PayPal Certified Developer Program Study Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l’instant.
PayPal Certified Developer Program Study Guide Document Number: 100018.en_US-200803 © 2008 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc. PayPal (Europe) Ltd.
Contents Chapter 1 Online Payment Processing . . . . . . . . . . . . . . . . . 11 Online Selling Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 The Payment Processing Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Individuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Institutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Processes and Services . . . . . . . . . . .
Contents Chapter 3 Getting Started With Account Setup . . . . . . . . . . . . 43 Basic Steps for Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 PayPal Sandbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Review Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Chapter 4 API Credentials . . . . . . . . . . . . . . . . . . . . . . . 47 What API Credentials Are . . . . . . . . . . . . . . . . .
Contents Button and Logo Placement and Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 PayPal Button as a Checkout Choice . . . . . . . . . . . . . . . . . . . . . . . . . . 74 PayPal Button as a Payment Method . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Using PayPal-Hosted Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Redirecting to PayPal . . . . . . . . . . . .
Contents Instant Payment Notification (IPN). . . . . . . . . . . . . . . . . . . . . . . . . . . .100 Dispute Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 Chapter 9 Sandbox Testing . . . . . . . . . . . . . . . . . . . . . . 105 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151 Chapter 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151 Chapter 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151 Chapter 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151 Chapter 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 8 March 2008 PayPal Certified Developer Program Study Guide
List of Tables Table 1.1 PayPal Payment Processing Solutions Table 2.1 High Fraud Risk Quick Reference . . . . . . . . . . . . . . . . . . . . . 26 Table 2.2 PCI Data Security Standard . . . . . . . . . . . . . . . . . . . . . . . . 32 Table 2.3 Merchant Levels for PCI Compliance . . . . . . . . . . . . . . . . . . . 32 Table 2.4 PCI Compliance Validation Requirements . . . . . . . . . . . . . . . . . 33 Table 2.5 Fraud Protection Services Purchase Options . . . . . . . . . . . . . . .
List of Tables 10 Table 8.10 TransactionSearch Response Fields . . . . . . . . . . . . . . . . . . . . 98 Table 8.11 GetTransactionDetails Request Parameters . . . . . . . . . . . . . . . . 99 Table 9.1 Differences between PayPal Sandbox, and Live PayPal Table 9.2 API Fields That Trigger Error Conditions . . . . . . . . . . . . . . . . . .130 Table 9.3 AVS Error Conditions and Triggers . . . . . . . . . . . . . . . . . . . . .134 Table 9.4 CVV Error Conditions and Triggers . . . . . . . . . . .
1 Online Payment Processing Online payment processing simplifies the operation of an online store by providing a reliable, easy, secure, and seamless experience for merchants and customers.
1 Online Payment Processing How Online Payment Processing Works Individuals z Merchant: Someone who sells goods or services. z Customer: The holder of the payment instrument. Institutions z z z z Customer issuing bank: The institution providing the customer’s credit card. Acquiring bank: Provides internet merchant accounts required to enable online card authorization and payment processing.
Online Payment Processing What to Look for in an Online Payment Processing Solution 1 2. Merchant’s website receives customer information and sends it to payment processing service. 3. Processing service routes information to processor. 4. Processor routes information to bank that issued customer’s credit card. 5. Issuing bank sends authorization (or declination) to processor. 6. Processor routes transaction results to payment processing service. 7. Processing service sends results to merchant. 8.
1 Online Payment Processing PayPal’s Payment Processing Solutions Reliable z Provide reliable and cost-effective acceptance and processing of a variety of payment types z Authorize credit cards in real time z Scale to thousands of transactions to meet peak demand z Based on a fault-tolerant network of redundant servers to ensure uninterrupted operations Easy to Use z Provide easy, flexible integration with merchant’s website z Scale rapidly and seamlessly as transaction volume increases z Work
Online Payment Processing PayPal’s Payment Processing Solutions 1 your site and get the features of a merchant account and gateway through a single provider at a lower cost. Website Payments Pro allows you to control your checkout from start to finish. For more information on Website Payments Pro, go to: https://www.paypal.com/cgibin/webscr?cmd=_wp-pro-overview-outside. – Website Payments Standard: Website Payments Standard lets customers shop on your website and pay on PayPal.
1 Online Payment Processing PayPal’s Payment Processing Solutions – PayPal as an Additional Payment Option: This option allows merchants to put the PayPal logo on their own website to accept PayPal as an alternative payment source, in addition to credit cards such as MasterCard® or Visa®. For more information on PayPal as an Additional Payment Option, go to: https://www.paypal.com/cgi-bin/webscr?cmd=_additional-payment-overview-outside.
Online Payment Processing PayPal’s Payment Processing Solutions 1 TABLE 1.
1 Online Payment Processing Review Questions Review Questions Answers to review questions are in Appendix A, “Answers to Review Questions.” 1. Indicate if each statement is True (T) or False (F). _____ The most critical step in establishing an online store is ensuring that you can accept customer payments for single or repeated transactions. _____ According to Cybersource Corp., businesses lost nearly $2.8 billion USD to online fraud in 2005, down from $3.0 billion USD in 2004.
Online Payment Processing Review Questions 1 3. The following steps describe the payment authorization process. Indicate the correct order of the steps by placing the step number to the left of each description. _____ Processor routes information to bank that issued customer’s credit card. _____ Merchant’s website receives customer information and sends it to payment processing service. _____ Processing service sends results to merchant. _____ Merchant decides to accept or reject purchase.
1 Online Payment Processing Review Questions 6. Match each PayPal solution to the service it offers. Response 20 PayPal Product Service Description Website Payments Pro 1. Lets you send customers email invoices that they can pay on PayPal. This simple solution does not require you to have a shopping cart or an internet merchant account. Website Payments Standard 2. A gateway that provides a secure connection between your online store and your internet merchant account.
Online Payment Processing Review Questions 1 7. Select the PayPal payment processing solutions that enable a customer to checkout on the merchant’s website. _____ Website Payments Pro _____ Website Payments Standard _____ Payflo Pro _____ Payflow Link _____ Email Payments _____ Virtual Terminal _____ PayPal as an Additional Payment Option 8. Select the PayPal payment processing solutions that require API or HTML technical skills to develop payment processing applications.
1 22 Online Payment Processing Review Questions March 2008 PayPal Certified Developer Program Study Guide
2 Internet Security and Fraud Prevention E-commerce has become an essential sales channel for businesses both domestically and internationally. Unfortunately, e-commerce has also become an attractive revenue source for criminals who perpetrate internet fraud. You need to be aware and informed so that you can take steps to protect your business. Security for online payments is everyone’s responsibility.
2 Internet Security and Fraud Prevention Liability for Internet Fraud trade publication, estimates the rate of credit card fraud to be 18 cents to 24 cents per $100 USD of online sales – three to four times higher than the overall fraud rate. The threat of online fraud is so pervasive that the U.S. government now mandates security requirements for businesses that handle financial information online.
Internet Security and Fraud Prevention Internet Fraud: What It Is and How It Happens 2 more quickly, thus saving time and money. In some cases, online merchants have reduced their chargeback rate from 7% to 2%. Internet Fraud: What It Is and How It Happens All internet payment fraud is based on stolen consumer or merchant identities. It also requires access to payment networks to complete the fraud. The result is product theft, identity theft, and cash theft.
