- Using the three token method for Website Payments Pro
- Setting up with PayPal Website Payments Pro with the API Certificate method
- Notes for UK merchants
- PayPal Hosted Solution / Pasarela Integral
- Using the PayPal Sandbox (demo mode)
- AVS and CVV checking and codes
PayPal Payments Pro and Ecommerce Templates
Ecommerce Templates offers two methods for hooking up with PayPal Payments Pro. The three token method is the simpler and recommended option of the two. If you do run into any issues with the integration, please check out our PayPal troubleshooting section. UK merchants can also now use PayPal Payments Pro from Version 5.9.2.
US merchants implementing Paypal Payments Pro can enroll in the Verified by Visa program.
Version 5.1 saw the introduction of the three token authentication system for PayPal Payments Pro. This method is much more "shared hosting friendly" than the API certificate method described above.
- Log in to your PayPal account and click on Profile.
- In the left hand "Account Information" column click "API Access".
- Click on "Request API Credentials", check "API Signature", agree to the terms and press Submit.
- Enter the API Username, API Password and Signature into the payment providers admin page for PayPal Direct / PayPal Pro.
- Select "API Method" as "API Signature".
- In includes.php you will need to set the path to your ssl certificate.
- That should be all you have to do.
You will require the Ecommerce Plus version 4.9.2 or higher. You can check the version you are running by logging into your store control panel and the number will appear at the top of the first page. If you are running an earlier version then the latest updater will always be available here for download.
These are the configuration steps you will need to take:
- Log in to your PayPal account
- Go to Profile -> API Access -> API Certificate Request
- You will need to fill in the application for the certificate request. It may take some time for you to be granted this certificate.
- The certificate you receive from Paypal will have a .txt extension so you will need to rename that to .pem ie. cert_key_pem.txt -> cert_key.pem
- As part of the signup process, an “account name” will be suggested for the certificate. This will be of the form “user_api1.yoursite.com”. You will also be required to create a password for the certificate. You are strongly recommended for security reasons to NOT use your PayPal login password. Create a new password.
- When you receive your certificate you will need to save it to your webserver. Make sure that for security reasons you save the certificate OUTSIDE the web root. This means that nobody can download the certificate by entering it’s URL in their web browser.
- PayPal Payments Pro - Direct Payment is a system where the credit card number is taken on your site. Because of this you must have your own SSL setup and set the pathtossl parameter in includes.php so that the credit card details are entered over a secure connection.
- Now log in to your ecommerce plus template admin section, click
on the payment providers admin page and enter the following information
for PayPal Direct.
API Account Name: (Such as user_api1.yoursite.com)
API Password: The password you created above.
Path to certificate : The full path to the certificate on your server. For instance /user/websites/yoursite.com/certificate.pem
Please note that for security reasons this path should be outside your web root. That way your certificate can’t be downloaded by someone entering the path to the certificate in their web browser.
In your cart.php page, above the opening HTML tab you should have some lines of PHP like this . . .
When using PayPal Payments Pro it helps if you have “output buffering” turned on. To do this, just make sure you have the ob_start() directive which you can add like this . . .
This step is optional, but it does mean that when using Express Checkout the transition between your site and the PayPal server will be smoother.
PayPal Direct Payments will now natively support UK stores which take bank cards like Switch/Maestro/Solo which have an issue number / start date. You will need to be running a minimum version of 5.9.2 of Ecommerce Templates. If you are a UK merchant and would like to enroll in the verified by visa, please use this registration form.
PayPal Hosted, also known as Pasarela Integral was introduced in version 6.1.3. It allows buyers to choose between paying via their PayPal account or via credit card on the PayPal secure server. To use this service, you will need to follow the following steps
- You will need to enable PayPal Pro and PayPal Standard through the store control panel
- Add the following line to vsadmin/includes.asp
- In your PayPal control panel go to Profile > Website payment settings > PayPal Pro Hosted or Pasarela Integral > Settings and choose the infomration you want to collect as well as setting your company's confirmation page to something like http://www.yourstoreurl.com/thanks.php
- Now go to Profile > Instant Payment Notification preferences and set the Notification URL to something like http://www.yourstoreurl.com/vsadmin/ppconfirm.php and Message Delivery to "Enabled"
- That's about all these is to it but you can read more about it from PayPal here. Please note the iframe feature is not available due to incompatibility issues in IE9.
You can put PayPal into Demo Mode on the ecommerce plus template
payment provider admin section, but this will involve using the
PayPal “Sandbox” as here . . . https://www.sandbox.paypal.com/
This would mean creating a separate sandbox email login, password and certificate request. (Sandbox certificates are assigned immediately).
When testing your PayPal account using the PayPal sandbox you may find the usual test credit card number (4111111111111111) doesn’t work correctly. If you follow the instructions below this should help you generate a test credit card number that is compatible with the PayPal sandbox.
- Login into your Sandbox Account
- Click on Add Credit Card under Profile section
- Then use the CC information to make a payment as a non-PayPal account. Just Don't click on 'Add Card' button. Copy the number down, once you leave the page, the number is gone.
If you receive this error on thanks.php:
"I'm sorry, there was a problem with your transaction.
Transaction Result: Direct Payment has been disabled on this account. Transaction has not been processed."
" I'm sorry, there was a problem with your transaction.
Transaction Result: (10501) This transaction cannot be processed due to an invalid merchant configuration."
...then make sure you have agreed to the PayPal Billing Agreement at https://www.paypal.com/us/cgi-bin/webscr?cmd=_wp-pro-overview
If you get this error when hitting the checkout button:
Fatal error: Call to undefined function: curl_init()
... it probably means that the cURL component is not installed on your server. cURL is required for connecting to the PayPal server. PayPal Pro requires communication over a secure (HTTPS) connection and cURL is the only way to do it really. if it's not available, check with your host to see if they would add it. It's quite simple, free and there are details here . . .
An alternative is provided for those that don't have cURL compiled
into PHP, but where the host provides cURL on the command line.
To use this feature you need to set the path to the cURL binary
on your server in the parameter $pathtocurl in your vsadmin/includes.php
file. For instance...
This was introduced in version 4.3.0, and if that line doesn't appear in your includes.php file, you can add it to the list.
If you get this error. . .
SSL: error:14094418:SSL routines:func(148):reason(1048)
Then the problem is having PayPal Direct in demo mode, but a non-demo mode certificate and vice-versa
If you need your customer to provide a phone number then
in your PayPal Profile go to Website Payment Preferences -> Contact
...and set it to "On (Required Field)"
Do check these codes and make a decision accordingly of whether to ship the order
- AVS codes
A Address Address only (no ZIP)
B International “A” Address only (no ZIP)
C International “N” None
D International “X” Address and Postal Code
E Not allowed for MOTO (Internet/Phone)
F UK-specific “X” Address and Postal Code
G Global Unavailable Not applicable
I International Unavailable Not applicable
N No None
P Postal (International “Z”) Postal Code only (no Address)
R Retry Not applicable
S Service not Supported Not applicable
U Unavailable Not applicable
W Whole ZIP Nine-digit ZIP code (no Address)
X Exact match Address and nine-digit ZIP code
Y Yes Address and five-digit ZIP
Z ZIP Five-digit ZIP code (no Address)
Error Not applicable
- CVV codes
M Match CVV2
N No match None
P Not Processed Not applicable
S Service not Supported Not applicable
U Unavailable Not applicable
X No response Not applicable
Error Not applicable
Please do read our guide here on credit card fraud.
That's all there is to it really - any comments on the set up can be posted on our Support Forum.