The customer clicks Buy to purchase merchandise on your website. [DONE]
You request a secure token by passing a secure token ID to the Gateway server. In the request, you pass the name-value pair, SILENTTRAN=TRUE. This name-value pair prevents the hosted pages from displaying. [DONE]
The Gateway server returns the secure token and your token ID to your website. [DONE]
You display the credit card fields to the customer in a checkout page on your website. [DONE]
The customer enters their credit card number, expiration date, and other sensitive data into the credit card fields and clicks Submit. [DONE] The browser posts the payment data directly to the Gateway server, avoiding your website and easing your PCI compliance requirements. [PROBLEMS HERE]
Below is an example of a secure token request for the transparent redirect. I've used placeholder in place of my actual live PayFlow Pro account details (this account states 'Payflow SDK/API (Full Access) Live' in the manager.paypal.com Service Summary), but I used my real PayPal credentials in the actual request. Likewise I used publicly accessible pages for my return URLs:
So it seems like the account authenticates correctly here. I have confirmed in Fiddler that I am posting this request to https://payflowpro.paypal.com.
I then take that response and put this into a HTML form which posts back to the gateway, e.g.:
Please note that I used the same token ID and token as what was returned in the token reponse - these are placeholders. I also used an actual credit card number and other credit-card field values.
Shouldn't this be returning me to my error page? Or is it failing earlier in the process so that the gateway never even tries to interpret the token and redirect? I've tried setting my return URLs to live website URLs, and it doesn't seem to be making a difference. I've also tried posting this from a publicly accessible web-server rather than localhost, but the result is the same.
Am I using the correct logic to process a credit card transaction?
If not, can someone point out where I am going wrong, and where I can find the most relevant and current documentation
A link(s) for the most current test procedure documents
My next idea is to try setting up an using a test account using these instructions:
https://ppmts.custhelp.com/app/answers/detail/a_id/929/
Obviously this is for hosted PayFlow pages, but I suspect the procedure should be similar as long as I specify the SILENTTRAN option. I tried unsuccessfully to get the test account working earlier in the week, but it seems like the next logical thing to try at this point.
I have already opened a support ticket open with PayPal engineers and they are looking into this, but it would be great to know if anyone in the community has managed to resolve a similar issue.
EDIT: according to a PayPal engineer I just spoke to the SILENTTRANS value is only required in the secure token request. I have commented this out in the transaction request form above, but this did not solve the issue. We also confirmed that it is possible to do a non-secure-token (i.e. non-transparent-redirect) request to https://pilot-payflowpro.paypal.com/ using my account details.
EDIT 2: I have been instructed by PayPal to use https://payflowlink.paypal.com/ (not https://payflowpro.paypal.com) for the transaction post URL, but to continue using https://payflowpro.paypal.com for the token request. This does allow me to get through to my confirmation page using a transparent redirect (which is a great outcome), but it doesn't make a lot of sense to me that I'm using the 'payflowlink' rather than the 'payflowpro' gateway. I also found this tutorial which seems to support this https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial
Can anyone using the PayFlow Pro Transparent Product please confirm that this is correct (or otherwise).
解决方案
If you're going to use any feature related to the hosted checkout page you'll need to redirect to - https://payflowlink.paypal.com or https://pilot-payflowlink.paypal.com
The Payflow Pro URL's are specifically for API calls and they aren't something you should be redirecting buyers through.
Your account also needs to be the correct type to be able to use the hosted checkout feature. You can check what options are available to your account by logging in and checking the right side to see what products are enabled on your account.
Documentation for transparent redirect is sparse. X.com had a few posts on it but those articles haven't been moved somewhere else yet.
这篇关于具有透明重定向的 PayPal PayFlow Pro - 用户身份验证失败问题/文档的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!