2 Internet Security and Fraud Prevention Who Is at Risk for Online Fraud stolen credit cards. For the merchant, it is crucial to use products with built-in fraud protection to prevent this sort of digital theft. Chargebacks Chargebacks occur when a cardholder disputes a credit card purchase. During such disputes, the card-issuing bank initiates a chargeback against the merchant, retrieving the funds for the sale from the merchant’s bank account.
Internet Security and Fraud Prevention Reducing Exposure to Fraud 2 TABLE 2.1 High Fraud Risk Quick Reference Customer Base Potential Risk International It is difficult to validate the address or identity of foreign buyers, and it is more difficult to investigate and prosecute fraudulent activity from an overseas source. Sales Season Potential Risk Heavy proportion of fourth quarter sales Criminals know that you have limited time for fraud protection when sales volumes are high.
2 Internet Security and Fraud Prevention What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud automatically and continuously review only the suspicious orders, before you process them, allowing time to make an informed decision. Account Level Make sure that only authorized users have access to your payment gateway account, and be alert for suspicious account access patterns. Lock down administrative access.
Internet Security and Fraud Prevention What PayPal Is Doing to Protect Your Business Against Fraud 2 they have deployed buyer authentication.) Through Fraud Protection Services, one seamless integration gives you access to both Verified by Visa and MasterCard SecureCode with your PayPal gateway service. What PayPal Is Doing to Protect Your Business Against Fraud The security of your information, transactions, and money is the core of our business and our top priority at PayPal.
2 Internet Security and Fraud Prevention Disclosure and Compliance Disclosure and Compliance Disclosure Policy Your disclosure policy tells your customers that you’re honest and dependable and that you care about them and protecting their information. It shows your customers that you believe in transparency and accountability. It provides a framework and standards for your business policies, how you deal with your customer information, and how you communicate with your customers.
Internet Security and Fraud Prevention Disclosure and Compliance 2 4. Return policy. Your customers love simplicity and forgiveness. They sometimes make mistakes and order the wrong products. They may be unfamiliar with what they are ordering, and it’s not what they had in mind. By allowing your customers to return an item in a timely fashion, and making it easy to do so, you are gaining their loyalty. A clear return policy also comes in handy if the order arrives damaged.
2 Internet Security and Fraud Prevention Disclosure and Compliance While validating that you’re in compliance with the PCI standard is a requirement, it’s also an opportunity. Finding and fixing compliance gaps before your audit keeps your company running smoothly and your reputation intact. It provides you with tangible proof that you can communicate to your customers on how well you’re protecting them. The quickest and easiest way to meet PCI compliance standards is to outsource the job.
Internet Security and Fraud Prevention Disclosure and Compliance 2 TABLE 2.3 Merchant Levels for PCI Compliance Level Description Level 4 Any merchant processing fewer than 20,000 e-commerce transactions per year, and all other merchants processing up to 6,000,000 credit card transactions per year. In addition to adhering to the PCI Data Security Standard, compliance validation is required for Level 1, Level 2, and Level 3 merchants, and may be required for Level 4 merchants. TABLE 2.
2 Internet Security and Fraud Prevention PayPal Fraud Protection Services PayPal Fraud Protection Services Protecting your business against the consequences of even a single fraud attempt requires a significant time commitment and ties up valuable resources. PayPal has designed its suite of Fraud Protection Services based on merchant feedback and the needs of the online business community.
Internet Security and Fraud Prevention PayPal Fraud Protection Services z z 2 Reduce chargeback costs. Automatically reject or flag transactions that you deem suspicious. Get started fast. Quickly set up and manage your security system with easy-to-use tools. Basic Fraud Protection Service works by using: z Filters. Quickly set up filters that you can customize to fit your business needs. z Online reports. Easily review and then accept or reject online orders. z Monitoring.
2 Internet Security and Fraud Prevention PayPal Fraud Protection Services TABLE 2.6 Comparison of Fraud Protection Services Basic Protection Features High-Risk Address Filters Check for suspect zip codes and freight forwarders plus IP address. X Advanced Protection X Automatic Rejection Lists Help protect you business from known offenders. X Automatic Acceptance Lists Keep good customers buying by automatically accepting their payments.
Internet Security and Fraud Prevention Review Questions z z 2 Extra security measure. At checkout, customers are required to enter a password to verify their identity with their credit card company. Maximum protection. Once the cardholder’s password is authenticated, Visa and MasterCard cover the merchant’s liability for that transaction. Review Questions Answers to review questions are in Appendix A, “Answers to Review Questions.” 1. Indicate if each statement is True (T) or False (F).
2 Internet Security and Fraud Prevention Review Questions 3. Match each participant in the payment processing network to the role they perform. Response Risk Category Potential Risk Description Merchants with vulnerable security defenses 1. Fraud attempts are higher for merchants who advertise heavily or are in the news because criminals know that merchants who experience high transaction volumes have less time to defend against fraud. High-visibility merchants 2.
Internet Security and Fraud Prevention Review Questions 2 5. Fill in the blanks to complete the following statements. PayPal leverages the ____________________, which provides crucial online identity and security to help establish trust between parties involved in e-commerce transactions. Using SSL with an encryption key length of ____________________ (the highest level commercially available), PayPal automatically encrypts your confidential information in transit from your computer to ours.
2 Internet Security and Fraud Prevention Review Questions 8. The left column in the table lists the PCI data security standards. The right column contains a list of requirements. Indicate which requirements meet each standard. (Note: Each standard has one or more requirements.) Response Standards Requirements Build and Maintain a Secure Network 1. Restrict physical access to cardholder data. 2. Regularly test security systems and processes. 3. Develop and maintain secure systems and applications. 4.
Internet Security and Fraud Prevention Review Questions 2 10.Indicate if each statement is True (T) or False (F). _____ PayPal’s Basic Fraud Protection Service is the ideal solution for merchants who process low transaction volumes through a Payflow payment gateway, while the Advanced Fraud Protection Service is essential for businesses processing mediumto-high transaction volumes.
2 42 Internet Security and Fraud Prevention Review Questions March 2008 PayPal Certified Developer Program Study Guide
3 Getting Started With Account Setup In this chapter, you will learn about: z Steps for getting started with PayPal payment processing solutions z Enrolling with PayPal services z The PayPal Sandbox including how to get access to the Sandbox Basic Steps for Getting Started In three steps, you can acquire everything you need to begin accepting online purchases. 1. Choose payment processing services.
3 Getting Started With Account Setup PayPal Sandbox 3. Enroll in the selected PayPal services. A merchant must enroll for each service they plan to use. Once you have a merchant internet account, you can sign up for each service individually. To apply for Website Payments Pro, follow these steps: – Go to: https://www.paypal.com/cgi-bin/webscr?cmd=_wp-pro-overview-outside. – At the bottom of the page, click Apply for Website Payments Pro.
Getting Started With Account Setup Review Question 3 Review Question Answers to review questions are in Appendix A, “Answers to Review Questions”. 1. The following steps describe the getting started with account setup process. Indicate the correct order of the steps by placing the step number to the left of each description. _____ Set up an internet merchant account, if you don’t already have one. _____ Customize your payment processing service with additional services.
