I have got a Paypal order, with a order id (O-123213XXXX) from Paypal. I am trying to Authorize it via Hybris Storefront. Hybris will pass the payload to third party when user clicks on place order button, that third party will authorize the payment by communicating to PayPalExpress processor.
My payment is reaching till the processor and I am getting the response like [cart] 10002 Security Header not valid. I searched online and came to know that its something related to invalid API Credentials. They are suggesting not to get confused with live Paypal credentials with sandbox credentials.
I have cross-checked everything,
1) I have a Paypal button at my Hybris Storefront which user click when they wish to pay using Paypal. This will create the order.
2) After which, I am logging in using my sandbox test user account of type personal to approve the order via Paypal popup window.
3) Next, I execute that order. Before that, I need the bearer access-token using my online store's "Sandbox" Client ID and Secret Key combination in another REST call. (Just to mention... this online store/app is associate with a sandbox account of type "Business")
Once I get the token, I execute the order via another REST call using that access-token.
4) Now I get the Order Id from Paypal so that once the order is placed in Hybris, it will be Authorized and then Captured at a later stage. (Thats the plan...)
I have noticed in the Paypal developer account that the Business account associated with my online store/app has some credentials such as Username, Password and Signature.. But I am not using them anywhere in my flow.
(Those are for SOAP/NVP Calls that what they say in docs..)
and now I am getting 10002 Security header invalid response from processor.
As per my understanding I am not using any live credentials anywhere but the sandbox.
or am I missing something related to those mentioned credentials I am not using anywhere??
Related
Is it possible to add or link PayPal to an account (get from paypal user access token or something like this ) to allow payments without authorization ( without log in and confirmation like with card if we have card number and cvc ) ?
And second question, I am using paypal sandbox and I cannot refresh the token when trying to execute the query
I get this answer
{
"error": "invalid_refresh_token",
"error_description": "No consent were granted"
}
Its possible they disabled this options on sandbox ?
Regards
Credit card company rules do not permit a cvc to be stored under any circumstances, so you would never "have" this information. It can only be transmitted when a card is first processed and then must be immediately discarded. As for storing card numbers themselves, there are many rules about that (PCI SAQ-D is a place to start, if you need to research it)
To your PayPal question, to be able to bill a PayPal account without the payer signing in (though they will always have to sign in for initial agreement/set up), the receiving PayPal account must have a feature called "reference transactions". The account owner can contact PayPal's general business support (not technical support) to explain the business need and inquire about being approved for enabling this feature. Once enabled, PayPal can guide you on which API to implement -- be it the older billing agreements API or a newer v2 or v3 vault one.
Refresh tokens are used by a Log in with PayPal integration to obtain a new access token when the old one (originally obtained from an authorization_code) is expired. If you are not integrating Log in with PayPal, refresh tokens are not applicable to what you are actually trying to do, and so the request in your screenshot won't be useful to you.
Refresh tokens are not used to obtain a regular REST API access token for authentication, which uses grant_type=client_credentials . If that's what you're actually trying to do, the documentation is here. The public PayPal Postman API collection sample takes care of this step for you, in the collection-level pre-execution script.
We have an app where we want to onboard Merchants to connect their Paypal account and then they can accept money from the customers directly through our webapp. I read through the docs and am a little lost on how to start.
What I understood is :
Using this document Paypal Doc we first need to generate authorization code then generate refresh and access token. But this document is for Paypal Here.
Also on the Customer Side should I use Smart Buttons Doc where I can generate the order Id and execute the capture step on the Server side using the access token generated for the Merchants in the first part.
Am I heading in the right direction?
If you also need to do things like manage refunds via the API, have the merchants generate a REST client ID and secret via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications and copy this information into your configuration interface
If you don't need to do that, you can integrate PayPal Checkout with your own API credentials, and set a 'payee' object, https://developer.paypal.com/docs/checkout/integration-features/custom-payee/
I need some help with Paypal Payouts. I am currently using Java SDK and working in sandbox environment.
I am trying to implement a button in my webapp that will enable users to receive monetary awards in their paypal accounts. My first idea was to ask for their email and then - using the SDK create a payout item and send that. All works well, except that when someone types (unintentionally I assume) wrong email, then money are not going to be transferred. That is why I decided that asking the user to login with paypal and then using their paypal id will be much more error-proof.
So I followed the steps described here.
I am successfully able to exchange the authorization code and receive access and refresh tokens. Then I use those to load user info that contains only user_id (login scope is openid).
