具有透明重定向的 PayPal PayFlow Pro - 用户身份验证失败问题/文档 [英] PayPal PayFlow Pro with Transparent Redirect - User Authentication Failed Issues / Documentation

问题描述

我在将 PayPal PayFlow Pro 集成到我的网站中时遇到了一些困难 - 并找到了当前文档.

PayFlow Link 有一个类似的问题 - https://stackoverflow.com/questions/15808604/result-1-respmsg-userauthenticationfailed-in-test-transaction-for-mastercard - 但我想深入了解细节.

我想将透明重定向功能与SILENTTRAN选项一起使用，以便:

1. 信用卡数据直接发送到网关(即不通过我的服务器)
2. 用户被重定向回指定页面以确认交易或错误(响应页面).

我目前正在阅读这份文件:https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf

这在此页面上列为 Payflow Gateway 开发人员指南 (PDF) - https://developer.paypal.com/webapps/developer/docs/classic/products/payflow-gateway/ - 所以我假设它是当前的文档.

根据第 28 页，流程应该是:

1. 客户点击购买"在您的网站上购买商品.[完成]
2. 您通过将安全令牌 ID 传递给网关服务器来请求安全令牌.在请求中，您传递名称-值对 SILENTTRAN=TRUE.此名称-值对可防止显示托管页面.[完成]
3. 网关服务器将安全令牌和您的令牌 ID 返回到您的网站.[完成]
4. 您在网站的结帐页面中向客户显示信用卡字段.[完成]
5. 客户在信用卡字段中输入他们的信用卡号、到期日期和其他敏感数据，然后点击提交.[完成] 浏览器将支付数据直接发布到网关服务器，避开您的网站并简化您的 PCI 合规性要求.[这里的问题]

以下是透明重定向的安全令牌请求示例.我使用占位符代替了我实际的实时 PayFlow Pro 帐户详细信息(该帐户在 manager.paypal.com 服务摘要中声明了Payflow SDK/API(完全访问权限)Live")，但我在实际要求.同样，我使用可公开访问的页面作为返回 URL:

USER=MYUSER&VENDOR=MYUSER&PARTNER=VSA&PWD=MYPASSWORD&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Doe&BILLTOSTREET=123 Fake Street&BILLTOSTREET2=&BILLTOSTREET205555555555&EMAIL=me@email.com&BILLTOSTATE=NSW&AMT=0.05&RETURNURL=http://www.example.com&CANCELURL=http://www.example.com&ERRORURL=http://www.example.com&TRXTYPE=A&SILENTTRAN=TRUE&VERBOSITY=HIGH&CREATESECURETOKEN=Y&TENDER=C&SECRETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA

我使用服务器端代码执行令牌交易，我可以看到我收到了这样的回复:

RESULT=0&SECURETOKEN=TOKENWASHEREsdsdfjkj&SECRETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA&RESPMSG=批准

所以这里的帐户似乎正确地进行了身份验证.我已在 Fiddler 中确认我将此请求发布到 https://payflowpro.paypal.com.>

然后我接受该响应并将其放入发回网关的 HTML 表单中，例如:

 
<!-- <input name="MODE" class="inpPPField" id="hdn_pp_mode" type="hidden" value="Test">--><input name="SECURETOKEN" class="inpPPField" id="hdn_pp_securetoken" type="hidden" value="TOKENWASHEREsdsdfjkj"><input name="SECURETOKENID" class="inpPPField" id="hdn_pp_securetokenid" type="hidden" value="VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA"><input name="CARDNUM" class="inpPPField" id="hdn_pp_CardNum" type="hidden" value="41111111111111111"><input name="EXPMONTH" class="inpPPField" id="hdn_pp_expMonth" type="hidden" value="11"><input name="EXPYEAR" class="inpPPField" id="hdn_pp_expYear" type="hidden" value="16"><input name="CVV2" class="inpPPField" id="hdn_pp_cvv2" type="hidden" value="123"><!--<input name="SILENTTRANS" class="inpPPField" id="hdn_pp_silenttrans" type="hidden" value="Y">--><input name="VERBOSITY" class="inpPPField" id="hdn_pp_verbosity" type="hidden" value="HIGH"><input class="inpPPField" type="submit" value="Submit"/></表单>

请注意，我使用了与令牌响应中返回的相同的令牌 ID 和令牌 - 这些是占位符.我还使用了实际的信用卡号和其他信用卡字段值.

这是将我发布到 https://payflowpro.paypal.com，它只是说明了响应(在页面正文中):

<块引用>

RESULT=1&RESPMSG=用户认证失败

这不应该让我回到错误页面吗?或者它是否在该过程的早期失败，以至于网关甚至从未尝试解释令牌和重定向?我已经尝试将我的返回 URL 设置为实时网站 URL，但似乎没有什么不同.我还尝试从可公开访问的网络服务器而不是本地主机发布此内容，但结果是相同的.