3 Getting Started With Account Setup Review Question 5.
4 API Credentials In this chapter, you will learn: z What API credentials are z How to establish API credentials z How to use API credentials What API Credentials Are Before using the PayPal API to communicate with the API server, a developer must establish a set of API credentials, which is data that uniquely identifies a developer to the PayPal API server. The credentials are included with each API call. Credentials are needed per merchant account for processing.
4 API Credentials Establishing API Credentials Establishing API Credentials The two authentication methods have separate processes for establishing API credentials. API Signature To establish credentials using an API signature as the authentication method, follow these steps: 1. Log in to a PayPal Premier or Business account. 2. In the top navigation area, click the Profile subtab. 3. Under the Account Information header, click the API Access link. 4. Click Request API Credentials. 5.
API Credentials Establishing API Credentials 4 Generate the API Certificate 1. Log in to a PayPal Premier or Business account. 2. In the top navigation area, click the Profile subtab. 3. Under the Account Information header, click the API Access link. 4. Click the Request API Credentials link. 5. Complete the request form by clicking the agreement checkbox and clicking Submit. 6. Save the values for API Username and API Password. 7. Click the Download Certificate button. A file named cert_key_pem.
4 API Credentials Using API Credentials To import the API certificate, execute the following command at a command prompt: WinHttpCertCfg -i encryptedCertificateName -p privateKeyPassword -c LOCAL_MACHINE\my -a username where: z encryptedCertificateName is the name of the encrypted API certificate that was generated with OpenSSL. z privateKeyPassword is the private key password of the encrypted API certificate. z username is the name of the user executing the application.
API Credentials Review Questions 4 IMPO RTANT: In the final implementation, protect the values for USER, PWD, and SIGNATURE. The values should be stored in a secure location, with file permissions set so that only the system user who executes the web application can access it. N OTE : To find the latest version number, go to www.paypal.com/IntegrationCenter. Review Questions Answers to review questions are in Appendix A, “Answers to Review Questions.” 1.
4 52 API Credentials Review Questions March 2008 PayPal Certified Developer Program Study Guide
5 Name-Value Pair (NVP) API In this chapter, you will learn: z z The basic steps for using the PayPal Name-Value Pair (NVP) API to integrate an application with PayPal How to communicate with the PayPal server using the request/response model and secure HTTP Integrating with the PayPal API The NVP API is a simple, programmatic interface that allows merchants to access the PayPal API. The NVP API makes it easy to integrate PayPal with a web.
5 Name-Value Pair (NVP) API Technical Details Create and Post the Request Create an NVP request string, and post it to the PayPal server. Add code to the web application to do the following tasks: 1. Encode the name and value parameters in the request, to ensure the correct transmission of all characters. This is described in “URL Encoding” on page 55. 2. Construct the NVP API request string, as described in “NVP Format” on page 54 and “Request Format” on page 56. 3.
Name-Value Pair (NVP) API Technical Details z 5 The name is separated from the value by an equals sign (=); for example: FIRSTNAME=Robert z Name-value pairs are separated by an ampersand (&); for example: FIRSTNAME=Robert&MIDDLENAME=Herbert&LASTNAME=Moore z The NVP string is URL-encoded. URL Encoding You must URL encode the values included in each API request. The values in all API responses are also URL encoded.
5 Name-Value Pair (NVP) API Technical Details Request Format Each NVP request consists of required and optional parameters and their values. Parameter names are not case-sensitive. As shown in Table 5.2, this document uses UPPERCASE for parameter names and divides the parameters into required security parameters and body parameters. TABLE 5.2 General Format of a Request Required security parameters USER=apiUsername&PWD=apiPassword&SIGNATURE=apiSignature& SUBJECT=optionalThirdPartyEmailAddress&VERSION=3.
Name-Value Pair (NVP) API Technical Details 5 Response Format A response from the PayPal servers is a URL-encoded name-value pair string, just like the request. The general format of the response is described in Table 5.3. TABLE 5.3 General Format of a Successful Response Success response fields ACK=Success&TIMESTAMP=date/timeOfResponse&CORRELATIONID= debuggingTokens&VERSION=3.
5 Name-Value Pair (NVP) API Review Questions Multiple errors can be returned. Each set of errors has a different numeric suffix, starting with 0 and incrementing by 1 for each error. For possible causes of errors and how to correct them, see the error-message reference information in PayPal Name-Value Pair API Developer Guide and Reference. Posting Using HTTPS The web application posts the URL-encoded NVP string over an HTTPS connection to one of the PayPal API servers. PayPal provides a live server.
6 Express Checkout In this chapter you will learn: z How Express Checkout works z How to use the Express Checkout APIs z How to use the PayPal Express Checkout buttons and logos How Express Checkout Works PayPal Express Checkout is a combination of the website checkout process, PayPal login and review pages on https://www.paypal.com, and PayPal API requests and responses.
6 Express Checkout How Express Checkout Works The PayPal Express Checkout API calls work as follows: 1. After selecting products to purchase, the customer clicks the Checkout with PayPal button on the merchant’s website. This allows the customer to quickly skip entering shipping and billing information on the merchant’s website. 2. The application passes PayPal the transaction details (SetExpressCheckout), receives the response from PayPal, and redirects the customer’s browser to PayPal. 3.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.1 Express Checkout Flow-of-Control and Integration Points (Continued) Customer... Merchant... PayPal... Redirects user’s browser to merchant’s ReturnURL, with Token value appended. Logs in to PayPal, approves PayPal use, and clicks Continue or Pay. Optionally sends a GetExpressCheckoutDetails request with Token to retrieve customer’s information.
6 Express Checkout Express Checkout API Reference Information SetExpressCheckout Request The SetExpressCheckout notifies PayPal that the application is using Express Checkout to obtain payment from the customer. TABLE 6.2 SetExpressCheckout Request Parameters Parameter Description Required? METHOD Name of the API: SetExpressCheckout Yes RETURNURL A secure URL to which the customer’s browser is returned after the customer chooses to pay with PayPal.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.2 SetExpressCheckout Request Parameters (Continued) Parameter Description Required? PAYMENTACTION How the merchant wants to obtain payment: z Authorization indicates this payment is a basic authorization subject to settlement with PayPal Authorization & Capture. z Order indicates this payment is an order authorization subject to settlement with PayPal Authorization & Capture.
6 Express Checkout Express Checkout API Reference Information TABLE 6.2 SetExpressCheckout Request Parameters (Continued) Parameter Description Required? ADDROVERRIDE The value 1 indicates that the PayPal pages should display the shipping address set in this SetExpressCheckout request, not the shipping address on file with PayPal for this customer. No N OT E : Displaying the PayPal street address on file does not allow the customer to edit that address.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.2 SetExpressCheckout Request Parameters (Continued) Parameter Description Required? HDRBORDERCOLOR Sets the border color around the header of the payment page. The border is a 2-pixel perimeter around the header space, which is 750 pixels wide by 90 pixels high. Character length and limitations: 6-character HTML hexadecimal color code in ASCII. No HDRBACKCOLOR Sets the background color for the header of the payment page.
