具有透明重定向的PayPal PayFlow Pro-用户身份验证失败问题/文档 [英] PayPal PayFlow Pro with Transparent Redirect - User Authentication Failed Issues / Documentation

问题描述

我在整合-以及查找有关将 PayPal PayFlow Pro 集成到我的网站中的最新文档方面遇到了一些困难.

此处有一个类似的PayFlow链接问题- https ://stackoverflow.com/questions/15808604/result-1-respmsg-userauthenticationfailed-in-test-transaction-for-Mastercard -但我想详细说明.

我想将透明重定向功能与 SILENTTRAN 选项结合使用，以便:

1. 信用卡数据直接发送到网关(即不通过我的服务器)
2. 将用户重定向回指定页面以确认交易或错误(响应页面).

我目前正在阅读此文档: https://www.paypalobjects.com/webstatic/zh_CN/developer/docs/pdf/payflowgateway_guide.pdf

此页在此页面上列为 Payflow网关开发人员指南(PDF)-

您通过将安全令牌ID传递到网关服务器来请求安全令牌.在请求中，您传递名称/值对SILENTTRAN = TRUE.此名称/值对阻止显示托管页面. [完成]

网关服务器将安全令牌和您的令牌ID返回到您的网站. [完成]

您可以在网站的结帐页面上向客户显示信用卡字段. [完成]

客户在信用卡字段中输入其信用卡号，有效期和其他敏感数据，然后单击提交". [完成]浏览器将付款数据直接发布到网关服务器，从而避免了访问您的网站并简化了PCI合规性要求. [这里的问题]

下面是透明重定向的安全令牌请求示例.我已使用占位符代替实际的实时PayFlow Pro帐户详细信息(此帐户在manager.paypal.com服务摘要中声明了"Payflow SDK/API(完全访问)实时")，但是我在帐单中使用了我的真实PayPal凭据实际要求.同样，我使用可公开访问的网页作为返回网址:

USER=MYUSER&VENDOR=MYUSER&PARTNER=VSA&PWD=MYPASSWORD&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Doe&BILLTOSTREET=123 Fake Street&BILLTOSTREET2=&BILLTOCITY=Sydney&BILLTOZIP=2000&BILLTOPHONENUM=5555555555&EMAIL=me@email.com&BILLTOSTATE=NSW&AMT=0.05&RETURNURL=http://www.example.com&CANCELURL=http://www.example.com&ERRORURL=http://www.example.com&TRXTYPE=A&SILENTTRAN=TRUE&VERBOSITY=HIGH&CREATESECURETOKEN=Y&TENDER=C&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA

我使用服务器端代码执行令牌交易，并且可以看到像这样返回响应:

RESULT=0&SECURETOKEN=TOKENWASHEREsdsdfjkj&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA&RESPMSG=Approved

因此，似乎该帐户在此正确进行了身份验证.我已经在Fiddler中确认，我已将此请求发布到 https://payflowpro.paypal.com .

然后我将该响应放入HTML表单中，该表单会发回网关，例如:

    <form id="form" action="https://payflowpro.paypal.com" method="post">

        <!-- <input name="MODE" class="inpPPField" id="hdn_pp_mode" type="hidden" value="Test"> -->

        <input name="SECURETOKEN" class="inpPPField" id="hdn_pp_securetoken" type="hidden" value="TOKENWASHEREsdsdfjkj">

        <input name="SECURETOKENID" class="inpPPField" id="hdn_pp_securetokenid" type="hidden" value="VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA">

        <input name="CARDNUM" class="inpPPField" id="hdn_pp_CardNum" type="hidden" value="4111111111111111">

        <input name="EXPMONTH" class="inpPPField" id="hdn_pp_expMonth" type="hidden" value="11">

        <input name="EXPYEAR" class="inpPPField" id="hdn_pp_expYear" type="hidden" value="16">

        <input name="CVV2" class="inpPPField" id="hdn_pp_cvv2" type="hidden" value="123">

        <!--<input name="SILENTTRANS" class="inpPPField" id="hdn_pp_silenttrans" type="hidden" value="Y">-->

        <input name="VERBOSITY" class="inpPPField" id="hdn_pp_verbosity" type="hidden" value="HIGH">

        <input class="inpPPField" type="submit" value="Submit" />

    </form>
</body>

请注意，我使用的令牌ID和令牌与令牌响应中返回的令牌和令牌相同-这些是占位符.我还使用了实际的信用卡号和其他信用卡字段值.

这会将我发布到 https://payflowpro.paypal.com ，其中仅说明了响应(在页面的正文中):

RESULT = 1& RESPMSG =用户身份验证失败

这不是应该让我回到错误页面吗?还是它在此过程的早期失败了，以至于网关甚至从未尝试解释令牌并重定向?我尝试将返回URL设置为实时网站URL，但似乎没有什么不同.我也尝试过从可公开访问的Web服务器(而不是localhost)发布此消息，但是结果是相同的.

