout setup.
In my case everything seemed fine at Magento level. I asked client questions about PayPal, at which point they tried to login to the paypal.com site and were unable to (authentication failed). Account had been locked. Client was able to resolve with PayPal tech support directly, no Magento issue after all.
I got the same problem and found the problem is
I type the API signature character by charter, the character "I" is similar to "l"
As there are multiple "I" in the signature, I have to tested one by one via the link mentioned by Vimalnath.
Then damn it, it works.
Therefore, copy is a better way while being careful about the spaces at the front or end.
I want to integrate CCAvenue payment gateway in my site. Is there any sandbox site available for CCAvenue to test payments? If any provide me the link.
CCAvenue removed the PDF from their website so I removed the official link.
Removed broken links. I found another copy but at this point it might be outdated.
https://docplayer.net/12395510-Ccavenue-world-integration-manual-version-1-0.html
Check this manual , it might be what are you looking for.
There is something about testing the integration on page 19.
I found another one which seems to be a more recent copy with a more up to date explanation.
https://jemds.com/data_pdf/1_CCAvenue%20Integration%20-%20Ver%202.0.pdf
From my experience, this is not a great app for sandboxing. If you download the manual (linked by #rgerculy you should see the information for integration. However, here is what must happen:
First, login to the merchant account and go to the integration section and download the sample code. There you'll see some PHP test code. You can probably save time by working this into your application.
Next, make sure to activate your remote merchant processing. By default, its deactivated.
Finally, it looks like you can use 4111-1111-1111-1111 to simulate a failure. To simulate success, you must use a real card for testing - less than $1USD - and put the term SUB-MERCHANT TEST in the extra notes text area.
There doesn't seem to be an easier way to do this, that I'm aware of. :(
To test your transaction on CCAvenue. Here is the step given by CCAvenue.
This section for all Clients. Now you're ready to test your account by doing Live transactions! Please keep in mind that you cannot test CCAvenue by using American Express or JCB credit card and also any of the Net Banking interfaces. Please use Mastercard, Visa, Diners Club or a Citibank eCard to do a test transaction. Also remember that while placing test orders, always put the words "SUB MERCHANT TEST" in the Instructions text box. After the transaction is successful, please log in to your CCAvenue account using your client ID and Password and cancel the test transaction. Please do not capture the transaction as this would constitute a "cash advance" against one's own cards, which our credit card companies and the payment gateways do not allow on the Internet.
Current Process:
Step one is to register in CCAvenue, and your account will be activated much sooner. And once your account is activated you will receive,
Merchant ID.
Link to activate your account and setup password for your CCAvenue account.
at your registered email address.
Once you activate your account and set up the password for your account, you can get the working key and access code in the dashboard.
To test your code, you can use https://test.ccavenue.com as form URL to CCAvenue website. All the transactions to this test URL will not be processed.
If you need to test your code from your local machine, you should write to CCAvenue service desk at service#ccavenue.com with your merchant ID and localhost URL to white-list. Else CCAvenue will throw error "Merchant Authentication Failed".
Hope this might help someone who is looking for a testing environment.
For testing ccavenue you have to mail your merchant id and register site to ccavenue help team and they will activate your account for test environment
By default: test account is not active in ccavenue. But the live payment gateway is active. You need to mail salessupport#ccavenue.com with merchant_id and domain names to be whitelisted. It will be activated in 24 hours.
I've downloaded the PHP client library for Google Adwords API. I need to insert my login details in /src/Google/Api/Ads/AdWords/auth.ini. One of the variable is developerToken.
How can I get it?
Directly from the API...
Your assigned Developer Token will be activated once your application
for API access is approved. Your token will be available through your
AdWords API Center—accessible through the My Account menu for the MCC
account you applied with. You'll be able to access the API by
including it in your request headers when interacting with our system.
It is very important that you keep your Contact Email up to date—we
may send you important information regarding disruptions to service
and urgent changes via this channel.
https://developers.google.com/adwords/api/docs/signingup
I understand this might be old, but since Google updated their API, let me share my experience.
You need to create an MCC account (My Client Center), basically if you already have a Google Adwords account you cannot use it to generate developerToken however, you still can you use same Gmail account to create a new MCC account.
Follow below:
https://adwords.google.com/home/tools/manager-accounts/
Click on Start Now
Probably you are already logged in using your Gmail account, in all cases use your Gmail account in the email address field.
Choose name for your account let's say main-account
Do not click save and continue
Check below picture, you need to click, click here in the message below.
You will then redirect to the main dashboard, where you can click on Tools and then under SETUP tab you will find Adwords API Centre where you will be able to generate developerToken
you have to use the developer token from your live account. The token will work fine even if its status is pending
I am aware of this recommendation How to send money to any paypal account but what I've tried so far seems unsatisfiable to me...
I am working on a social networking site on which I want to allow users to pay for services via paypal account. The actual payment should transfer money from a user's paypal account to my paypal account.
Here is what I came up so far. I tried to use adaptive api and PAY option and it works if I use my account and my credentials to send money to some other user. I have biz account and this is known as implicit approval. If some other user wants to pay me in this way he has to have business account and to allow my app to save his credentials like his paypal userid, password and signature which is not good.
Next thing I tried is to use permissions api for that purpose. As far as I understand this should work similar to generating token that allows my app to post on facebook on behalf of user. I've managed to create a signature as specified in the permissions api documentation for the following permissions:
$permissions = array('DIRECT_PAYMENT', 'MASS_PAY', 'TRANSACTION_DETAILS');
And now I don't know how to use this signature to transfer money to my paypal account from the paypal account that granted my app the above mentioned permissions.
Any suggestion on what I am doing wrong or better way to do this?
Um, correct me if I'm wrong here, but what you propose is a fairly regular checkout flow with one buyer and one seller (recipient).
You can use PayPal Express Checkout for this and simply set NOSHIPPING=2, which will turn shipping address collection off.
Alternatively, if you have a US PayPal account, sign up for PayPal Express Checkout for Digital Goods at https://www.paypal.com/digitalgoods and you'll be able to use a fancy JavaScript-based LightBox checkout experience (also referred to as 'inline checkout').
Express Checkout is fairly in that it only requires a minimum of two API calls; SetExpressCheckout and DoExpressCheckoutPayment.
SEND: SetExpressCheckout and supply a RETURNURL, CANCELURL, AMT (amount to be charged) and your API credentials.
RECEIVE: You'll receive a TOKEN back from PayPal. Append this token to the following link: https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-XXXXXX (where EC-XXXXX is your token).
Once the buyer agrees to the payment, he'll be redirected back to your RETURNURL, after which you can either automatically, or after showing a purchase summary, call DoExpressCheckoutPayment. Supply the TOKEN again and include the PayerID (returned in GET appended to RETURNURL, or available by calling GetExpressCheckoutDetails with the TOKEN).
Once DoExpressCheckoutPayment acknowledges with ACK=Success, the funds will have been transferred from the buyerś PayPal account balance and/or card.
Take a look at https://www.x.com/ > Dev Tools as well for further documentation, sample code and their SDK's