6 Express Checkout Express Checkout API Reference Information GetExpressCheckoutDetails Request A GetExpressCheckoutDetails request asks PayPal to respond with the customer’s checkout information, such as shipping address. TABLE 6.4 GetExpressCheckoutDetails Request Parameters Parameter Description Required? METHOD Name of the API: GetExpressCheckoutDetails Yes TOKEN A timestamped token, the value of which was returned by the SetExpressCheckout response.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.5 GetExpressCheckoutDetails Response Fields (Continued) Parameter Description SUFFIX Payer’s suffix. Character length and limitations: 12 single-byte characters. COUNTRYCODE Payer’s country of residence, in the form of ISO standard 3166 two-character country codes. Character length and limitations: 2 single-byte characters. BUSINESS Payer’s business name. Character length and limitations: 127 single-byte characters.
6 Express Checkout Express Checkout API Reference Information DoExpressCheckoutPayment Request The DoExpressCheckoutPayment request performs the actual request to obtain payment with PayPal Express Checkout. N OTE : PayPal requires that a merchant using Express Checkout display to the customer the same amount that the merchant sends to PayPal in the AMT parameter of the DoExpressCheckoutPayment request. TABLE 6.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.6 DoExpressCheckoutPayment Request Parameters (Continued) Parameter Description Required? DESC Description of items the customer is purchasing. Character length and limitations: 127 single-byte alphanumeric characters. No CUSTOM A free-form field for the developer’s own use. Character length and limitations: 256 single-byte alphanumeric characters. No INVNUM The merchant’s own invoice or tracking number.
6 Express Checkout Express Checkout API Reference Information TABLE 6.6 DoExpressCheckoutPayment Request Parameters (Continued) Parameter Description Required? TAXAMT Sum of tax for all items in this order. No N OTE : Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). N OTE : TAXAMT is required if a value is specified for L_TAXAMTn.
Express Checkout Express Checkout API Reference Information 6 TABLE 6.6 DoExpressCheckoutPayment Request Parameters (Continued) Parameter Description Required? L_EBAYITEMAUCTIONTXNIDn Auction transaction identification number. Character length: 255 single-byte characters. No L_EBAYITEMORDERIDn Auction order identification number. Character length: 64 single-byte characters. No ShippingAddress An optional shipping address, as described in “ShippingAddress Parameter” on page 153.
6 Express Checkout Express Checkout API Reference Information TABLE 6.7 DoExpressCheckoutPayment Response Fields (Continued) 72 Field Description AMT The final amount charged, including any shipping and taxes from the Merchant Profile. Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator is a period (.), and the optional thousands separator is a comma (,). Equivalent to 9 characters maximum for USD.
Express Checkout Button and Logo Placement and Use 6 TABLE 6.7 DoExpressCheckoutPayment Response Fields (Continued) Field Description PENDINGREASON The reason the payment is pending: z none — No pending reason. z address — The payment is pending because the customer did not include a confirmed shipping address, and the merchant’s Payment Receiving Preferences are set such that the payments must be manually accepted or denied.
6 Express Checkout Button and Logo Placement and Use If your site has a Checkout button on pages other than the Shopping Cart page (such as on product pages), PayPal requires that you put a PayPal Express Checkout button next to these Checkout buttons as well—if the Checkout button initiates the checkout flow. If the Checkout button links to the Shopping Cart page, you are not required to place a PayPal button.
Express Checkout Redirecting to PayPal 6 Using PayPal-Hosted Images PayPal requires that you use Express Checkout button images hosted on PayPal's secure servers, rather than hosting copies of these images on your own servers. Also, using the buttons on the PayPal servers eliminates the need for you to maintain them yourself. If the buttons are updated, the new buttons appear automatically in your application. Using out-ofdate PayPal buttons could reduce customer confidence in your PayPal deployment.
6 Express Checkout Order Review Page Setup Order Review Page Setup PayPal recommends that order review pages be set up as follows: 1. Shipping Information Section: – Display the shipping address supplied by PayPal. – On first use of the SetExpressCheckout API call, if the customer selected a shipping address stored in the PayPal account, redirect the customer’s browser back to PayPal to edit the shipping address.
Express Checkout Review Questions 6 Review Questions Answers to review questions are in Appendix A, “Answers to Review Questions.” 1. On the Order Review page, from where should the application get the value of the total order? 2. In the SetExpressCheckout request, what is the maximum allowed value for AMT? 3. How much time elapses before a TOKEN expires? 4. Where should the PayPal checkout button appear? 5.
6 78 Express Checkout Review Questions March 2008 PayPal Certified Developer Program Study Guide
7 Direct Payment API In this chapter, you will learn: z How Direct Payment works z How to use the Direct Payment API How Direct Payment Works The Direct Payment API allows a merchant to accept credit-card transactions directly on the merchant’s website. Even though the website uses PayPal to process the credit-card transaction, this process is invisible to customers. This means customers are not taken away from the website; the website provides a single, unified look and feel.
7 Direct Payment API Direct Payment API Reference Information Direct Payment API Reference Information The following sections contain reference information about the parameters and fields used in the various requests and responses involved in PayPal Direct Payment. Further reference information is available in PayPal Name-Value Pair API Developer Guide and Reference. DoDirectPayment Request Use a DoDirectPayment request to charge a credit card or to authorize a credit card for later capture. TABLE 7.
Direct Payment API Direct Payment API Reference Information 7 TABLE 7.1 DoDirectPayment Request Parameters (Continued) Parameter Description Required? ACCT Credit-card number. Character length and limitations: Numeric characters only. No spaces or punctuation. Must conform with the length required by each credit-card type. Yes EXPDATE Credit-card expiration date. Format: MMYYYY Character length and limitations: 6 single-byte numeric characters, including leading 0.
7 Direct Payment API Direct Payment API Reference Information TABLE 7.1 DoDirectPayment Request Parameters (Continued) 82 Parameter Description Required? CURRENCYCODE A three-character currency code. Default: USD. This parameter accepts only the following currencies: z AUD — Australian Dollar z CAD — Canadian DOllar z EUR — Euro z GBP — Pound Sterling z JPY — Japanese Yen z USD — US Dollar No ITEMAMT Sum of the cost of all items in this order.
Direct Payment API Direct Payment API Reference Information 7 TABLE 7.1 DoDirectPayment Request Parameters (Continued) Parameter Description Required? INVNUM The merchant’s own invoice or tracking number. Character length and limitations: 127 single-byte alphanumeric characters No BUTTONSOURCE An identification code for use by third-party applications to identify transactions.
7 Direct Payment API Direct Payment API Reference Information TABLE 7.1 DoDirectPayment Request Parameters (Continued) Parameter Description Required? CVV2 Card Verification Value, version 2. The Merchant Account settings determine whether this field is required. Contact a PayPal Account Manager for more information. Character length for Visa, MasterCard, and Discover: Three digits. Character length for American Express: Four digits.
Direct Payment API Authorization & Capture 7 Authorization & Capture PayPal assumes that at the end of the checkout process, the merchant makes a final sale and payment transaction through PayPal. If, at the point of sale, the merchant does not know the complete cost of the order—for example, if the shipping, handling, and tax are not precisely known or there is an upsell—a transaction can be authorized that can be captured later, with Authorization & Capture.