我遇到的另一个问题是找到相关的文档.这里有一个"Payflow服务测试"文档: https://ppmts.custhelp.com/app/answers/detail/a_id/456/kw/payflow%20pro%20transparent%20redirect%20error%20page%20get%20codes

此页面的日期为2007，并且使用Payflow Pro测试标题下的链接(即该指南在x.com上可用)已断开.该指南含糊不清，并且我发现的唯一代码示例在PHP中(请参阅> https://ppmts.custhelp.com/app/answers/detail/a_id /929/ 显然，这是针对托管的PayFlow页面的，但是我怀疑只要指定了SILENTTRAN选项，该过程就应该相似.我尝试在本周早些时候使测试帐户正常运行，但未成功，但这似乎是下一个尝试的顺理成章的事情.

我已经与PayPal工程师一起打开了一张支持票，他们正在对此进行调查，但是很高兴知道社区中是否有人能够解决类似的问题.

据我刚才说过的贝宝(PayPal)工程师所说， SILENTTRANS 值仅在安全令牌请求中才需要.我已经在上面的交易请求表中对此进行了注释，但这并不能解决问题.我们还确认可以对 https://pilot-payflowpro.paypal.com/使用我的帐户详细信息.

PayPal指示我使用https:// payflowlink .paypal.com/(不是https:// payflowpro .paypal.com)用于交易发布网址，但要继续使用 https://payflowpro.paypal.com 进行令牌请求.这确实允许我使用透明的重定向进入我的确认页面(这是一个很好的结果)，但是对我来说，我使用的是"payflowlink"而不是"payflowpro"，这对我来说并没有多大意义网关.我还发现该教程似乎支持该 https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial

使用PayFlow Pro透明产品的任何人都可以确认这是正确的(否则).

解决方案

如果要使用与托管结帐页面相关的任何功能，则需要重定向到-https://payflowlink.paypal.com或https://pilot-payflowlink.paypal.com

Payflow Pro URL专用于API调用，您不应通过它们重定向买家.

您的帐户还必须是正确的类型，才能使用托管的结帐功能.您可以登录并检查右侧以查看帐户中启用了哪些产品，以检查帐户中可用的选项.

透明重定向的文档很少. X.com上有几篇文章，但是这些文章还没有移到其他地方.

I'm having some difficulty integrating - and finding current documentation for - integrating PayPal PayFlow Pro into my website.

There is a similar question here for PayFlow Link - https://stackoverflow.com/questions/15808604/result-1-respmsg-userauthenticationfailed-in-test-transaction-for-mastercard - but I wanted to go into the specifics.

I want to use the Transparent Redirect feature with the SILENTTRAN option so that:

1. the credit card data is sent directly to the gateway (i.e. not through my server)
2. the user is redirected back to a nominated page to confirm the transaction or error (reponse page).

I'm currently reading through this document: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf

This is listed as Payflow Gateway Developer's Guide(PDF) on this page - https://developer.paypal.com/webapps/developer/docs/classic/products/payflow-gateway/ - so I'm assuming it is the current documentation.

According to page 28, the process should be:

1. The customer clicks Buy to purchase merchandise on your website. [DONE]
2. You request a secure token by passing a secure token ID to the Gateway server. In the request, you pass the name-value pair, SILENTTRAN=TRUE. This name-value pair prevents the hosted pages from displaying. [DONE]
3. The Gateway server returns the secure token and your token ID to your website. [DONE]
4. You display the credit card fields to the customer in a checkout page on your website. [DONE]
5. The customer enters their credit card number, expiration date, and other sensitive data into the credit card fields and clicks Submit. [DONE] The browser posts the payment data directly to the Gateway server, avoiding your website and easing your PCI compliance requirements. [PROBLEMS HERE]

Below is an example of a secure token request for the transparent redirect. I've used placeholder in place of my actual live PayFlow Pro account details (this account states 'Payflow SDK/API (Full Access) Live' in the manager.paypal.com Service Summary), but I used my real PayPal credentials in the actual request. Likewise I used publicly accessible pages for my return URLs:

USER=MYUSER&VENDOR=MYUSER&PARTNER=VSA&PWD=MYPASSWORD&BILLTOFIRSTNAME=John&BILLTOLASTNAME=Doe&BILLTOSTREET=123 Fake Street&BILLTOSTREET2=&BILLTOCITY=Sydney&BILLTOZIP=2000&BILLTOPHONENUM=5555555555&EMAIL=me@email.com&BILLTOSTATE=NSW&AMT=0.05&RETURNURL=http://www.example.com&CANCELURL=http://www.example.com&ERRORURL=http://www.example.com&TRXTYPE=A&SILENTTRAN=TRUE&VERBOSITY=HIGH&CREATESECURETOKEN=Y&TENDER=C&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA

I perform the token transaction using server-side code, and I can see that I'm getting a response back like so:

RESULT=0&SECURETOKEN=TOKENWASHEREsdsdfjkj&SECURETOKENID=VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA&RESPMSG=Approved

So it seems like the account authenticates correctly here. I have confirmed in Fiddler that I am posting this request to https://payflowpro.paypal.com.

