Integration Guide
Table Of Contents
- Website Payments Pro Hosted Solution Integration Guide
- About This Guide
- Intended Audience
- Revision History
- Documentation Feedback
- Getting Started with Website Payments Pro Hosted Solution
- Integrating Your Website Using HTML
- Customising Your PayPal Payment Page
- Integrating iFrame in Your Website
- Integrating Your Website Using API
- Testing Your Integration in Sandbox
- Order Processing
- Protecting Buttons by Using Encrypted Website Payments
- Public Key Encryption Used by Encrypted Website Payments
- Setting Up Certificates Before Using Encrypted Website Payments
- Generating Your Private Key Using OpenSSL
- Generating Your Public Certificate Using OpenSSL
- Uploading Your Public Certificate to Your PayPal Account
- Downloading the PayPal Public Certificate from the PayPal Website
- Removing Your Public Certificate
- Using Encrypted Website Payments to Protect Your Payment Buttons
- Blocking Unprotected and Non-encrypted Website Payments
- Optional API Operations
- Moving from Website Payments Standard to Hosted Solution
- Error Messages
- Currency Codes
- Index
8
Protecting Buttons by Using
Encrypted Website Payments
Using Encrypted Website Payments helps secure payment buttons that you generate or write
manually. Encrypted Website Payments protects the HTML button code that contains pricing
information by encrypting it. HTML button code that you protect by using Encrypted Website
Payments cannot be altered by malicious third parties to create fraudulent payments.
Encrypted Website Payments relies on standard public key encryption for protection. With
public and private keys, you can dynamically generate HTML code for payment buttons and
encrypt the payment details before displaying the buttons on your website. The below table
illustrates the sequence of actions that occur with payment buttons protected by using
Encrypted Website Payments.
TABLE 8.1 How Encrypted Website Payments Works
Website Actions Buyer Action PayPal Action
Generate a public key for the
website, upload it to PayPal, and
download the PayPal public
certificate to the website.
N OTE: Do this action only once,
when you first integrate
Hosted Solution with your
website.
Generate HTML code for a payment
button.
Encrypt the generated code by using
the PayPal public key and then
signing the encrypted code with the
website’s private key.
Publish the signed, encrypted
HTML code for the payment button
to the website
Click the published PayPal payment
button.
Check the authenticity of the data by
using the website’s public key,
which was previously uploaded to
PayPal.
Decrypt the protected button code
by using the PayPal private key.
Redirect the payer’s browser to the
appropriate PayPal checkout
experience, as specified in the
HTML variables of the decrypted
button code.