7 86 Direct Payment API Review Questions March 2008 PayPal Certified Developer Program Study Guide
8 Transactions In this chapter, you will learn: z How to use the Authorize & Capture APIs to authorize payments without actually receiving them, and how to get authorized payments z How to refund a customer’s payment z How to search for transactions and find details of a specific transaction z How to use PayPal’s automated payment-notification capabilities Authorization & Capture APIs PayPal uses Authorization & Capture in both Express Checkout and Direct Payment.
8 Transactions Authorization & Capture APIs Honor Period and Authorization Period When the customer approves an authorization, the customer’s balance can be placed on hold for a 29-day period to ensure the availability of the authorization amount for capture. The merchant can reauthorize a transaction only once, up to 115% of the originally authorized amount (not to exceed an increase of $75 USD).
Transactions Authorization & Capture APIs 8 TABLE 8.1 DoCapture Request Parameters (Continued) Parameter Description Required? CURRENCYCODE A three-character currency code for one of the PayPal-supported transactional currencies. Default value: USD No COMPLETETYPE The value Complete indicates this is the last capture to make. The value NotComplete indicates there will be additional captures.
8 Transactions Authorization & Capture APIs TABLE 8.2 DoCapture Response Fields (Continued) 90 Field Description PARENTTRANSACTIONID Parent or related transaction identification number. This field is populated for the following transaction types: z Reversal — Capture of an authorized transaction. z Reversal — Reauthorization of a transaction. z Capture of an order — The value of PARENTTRANSACTIONID is the original OrderID.
Transactions Authorization & Capture APIs 8 TABLE 8.2 DoCapture Response Fields (Continued) Field Description PAYMENTSTATUS The status of the payment: z None — No status. z Canceled-Reversal — A reversal was canceled. For example, the merchant won a dispute with the customer, and the funds for the transaction that was reversed were returned. z Completed — The payment was completed, and the funds were added successfully to the merchant’s account balance. z Denied — The merchant denied the payment.
8 Transactions Authorization & Capture APIs DoVoid Response A DoVoid response contains the results of an authorization void. TABLE 8.4 DoVoid Response Fields Field Description AUTHORIZATIONID The authorization identification number specified in the request. Character length and limits: 19 single-byte characters DoReauthorization Request Use a DoReauthorization request to request a reauthorization for a given amount of money. TABLE 8.
Transactions Refunds 8 Authorization & Capture Best Practices The following sections describe the best practices to follow in using Authorization & Capture, to ensure the best buying experience for customers and get the most benefit from Authorization & Capture. Capturing Funds on Basic Authorizations PayPal recommends that a merchant capture funds within the honor period of three days, because PayPal will honor the funds for a three-day period after the basic authorization.
8 Transactions Refunds RefundTransaction Request Use a RefundTransaction request to initiate a full or partial refund of a transaction. TABLE 8.7 RefundTransaction Request Parameters Parameter Description Required? METHOD Name of API call: RefundTransaction Yes TRANSACTIONID Unique identifier of a transaction. Character length and limitations: 17 single-byte alphanumeric characters Yes REFUNDTYPE Type of refund to make: z Full z Partial z Other Yes AMT Refund amount.
Transactions Transaction Searches 8 Transaction Searches To find all transactions that occurred on a particular date, use the TransactionSearch API. The date must be in UTC/GMT format. With TransactionSearch, always set the StartDate field. Also note the following: z Setting TransactionID overrides all other fields (including StartDate). z The effect of setting other elements is additive or can alter the search criteria. TransactionSearch returns up to 100 matches. Partial matches are displayed.
8 Transactions Transaction Searches TABLE 8.9 TransactionSearch Request Parameters (Continued) 96 Parameter Description Required? INVNUM Search by the invoice identification key, as set for the original transaction. This field searches the records for items sold by the merchant, not for items purchased. No wildcards are allowed. Character length and limitations: 127 single-byte characters maximum. No ACCT Search by credit-card number, as set for the original transaction.
Transactions Transaction Searches 8 TABLE 8.9 TransactionSearch Request Parameters (Continued) Parameter Description Required? TRANSACTIONCLASS Search by classification of transaction. Some possible classes of transactions are not searchable with this field (for example, bank-transfer withdrawals).
8 Transactions Retrieving Transaction Details TransactionSearch Response A TransactionSearch response contains the results of the transaction search. N OTE : Each of these parameters should be numbered sequentially beginning with 0 (for example, L_TIMESTAMP0, L_TIMESTAMP1, L_TIMESTAMP2, and so on). TABLE 8.10 TransactionSearch Response Fields Field Description L_TIMESTAMPn Date and time (in UTC/GMT format) the transaction occurred. L_TIMEZONEn Time zone of the transaction.
Transactions Payment Notification Integration 8 GetTransactionDetails Request Use a GetTransactionDetails request to search for a specific transaction. TABLE 8.11 GetTransactionDetails Request Parameters Parameter Description Required? METHOD Name of the method: GetTransactionDetails Yes TRANSACTIONID Unique identifier of a transaction. Character length and limitations: 17 single-byte alphanumeric characters.
8 Transactions Payment Notification Integration Reporting Paypal Reporting Tools provide the information necessary to effectively measure and manage a business. With PayPal Reporting Tools, merchants can: z Analyze revenue sources to better understand customers’ buying behaviors. z Automate time-consuming bookkeeping tasks. z Accurately settle and reconcile transactions.
Transactions Payment Notification Integration 8 that will process the IPN posts, and click Save. Doing this activates IPN for all transactions. Setting Up an IPN-Processing Program The data sent by IPN is in the form of name-value pairs. At a minimum, a program must process these pairs; other processing may be necessary based on the merchant’s order management needs, database, and other factors outside the scope of this guide. Code samples for several environments are available at http://www.paypal.
8 Transactions Payment Notification Integration NOTIFYURL=IPNnotificationURL?shared_secret_variable_name=shared_secret_value where: z IPNnotificationURL is the notification URL. z shared_secret_variable_name is any variable name. z shared_secret_value is the shared secret itself. The merchant can also specify a shared secret in his Profile, which is used for all transactions. Specifying a shared secret in the NOTIFYURL variable explicitly overrides the value in the Profile.
Transactions Dispute Notification 8 Dispute Notification Customers can register claims about payments; these claims are called cases. PayPal notifies merchants about new cases with email and with IPN. There are two kinds of cases: z z A complaint occurs when a customer uses the PayPal Resolution Center to register a complaint about a payment to a merchant. A chargeback occurs when a customer files a complaint with a credit-card company, and the credit-card company issues a chargeback.
8 104 Transactions Review Questions March 2008 PayPal Certified Developer Program Study Guide
9 Sandbox Testing In this chapter, you will learn: z How to set up test users in the Sandbox z How to test various aspects of an integrated e-commerce application in the Sandbox z How to migrate the application to use the live PayPal server Overview The PayPal Sandbox is a self-contained environment within which you can prototype and test PayPal features and APIs without using real money or impacting your production system’s PayPal accounts.
9 Sandbox Testing Overview TABLE 9.1 Differences between PayPal Sandbox, and Live PayPal (Continued) 106 Live PayPal Website and API Service Item PayPal Sandbox SOAP API Servers https://api.sandbox.paypal.com/2.0/ For API certificate security: https://api.paypal.com/2.0/ For API signature security: https://api-3t.paypal.com/2.0/ Business roles You fill all roles you need to test: merchant, buyer, and seller. Real-world people fill these roles.