I then take that response and put this into a HTML form which posts back to the gateway, e.g.:

    <form id="form" action="https://payflowpro.paypal.com" method="post">

        <!-- <input name="MODE" class="inpPPField" id="hdn_pp_mode" type="hidden" value="Test"> -->

        <input name="SECURETOKEN" class="inpPPField" id="hdn_pp_securetoken" type="hidden" value="TOKENWASHEREsdsdfjkj">

        <input name="SECURETOKENID" class="inpPPField" id="hdn_pp_securetokenid" type="hidden" value="VDUOBDNLSXTLYAAAAAATLSEBLAAAAAAAAAA">

        <input name="CARDNUM" class="inpPPField" id="hdn_pp_CardNum" type="hidden" value="4111111111111111">

        <input name="EXPMONTH" class="inpPPField" id="hdn_pp_expMonth" type="hidden" value="11">

        <input name="EXPYEAR" class="inpPPField" id="hdn_pp_expYear" type="hidden" value="16">

        <input name="CVV2" class="inpPPField" id="hdn_pp_cvv2" type="hidden" value="123">

        <!--<input name="SILENTTRANS" class="inpPPField" id="hdn_pp_silenttrans" type="hidden" value="Y">-->

        <input name="VERBOSITY" class="inpPPField" id="hdn_pp_verbosity" type="hidden" value="HIGH">

        <input class="inpPPField" type="submit" value="Submit" />

    </form>
</body>

Please note that I used the same token ID and token as what was returned in the token reponse - these are placeholders. I also used an actual credit card number and other credit-card field values.

This is posting me to https://payflowpro.paypal.com, which just states the response (in the body of the page):

RESULT=1&RESPMSG=User authentication failed

Shouldn't this be returning me to my error page? Or is it failing earlier in the process so that the gateway never even tries to interpret the token and redirect? I've tried setting my return URLs to live website URLs, and it doesn't seem to be making a difference. I've also tried posting this from a publicly accessible web-server rather than localhost, but the result is the same.

One other problem I'm having is finding relevant documentation. There is a 'Payflow Service Testing' document here: https://ppmts.custhelp.com/app/answers/detail/a_id/456/kw/payflow%20pro%20transparent%20redirect%20error%20page%20get%20codes

This page is dated 2007, and the link under the Testing using Payflow Pro heading (i.e. The guide is available at x.com) is broken. The guide is a little vague, and the only examples of code I've found are in PHP (see https://go.developer.ebay.com/developers/community/blogs/pp_integrations_nate/payflow-transparent-redirect). I have rewritten the logic in the example as an ASP.Net application.

In summary, my questions are:

1. Am I using the correct logic to process a credit card transaction?
2. If not, can someone point out where I am going wrong, and where I can find the most relevant and current documentation
3. A link(s) for the most current test procedure documents

My next idea is to try setting up an using a test account using these instructions: https://ppmts.custhelp.com/app/answers/detail/a_id/929/ Obviously this is for hosted PayFlow pages, but I suspect the procedure should be similar as long as I specify the SILENTTRAN option. I tried unsuccessfully to get the test account working earlier in the week, but it seems like the next logical thing to try at this point.

I have already opened a support ticket open with PayPal engineers and they are looking into this, but it would be great to know if anyone in the community has managed to resolve a similar issue.

EDIT: according to a PayPal engineer I just spoke to the SILENTTRANS value is only required in the secure token request. I have commented this out in the transaction request form above, but this did not solve the issue. We also confirmed that it is possible to do a non-secure-token (i.e. non-transparent-redirect) request to https://pilot-payflowpro.paypal.com/ using my account details.

EDIT 2: I have been instructed by PayPal to use https://payflowlink.paypal.com/ (not https://payflowpro.paypal.com) for the transaction post URL, but to continue using https://payflowpro.paypal.com for the token request. This does allow me to get through to my confirmation page using a transparent redirect (which is a great outcome), but it doesn't make a lot of sense to me that I'm using the 'payflowlink' rather than the 'payflowpro' gateway. I also found this tutorial which seems to support this https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial

Can anyone using the PayFlow Pro Transparent Product please confirm that this is correct (or otherwise).

解决方案

If you're going to use any feature related to the hosted checkout page you'll need to redirect to - https://payflowlink.paypal.com or https://pilot-payflowlink.paypal.com

The Payflow Pro URL's are specifically for API calls and they aren't something you should be redirecting buyers through.

Your account also needs to be the correct type to be able to use the hosted checkout feature. You can check what options are available to your account by logging in and checking the right side to see what products are enabled on your account.

Documentation for transparent redirect is sparse. X.com had a few posts on it but those articles haven't been moved somewhere else yet.

这篇关于具有透明重定向的PayPal PayFlow Pro-用户身份验证失败问题/文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！