我遇到的另一个问题是查找相关文档.这里有一个Payflow Service Testing"文档:https://ppmts.custhelp.com/app/answers/detail/a_id/456/kw/payflow%20pro%20transparent%20redirect%20error%20page%20get%20codes

此页面的日期为 2007 年，使用 Payflow Pro 进行测试标题下的链接(即该指南可在 x.com 上获得)已损坏.该指南有点含糊，我发现的唯一代码示例是用 PHP 编写的(参见 https://go.developer.ebay.com/developers/community/blogs/pp_integrations_nate/payflow-transparent-redirect).我已将示例中的逻辑重写为 ASP.Net 应用程序.

总而言之，我的问题是:

1. 我是否使用了正确的逻辑来处理信用卡交易?
2. 如果没有，有人可以指出我哪里出错了，我可以在哪里找到最相关和最新的文档
3. 最新测试程序文档的链接

我的下一个想法是尝试使用以下说明设置使用测试帐户:https://ppmts.custhelp.com/app/answers/detail/a_id/929/显然这是针对托管的 PayFlow 页面，但我怀疑只要我指定 SILENTTRAN 选项，过程应该是相似的.我在本周早些时候尝试让测试帐户正常工作，但没有成功，但现在似乎是下一个合乎逻辑的尝试.

我已经向 PayPal 工程师开了一个支持票，他们正在调查这个问题，但很高兴知道社区中是否有人设法解决了类似的问题.

据我刚刚谈到的 PayPal 工程师说，SILENTTRANS 值仅在安全令牌请求中是必需的.我已经在上面的交易请求表中对此进行了评论，但这并没有解决问题.我们还确认可以对 进行非安全令牌(即非透明重定向)请求https://pilot-payflowpro.paypal.com/ 使用我的帐户详细信息.

编辑 2:PayPal 指示我使用 https://payflowlink.paypal.com/(不是 https://payflowpro.paypal.com)对于交易发布 URL，但要继续使用 https://payflowpro.paypal.com 作为令牌请求.这确实允许我使用透明重定向进入我的确认页面(这是一个很好的结果)，但对我来说我使用的是payflowlink"而不是payflowpro"并没有多大意义网关.我还发现这个教程似乎支持这个 https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial

任何使用 PayFlow Pro 透明产品的人都可以确认这是正确的(或不正确).

解决方案

如果您要使用与托管结帐页面相关的任何功能，您需要重定向到 - https://payflowlink.paypal.com 或 https://pilot-payflowlink.paypal.com

Payflow Pro URL 专门用于 API 调用，您不应该通过它们重定向买家.

您的帐户还需要是正确的类型才能使用托管结账功能.您可以通过登录并检查右侧以查看您的帐户启用了哪些产品来检查您的帐户可用的选项.

透明重定向的文档很少.X.com 上有一些帖子，但这些文章还没有移到其他地方.

I'm having some difficulty integrating - and finding current documentation for - integrating PayPal PayFlow Pro into my website.

There is a similar question here for PayFlow Link - https://stackoverflow.com/questions/15808604/result-1-respmsg-userauthenticationfailed-in-test-transaction-for-mastercard - but I wanted to go into the specifics.

I want to use the Transparent Redirect feature with the SILENTTRAN option so that:

1. the credit card data is sent directly to the gateway (i.e. not through my server)
2. the user is redirected back to a nominated page to confirm the transaction or error (reponse page).

I'm currently reading through this document: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf

This is listed as Payflow Gateway Developer's Guide(PDF) on this page - https://developer.paypal.com/webapps/developer/docs/classic/products/payflow-gateway/ - so I'm assuming it is the current documentation.

According to page 28, the process should be:

1. The customer clicks Buy to purchase merchandise on your website. [DONE]
2. You request a secure token by passing a secure token ID to the Gateway server. In the request, you pass the name-value pair, SILENTTRAN=TRUE. This name-value pair prevents the hosted pages from displaying. [DONE]
3. The Gateway server returns the secure token and your token ID to your website. [DONE]
4. You display the credit card fields to the customer in a checkout page on your website. [DONE]
5. The customer enters their credit card number, expiration date, and other sensitive data into the credit card fields and clicks Submit. [DONE] The browser posts the payment data directly to the Gateway server, avoiding your website and easing your PCI compliance requirements. [PROBLEMS HERE]

Below is an example of a secure token request for the transparent redirect. I've used placeholder in place of my actual live PayFlow Pro account details (this account states 'Payflow SDK/API (Full Access) Live' in the manager.paypal.com Service Summary), but I used my real PayPal credentials in the actual request. Likewise I used publicly accessible pages for my return URLs:

USER=MYUSER&VENDOR=MYUSER&PARTNER=VSA&PWD=MYPASSWORD&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Doe&BILLTOSTREET=123 Fake Street&BILLTOSTREET2=&BILLTOCITY=Sydney&BILLTOZIP=2000&BILLTOPHONENUM=5555555555&EMAIL=me@email.com&BILLTOSTATE=NSW&AMT=0.05&RETURNURL=http://www.example.com&CANCELURL=http://www.example.com&ERRORURL=http://www.example.com&TRXTYPE=A&SILENTTRAN=TRUE&VERBOSITY=HIGH&CREATESECURETOKEN=Y&TENDER=C&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA

I perform the token transaction using server-side code, and I can see that I'm getting a response back like so:

RESULT=0&SECURETOKEN=TOKENWASHEREsdsdfjkj&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA&RESPMSG=Approved

So it seems like the account authenticates correctly here. I have confirmed in Fiddler that I am posting this request to https://payflowpro.paypal.com.