Sandbox Testing Accessing the PayPal Sandbox 9 TABLE 9.1 Differences between PayPal Sandbox, and Live PayPal (Continued) Live PayPal Website and API Service Item PayPal Sandbox Digital certificates After you request digital certificates for use with the PayPal Web Services API, the Sandbox automatically generates them. They are available for immediate downloading.
9 Sandbox Testing Accessing the PayPal Sandbox Signing Up for Sandbox Access To sign up for Sandbox access, follow these steps: 1. Go to https://developer.paypal.com. The login screen is shown below: 2. If you already have an account, enter your Log In Email and Password and click Log In.
Sandbox Testing Accessing the PayPal Sandbox 9 3. If you do not already have an account, click Sign Up Now and provide the requested information shown below: IMPO RTANT: Do not use the same login email address or password that you use for logging into the live paypal.com site, because later you may allow someone to work in the Sandbox on your behalf but not want to allow access to your regular PayPal account.
9 Sandbox Testing Accessing the PayPal Sandbox Welcome to the PayPal Sandbox When you log in to the Sandbox, the Sandbox Test Environment home page appears: On this page, you can perform the following actions: z z z Manage test accounts from the Test Accounts tab. You can create and delete test accounts, and enter the Sandbox Test Site, which simulates the live paypal.com site. For more information, see “Setting Up Test Accounts” on page 111. Access email sent to test accounts from the Test Email tab.
Sandbox Testing Setting Up Test Accounts 9 PayPal test email, however, is a self-contained email system in the Sandbox itself. You see email messages addressed only to the Sandbox test accounts you set up. Up to 30 of the latest email messages are listed on the Test Email tab. The subject lines of unread email messages are in boldface. To read the message, click a subject line.
9 Sandbox Testing Setting Up Test Accounts Managing Test Accounts You can view, work with, or launch the Sandbox Test Site for all your test accounts. You also can create new accounts or remove test email addresses from your view. z z z To work with test accounts, log in to https://developer.paypal.com, and click the Test Accounts tab. To create a new account, click the Create Account link. To work with the account, select it by clicking the radio button associated with it on the left.
Sandbox Testing Setting Up Test Accounts 9 3. Click Create Account. The result is shown below. N OTE : The Login Email is a pseudo-randomized address, based on the address you specified. Credit-card and bank-account numbers also are generated randomly.
9 Sandbox Testing Setting Up Test Accounts Creating a Business Account To create a seller with a Business account, follow these steps: 1. After logging in, select Test Accounts and click the Create Test Account link. 2. For the Account Type, choose Seller. Make other selections or accept the defaults. See the screenshot below. 3. Click Create Account. The result is shown below.
Sandbox Testing Setting Up Test Accounts 9 N OTE : The Login Email is a pseudo-randomized address, based on the address you specified. Credit-card and bank-account numbers also are generated randomly. Verified Account Status By default, a test account has a confirmed bank account and email addresses. To create an unverified account, change the bank account to unconfirmed. Adding a Funding Source To test transactions, you must add a source of funds to your buyer test account.
9 Sandbox Testing Setting Up Test Accounts The bank account is a source of funds for a user’s PayPal account and, thus, for transactions between that test account and other test accounts. A test account can have multiple bank accounts, but at least one is required to verify the test account. The Sandbox automatically generates bank-account and sort-code numbers when you add a bank account. For Australia, Canada, Germany, or UK.
Sandbox Testing Setting Up Test Accounts 9 6. In the resulting success window, click the Continue button at the bottom. The My Account > Overview page opens. 7. Click the Confirm Bank Account link in the Activate Account box at the left side. 8. In the Confirm Bank Account window, click Submit. Adding Credit Cards A credit card is a source of funds for the buyer’s PayPal account; thus, it can be used for transactions between a buyer’s test account and other test accounts.
9 Sandbox Testing Testing PayPal Website Features Testing PayPal Website Features This chapter describes PayPal products features you can test in the Sandbox without PayPal APIs: z z z Website Payments with Buy Now Buttons — Use the Sandbox to test accepting PayPal as a payment mechanism on a website. Shopping Cart Purchases — Use the Sandbox to test the purchase of multiple items in a single transaction, using a single payment.
Sandbox Testing Testing PayPal Website Features 9 https://www.paypal.com/pdn-item. For general information about shopping-cart purchases, see https://www.paypal.com/shoppingcart. For general information about subscriptions, see https://www.paypal.com/pdn-recurring. Encrypted Website Payments The Sandbox also supports Encrypted Website Payments (EWP), as does the PayPal SDK console. For information about EWP and how to use it, see Website Payments Standard Integration Guide.
9 Sandbox Testing Testing PayPal Website Features Handling Pending Transactions Transactions typically are credited to your PayPal account instantly after the buyer completes the transaction; however, a buyer might select a payment method that is not completed instantly. In these cases, the transaction goes into a pending state, and the transaction is completed after a couple of days. The following sections describe how to set up pending-status transactions that can be either completed or canceled.
Sandbox Testing Testing PayPal Website Features 9 Instant Payment Notification (IPN) You can use the Sandbox to test Instant Payment Notification, such as the PayPal Buy Now button or reversals. Setting up IPN in the Sandbox For information about implementing IPN, see the following: z z Technical overview at https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipntechview-outside Order Management Integration Guide test_ipn Variable.
9 Sandbox Testing Testing PayPal Website Features To enable IPN for a test account, follow these steps: 1. Log in to https://developer.paypal.com, click the Test Accounts tab, select a test account, and click Enter Sandbox Test Site. 2. Click the Profile subtab. 3. Click the Instant Payment Notification Preferences link in the Selling Preferences column. 4. Click Edit. 5. Click the checkbox, and enter the URL where you want to receive your IPN notifications. 6. Click Save. 7.
Sandbox Testing Testing PayPal Website Features 9 4. On the Add Funds by Electronic Funds Transfer page: – In the From drop-down list, select the bank account from which the funds are coming. – In the Amount box, enter the amount to transfer. – Click Continue. 5. On the resulting Add Funds Confirmation page, click Submit. Navigate to My Account > Overview, to see that the transfer transaction is listed.
9 Sandbox Testing Testing PayPal Website Features 5. In the Currency drop-down list, select the currency for the funds. (Note: Auction is not an option in the drop-down list.) 6. In the Type drop-down list, select the reason for sending the funds. 7. Enter text in the Subject box, if desired. This text is the subject of the email sent to the recipient about the transfer of funds. 8. Enter text in the Note memo box. This text appears in the body of the notification email. 9. Click Continue.
Sandbox Testing Testing PayPal NVP APIs 9 10.On the Request Money – Confirm page, click Request Money. This triggers the actual request for funds. 11. Navigate to the My Account > Overview tab. The request for money should be listed. 12.Log in as the buyer, and navigate to the My Account > Overview tab to see the transaction for the buyer’s test account. The transaction for the request for money appears on the My Account > Overview tab with Pay and Cancel buttons.