When I try to create a PayoutItem with recipient type PAYPAL_ID and value - user_id from Userinfo object - the operation is unsuccessful (no error - just the batch result is null).
We do not have and we do not expect to have any transactions from this user - so there is no way to use getTransactionDetails in order to retrieve payer id.
I suspect that user_id is not the correct property to use. However, I cannot find any information on how I can integrate payouts with recipient type PAYPAL_ID combined with paypal login.
Help, please!
2 questions for you regarding Paypal Hosted Checkout solution and the goal of the "Identity Token" or "Token ID".
1-
I've come accross several online Paypal docs (such as for Payflow integration) that talk about providing the "Identity Token" (or "Token ID", I think they're the same do they?), but I was wondering what's the goal of passing over this token ID, is it for my own security, or Paypal's one, or something else? Does anybody know exactly what's the purpose of that token ID, what Paypal is doing with it, and/or what the vendor shall be doing with it?
Asking this because when doing the form post to redirect the user to the Paypal hosted checkout, we have to first call the paypal gateway server to obtain the "secure token" and this API call is already secured through another method right, I need to pass my account credentials. So why posting only the "secure token" is not enough and we also need to post that "token ID"? Paypal should already have associated the secure token with my account information through the first API call no?
2-
Also, at the end of the flow, once Paypal returns the customer to my vendor website, does Paypal include any of those tokens (token ID or secure token) as part of their request (perhaps by adding url parameters to my given vendor return url)? If so, does Paypal recommands any sort of validation to be made on the vendor side, such as validating that the tokens match the ones that I, the vendor, stored in the user session prior to redirecting the customer through a form post to the Paypal hosted checkout? Basically, how can I ensure that the session was not hijacked between the time I redirect the customer to Paypal hosted checkout and the time Paypal returns the customer back to my site?
Reference: https://developer.paypal.com/docs/classic/payflow/integration-guide/#hosted-checkout-pages
Thanks a lot
As the previous user states, the Token id is used basically to identify an specific transaction process during it's workflow.
About your second question, in case of Express Checkout, the workflow does not ends when PayPal returns the user to your site. This step you are describing is probably when you send the user to PayPal to AUTHORIZE a payment that you will issue later. The last step is the DoExpressCheckoutPayment, in which you just inform paypal to make the transaction, for this you just pass to PayPal the token, so PayPal knows what you are "talking" about.
Is it good practice to validate the token, I would say yes. Somebody might be listening at your connection and injecting some invalid token. In any case, if you send an invalid token you will get an error message from paypal.
the following image illustrates very good the whole process:
As I understand it (and if reading this correctly), the Secure Token is for processing transactions on your own site instead of passing the user and order to paypal for processing. The Secure Token identifies that specific transaction and ensures the continuity of the order is not broken. You require a Token ID in order to obtain a Secure Token.
I'm trying to refund transactions using the Paypal NVP API. I've got some payments in a sandbox account, but when I try to issue a refund though the API I get You do not have permissions to make this API call. But I'm not sure what credentials I should be using.
According to the documentation, it says:
To access the PayPal API, you need API credentials, either an API
signature or API certificate, that identify you. Use the following
sample API signature and password in your sample programs that run in
the PayPal Sandbox test environment.
API username sdk-three_api1.sdk.com
API password QFZCWN5HZM8VBG7Q
API signature A‑IzJhZZjhg29XQ2qnhapuwxIDzyAZQ92FRP5dqBzVesOkzbdUONzmOU
I tried generating API credentials for the sandbox merchant account that's issuing the refunds, but the Paypal website crashes every time I try. Are these the correct credentials? What do I need to do to test this?
Your test accounts do not have credentials.
To get started with Payment Card in Sandbox, you must first create a buyer test account and enable in-store checkout.
After login sandbox you will find that option in menu API and Payment Card Credentials
and then click it you will get option Create Test Account and after create account you will get API Username, API Password and Signature.
Use those API Username, API Password and Signature in your application.
I found these details in my account after logging in:
go to the sandbox tab
below this you will find Accounts. Click on Accounts.
All your email lists will be shown.
Click on the email id that belongs to the Business account.
You will see two options: profile and notifications below the email id's.
After clicking on profile one window will pop up with name Account details.
In that you will see the tab API Credentials. In this you will find your username, password and signature. Please note : You will find these details only in your Business type account, not for buyer type.