I then take that response and put this into a HTML form which posts back to the gateway, e.g.:

    <form id="form" action="https://payflowpro.paypal.com" method="post">

        <!-- <input name="MODE" class="inpPPField" id="hdn_pp_mode" type="hidden" value="Test"> -->

        <input name="SECURETOKEN" class="inpPPField" id="hdn_pp_securetoken" type="hidden" value="TOKENWASHEREsdsdfjkj">

        <input name="SECURETOKENID" class="inpPPField" id="hdn_pp_securetokenid" type="hidden" value="VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA">

        <input name="CARDNUM" class="inpPPField" id="hdn_pp_CardNum" type="hidden" value="4111111111111111">

        <input name="EXPMONTH" class="inpPPField" id="hdn_pp_expMonth" type="hidden" value="11">

        <input name="EXPYEAR" class="inpPPField" id="hdn_pp_expYear" type="hidden" value="16">

        <input name="CVV2" class="inpPPField" id="hdn_pp_cvv2" type="hidden" value="123">

        <!--<input name="SILENTTRANS" class="inpPPField" id="hdn_pp_silenttrans" type="hidden" value="Y">-->

        <input name="VERBOSITY" class="inpPPField" id="hdn_pp_verbosity" type="hidden" value="HIGH">

        <input class="inpPPField" type="submit" value="Submit" />

    </form>
</body>

Please note that I used the same token ID and token as what was returned in the token reponse - these are placeholders. I also used an actual credit card number and other credit-card field values.

This is posting me to https://payflowpro.paypal.com, which just states the response (in the body of the page):

RESULT=1&RESPMSG=User authentication failed

Shouldn't this be returning me to my error page? Or is it failing earlier in the process so that the gateway never even tries to interpret the token and redirect? I've tried setting my return URLs to live website URLs, and it doesn't seem to be making a difference. I've also tried posting this from a publicly accessible web-server rather than localhost, but the result is the same.

One other problem I'm having is finding relevant documentation. There is a 'Payflow Service Testing' document here: https://ppmts.custhelp.com/app/answers/detail/a_id/456/kw/payflow%20pro%20transparent%20redirect%20error%20page%20get%20codes

This page is dated 2007, and the link under the Testing using Payflow Pro heading (i.e. The guide is available at x.com) is broken. The guide is a little vague, and the only examples of code I've found are in PHP (see https://go.developer.ebay.com/developers/community/blogs/pp_integrations_nate/payflow-transparent-redirect). I have rewritten the logic in the example as an ASP.Net application.

In summary, my questions are:

1. Am I using the correct logic to process a credit card transaction?
2. If not, can someone point out where I am going wrong, and where I can find the most relevant and current documentation
3. A link(s) for the most current test procedure documents

My next idea is to try setting up an using a test account using these instructions: https://ppmts.custhelp.com/app/answers/detail/a_id/929/ Obviously this is for hosted PayFlow pages, but I suspect the procedure should be similar as long as I specify the SILENTTRAN option. I tried unsuccessfully to get the test account working earlier in the week, but it seems like the next logical thing to try at this point.

I have already opened a support ticket open with PayPal engineers and they are looking into this, but it would be great to know if anyone in the community has managed to resolve a similar issue.

EDIT: according to a PayPal engineer I just spoke to the SILENTTRANS value is only required in the secure token request. I have commented this out in the transaction request form above, but this did not solve the issue. We also confirmed that it is possible to do a non-secure-token (i.e. non-transparent-redirect) request to https://pilot-payflowpro.paypal.com/ using my account details.

EDIT 2: I have been instructed by PayPal to use https://payflowlink.paypal.com/ (not https://payflowpro.paypal.com) for the transaction post URL, but to continue using https://payflowpro.paypal.com for the token request. This does allow me to get through to my confirmation page using a transparent redirect (which is a great outcome), but it doesn't make a lot of sense to me that I'm using the 'payflowlink' rather than the 'payflowpro' gateway. I also found this tutorial which seems to support this https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial

Can anyone using the PayFlow Pro Transparent Product please confirm that this is correct (or otherwise).

解决方案

If you're going to use any feature related to the hosted checkout page you'll need to redirect to - https://payflowlink.paypal.com or https://pilot-payflowlink.paypal.com

The Payflow Pro URL's are specifically for API calls and they aren't something you should be redirecting buyers through.

Your account also needs to be the correct type to be able to use the hosted checkout feature. You can check what options are available to your account by logging in and checking the right side to see what products are enabled on your account.

Documentation for transparent redirect is sparse. X.com had a few posts on it but those articles haven't been moved somewhere else yet.

这篇关于具有透明重定向的 PayPal PayFlow Pro - 用户身份验证失败问题/文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！