9 Sandbox Testing Testing PayPal NVP APIs Testing Express Checkout The following diagram shows the Express Checkout flow, which uses the Sandbox as the API server. The pages on the left represent your site. N OTE : For information about Express Checkout, see Express Checkout Integration Guide and PayPal NVP API Developer Guide and Reference. The following steps match the circled numbers in the diagram. To test Express Checkout, perform the actions in each step. 1.
Sandbox Testing Testing PayPal NVP APIs 9 N OTE : The API username is a Sandbox business test account for which a signature exists. To obtain a signature, see the Test Certificates tab of the Sandbox. 2. PayPal responds with a message, like the one shown below.
9 Sandbox Testing Testing PayPal NVP APIs If the operation was successful, the GetExpressCheckout API returns information about the payer, such as the following: TIMESTAMP=2007%2d04%2d05T23%3a44%3a11Z &CORRELATIONID=6b174e9bac3b3 &ACK=Success &VERSION=3%3e300000 &BUILD=1%2e0006 &TOKEN=EC%2d1NK66318YB717835M &EMAIL=YourSandboxBuyerAccountEmail &PAYERID=7AKUSARZ7SAT8 &PAYERSTATUS=verified &FIRSTNAME=... &LASTNAME=... &COUNTRYCODE=US &BUSINESS=... &SHIPTONAME=... &SHIPTOSTREET=... &SHIPTOCITY=...
Sandbox Testing Testing Error Conditions 9 7.
9 Sandbox Testing Testing Error Conditions To test Virtual Terminal, you must set risk controls for address verification and credit-card security, respectively, to Decline or Accept and Report depending on the kind of negative testing you want to perform. If you do not set the appropriate risk controls, default processing occurs, which is to accept the transaction.
Sandbox Testing Testing Error Conditions 9 TABLE 9.2 API Fields That Trigger Error Conditions (Continued) API Name NVP Field Name SOAP Element Description DoDirectPayment AMT OrderTotal Specify the error code to trigger as all digits in a number with two digits to the right of the decimal point; e.g., 107.55 triggers PayPal API error code 10755. SetExpressCheckout MAXAMT MaxAmount Specify the error code to trigger as all digits in a number with two digits to the right of the decimal point; e.g.
9 Sandbox Testing Testing Error Conditions TABLE 9.2 API Fields That Trigger Error Conditions (Continued) API Name NVP Field Name SOAP Element Description BAUpdate Version 2.4 MPID MpID Specify the error code to trigger as all digits in the field; e.g., an ID of 10755 triggers PayPal API error code 10755. BAUpdate Version 3.0 REFERENCEID ReferenceID Specify the error code to trigger as all digits in the field; e.g., an ID of 10755 triggers PayPal API error code 10755.
Sandbox Testing Testing Error Conditions 9 Negative Testing Using a Non-Amount Trigger Field The following example sets up testing for error 10603 for DoVoid, in which the error code is specified in the AUTHORIZATIONID field: METHOD=DoVoid& AUTHORIZATIONID=10603& VERSION=3.
9 Sandbox Testing Testing Error Conditions TIMESTAMP=2007%2d04%2d04T03%3a10%3a23Z& CORRELATIONID=81ccc18eaec49& ACK=Failure& L_ERRORCODE0=10009& L_SHORTMESSAGE0=Transaction%20refused& L_LONGMESSAGE0=You%20can%20not%20refund%20this%20type%20of%20transaction& L_SEVERITYCODE0=Error& L_ERRORCODE1=10009& L_SHORTMESSAGE1=Transaction%20refused& L_LONGMESSAGE1=You%20are%20over%20the%20time%20limit%20to%20perform%20a%20r efund%20on%20this%20transaction& L_SEVERITYCODE1=Error& L_ERRORCODE2=10009& L_SHORTMESSAGE2=Tra
Sandbox Testing Testing Error Conditions 9 TABLE 9.3 AVS Error Conditions and Triggers (Continued) AVS Code Trigger Description of Error F AVS_F Exact match (no error). The UK address and postal code match. P AVS_P The postal code matches, but no address is specified. This results in an error if the “Partial Address Match” risk control is set. W AVS_W The 9-digit zip code matches, but no address is specified. This results in an error if the “Partial Address Match” risk control is set.
9 Sandbox Testing Testing Error Conditions Testing an AVS Code Using Virtual Terminal Consider an example of testing for AVS code A using Virtual Terminal.
Sandbox Testing Testing Error Conditions 9 Testing an AVS Code Using DoDirectPayment The following example sets up testing for AVS code A and error code 10755 in DoDirectPayment, for which AVS code A indicates no zip code is specified and results in an error if the “Partial Address Match” risk control is set, regardless of whether other errors occur: METHOD=DoDirectPayment& CREDITCARDTYPE=VISA& ACCT=4683075410516684& EXPDATE=112007& CVV2=808& AMT=107.55& FIRSTNAME=Designer& LASTNAME=Fotos& IPADDRESS=255.
9 Sandbox Testing Testing Error Conditions Testing Using CVV Codes You can simulate credit-card validation by triggering a CVV error code when you call DoDirectPayment or use Virtual Terminal. To specify a CVV code, place a trigger value in the NVP CVV2 field or the CVV2 SOAP element when you call DoDirectPayment, or enter the trigger in Card Security Code when using Virtual Terminal. Table 9.4 identifies valid CVV codes, corresponding triggers, and descriptions of the error conditions. TABLE 9.
Sandbox Testing Testing Error Conditions 9 When you try to process the transaction, the following CVV error message appears from Virtual Terminal: N OTE : Other errors are also reported in addition to CVV code N. Testing a CVV Code Using DoDirectPayment The following example sets up testing for CCV code N in DoDirectPayment, which indicates a mismatch in the card-validation code: METHOD=DoDirectPayment& CREDITCARDTYPE=VISA& ACCT=4683075410516684& EXPDATE=112007& CVV2=116& AMT=1.
9 Sandbox Testing Testing Recurring Payments The request invokes the following response: TIMESTAMP=2007%2d04%2d04T03%3a35%3a12Z& CORRELATIONID=2499856319532& ACK=Failure& L_ERRORCODE0=15004& L_SHORTMESSAGE0=Gateway%20Decline& L_LONGMESSAGE0=This%20transaction%20cannot%20be%20processed%2e%20Please%20e nter%20a%20valid%20Credit%20Card%20Verification%20Number%2e& L_SEVERITYCODE0=Error& VERSION=3%3e400000& BUILD=1%2e0006 Testing Recurring Payments On the live site, a billing cycle repeats after the actual sp
Sandbox Testing Review Questions 9 Review Questions Answers to review questions are in Appendix A, “Answers to Review Questions.” 1. True or false: Sandbox email messages use the same email system as live PayPal email messages. 2. What variable does the Sandbox use to differentiate between live PayPal and Sandbox IPN? 3. What two pieces of information must be changed in the application code when moving the application from the Sandbox to live PayPal? 4.
9 142 Sandbox Testing Review Questions March 2008 PayPal Certified Developer Program Study Guide
A Answers to Review Questions Chapter 1 1. Indicate if each statement is True (T) or False (F). T F T T The most critical step in establishing an online store is ensuring that you can accept customer payments for single or repeated transactions. Correct answer: According to Cybersource Corp., businesses lost nearly $2.8 billion USD to online fraud in 2005, up from $2.8 billion USD in 2004.
A Answers to Review Questions Chapter 1 3. The following steps describe the payment authorization process. Indicate the correct order of the steps by placing the step number to the left of each description. 4 2 7 8 1 6 3 5 Processor routes information to bank that issued customer’s credit card. Merchant’s website receives customer information and sends it to payment processing service. Processing service sends results to merchant. Merchant decides to accept or reject purchase.
Answers to Review Questions Chapter 1 A 6. Match each PayPal solution to the service it offers. Response PayPal Product Service Description 4 Website Payments Pro 1. Lets you send customers email invoices that they can pay on PayPal. This simple solution does not require you to have a shopping cart or an internet merchant account. 7 Website Payments Standard 2. A gateway that provides a secure connection between your online store and your internet merchant account.
A Answers to Review Questions Chapter 2 7. Select the PayPal payment processing solutions that enable a customer to checkout on the merchant’s website. X X Website Payments Pro Website Payments Standard Payflo Pro Payflow Link Email Payments Virtual Terminal PayPal as an Additional Payment Option 8. Select the PayPal payment processing solutions that require API or HTML technical skills to develop payment processing applications.
Answers to Review Questions Chapter 2 A 2. List the four most common fraud-related risks facing online merchants. – – – – Consumer identity theft Merchant identify theft Accessing payment networks Chargebacks 3. Match each participant in the payment processing network to the role they perform. Response Risk Category Potential Risk Description 7 Merchants with vulnerable security defenses 1.
A Answers to Review Questions Chapter 2 5. Fill in the blanks to complete the following statements. PayPal leverages the Secure Sockets Layer (SSL) protocol, which provides crucial online identity and security to help establish trust between parties involved in e-commerce transactions. Using SSL with an encryption key length of 128 bits (the highest level commercially available), PayPal automatically encrypts your confidential information in transit from your computer to ours.
Answers to Review Questions Chapter 2 A 8. The left column in the table lists the PCI data security standards. The right column contains a list of requirements. Indicate which requirements meet each standard. (Note: Each standard has one or more requirements.
A Answers to Review Questions Chapter 3 Chapter 3 1. The following steps describe the getting started with account setup process. Indicate the correct order of the steps by placing the step number to the left of each description. 2 5 1 4 3 Set up an internet merchant account, if you don’t already have one. Customize your payment processing service with additional services. Choose payment processing services. Use the PayPal APIs to implement payment processing on the merchant website.
Answers to Review Questions Chapter 4 A Chapter 4 1. False. API credentials must be included with every request sent to the PayPal server. 2. True. Chapter 5 1. An ampersand (&). 2. True. 3. The METHOD parameter. 4. True. Chapter 6 1. From the value that was sent to PayPal in the DoExpressCheckoutPayment request. 2. $10,000 USD, in any currency. 3. Three hours. 4. On the shopping cart page, aligned with any other checkout buttons. 5. TAXAMT is required if a value for L_TAXAMTn is specified.
A Answers to Review Questions Chapter 8 Chapter 8 1. Up to 115% of the originally authorized amount (up to $75 USD). 2. False. 3. If REFUNDTYPE is Full, do not set AMT. 4. True. 5. No. 6. A complaint occurs when a customer registers a complaint about a payment to PayPal. A chargeback occurs when a customer registers a complaint with the credit card company. Chapter 9 1. False. 2. test_ipn 3. The server address and the developer’s API credentials. 4. True. 5.
B General Reference Information This appendix contains information that may be valuable when using the PayPal NVP APIs. ShippingAddress Parameter The ShippingAddress parameter is optionally used in a SetExpressCheckout or DoExpressCheckoutPayment request in Express Checkout, and in a DoDirectPayment request in Direct Payment. TABLE B.1 ShippingAddress Parameter Description Required? SHIPTONAME Person’s name associated with this shipping address.
B General Reference Information PayPal-Supported Transactional Currencies PayPal-Supported Transactional Currencies Table B.2 lists the currencies supported by PayPal for use in transactions. TABLE B.
General Reference Information AVS Response Codes B AVS Response Codes Table B.3 lists the AVS response codes for U.S. credit cards (Visa, MasterCard, Discover, and American Express). TABLE B.3 AVS Response Codes AVS Code Meaning Matched Details A Address Address only (no ZIP) B International “A” Address only (no ZIP) C International “N” None N OTE : The transaction is declined.
B General Reference Information CVV2 Response Codes CVV2 Response Codes Table B.4 lists the CVV2 response codes for U.S. credit cards (Visa, MasterCard, Discover, and American Express). TABLE B.
G Glossary A Address Verification System (AVS) — A system used to verify the identity of a credit card holder. API certificate — A file (downloaded from PayPal) that includes a key and certificate that identify a developer. An API certificate must be installed on a web server; therefore, it is an option only if the developer has full control of the web server. API credentials — A set of data that uniquely identifies a developer to the PayPal API server. The credentials are attached to every API call.
G P PayPal Direct Payment API — An API that enables merchants to accept credit card payments directly on their website. PayPal remains invisible, so that the merchant controls the customer experience. PayPal Express Checkout — An API that allows PayPal account holders to check out fast with saved information, and enables merchants to gain incremental sales from the growing base of PayPal users. R Redirect — To automatically induce a web browser to go to a new location.
I Index A acquiring bank 12 adding a bank account 115 address verification system (AVS) 34 address verification testing 134 Advanced Fraud Protection Service 35 API certificate 48 and Sandbox 50 encrypting 49 generating 49 installing 49 API credentials 56 definition 47 required security parameters 50 API server for Sandbox 105, 106 API signature 48 protecting 48 API testing 130 Authorization & Capture and Direct Payment 76, 85 and Express Checkout 76, 85, 87 authorization period 88 authorization process 8
I Index DoDirectPayment request 80 response 84 DoExpressCheckoutPayment request 68 response 71 DoReauthorization request 92 response 92 DoVoid request 91 response 92 E eCheck 123 email live payment notification 99 email in Sandbox 111 Email Payments 17 errors, testing 129 Express Checkout 44, 59 and Authorization & Capture 76, 85, 87 button placement 73 DoExpressCheckoutPayment API request 68 response 71 GetExpressCheckoutDetails API request 66 response 66 SetExpressCheckout API and updating shipping add
Index negative testing 129 O OpenSSL 49 Order Review page 76 P Payflow Gateway products 15 Payflow Link 14, 15, 17, 43 Payflow Pro 14, 15, 17, 43 paying 123 Payment Card Industry (PCI) Data Security Standard 13, 24, 31 payment processing authorization 12 payment processing network 11 payment processing service 12 payment processing services 43 payment processing settlement 13 PayPal as an Additional Payment Option 16 PayPal Email Payments 15 PayPal Sandbox 44 PayPal Virtual Terminal 15 pending transactio
I Index negative 129 paying 123 Send Money 123 verifying a payment 119 verifying a refund 122 Website Payments 118 testing recurring payments 140 TransactionSearch request 95 response 98 Transit Number 116 U UK bank account info 116 URL-encoding 55 V Virtual Terminal 17 Visa 33 W Website Payments 118 Website Payments Pro 14, 17, 43, 111, 117 Website Payments Standard 14, 15, 17, 43 162 March 2008 PayPal Certified Developer Program Study Guide