贝宝Payflow透明重定向,SecureToken使用AJAX? [英] Paypal Payflow Transparent Redirect, SecureToken with AJAX?
问题描述
我工作的一个C#VS2012框架4.5 MVC应用程序,正努力成为符合PCI标准使用Payflow临( HTTPS ://pilot-payflowpro.paypal.com )。我们一直在使用PayflowPro多年,这是我必须使用。从我的阅读看来我应该使用透明的重定向,所以我没有张贴任何私有的,我的网络服务器,但我不知道我是否需要与如何我希望处理这个问题。我也有几个问题...
I'm working on a C# VS2012 Framework 4.5 MVC application that is trying to become PCI compliant using Payflow Pro (https://pilot-payflowpro.paypal.com). We've been using PayflowPro for years, and this is what I have to use. From my reading it seems that I should use the Transparent Redirect so I'm not posting anything private to my webserver, though I don't know if I need that with how I'm hoping to handle this. I also have a few questions...
我怎么觉得这一切作品: 我的理解是,你需要一个securetoken(通信贝宝,行程1)。然后,您发布的安全数据(CC,EXP,安全code),包括securetoken(通信贝宝,行程2)和接收的销售授权和TRANSACTIONID。
How I think this all works: My understanding is that you need a securetoken (communication to Paypal, trip 1). Then you post the secure data (CC, exp, security code) including the securetoken (communication to Paypal, trip 2) and receive the authorization and transactionID of the sale.
我如何希望能够做到这一点: 我打算上有一个表格,将所有的信息(用户的详细信息,运输细节,和CC信息),而当用户presses的购买按钮,我将使用AJAX来处理跳闸1到我的服务器(没有安全的用户信息发送)。在这里,我将创建URL +参数和发送贝宝我UN / PW信息检索令牌(全部来自我的服务器)。响应将返回给客户端,如果成功,我会再直接通过AJAX PayPal的网关服务器进行通信,这时候发送安全的CC信息+令牌(旅#2)。根据跳闸#2的响应,我就会让用户知道什么是与他们的购买。跳闸2应该不需要我的PayPal UN / PW的信息,因为它可以很容易地在客户端上看到的,我包括SecureToken应该找出原来的事务。从我解释,我不认为有必要进行透明重定向。还是我失去了一些东西?
How I'm hoping to do it: I'm intending on having a form that will have all the info (user details, shipping details, and CC info), and when the user presses the purchase button, I'll use AJAX to process trip 1 to my server (no secure user info sent). Here I'll create the URL + params and send paypal my un/pw info to retrieve the token (all from my server). The response will be returned to the client and, if successful, I'll then directly communicate via AJAX to Paypal's Gateway server, this time sending the secure CC info + token (trip #2). Based on the response to trip #2, I'll let the user know what's up with their purchase. Trip 2 shouldn't need my Paypal UN/PW info as it could easily be see on the client, and I'm including the SecureToken which SHOULD identify the original transaction. From what I've explained I don't see a need for Transparent Redirect. Or am I missing something here?
另外,我要什么交易类型使用?创建'授权'的行程#1,则出售的行程#2?
Also, what Transaction Type do I want to use? Create an 'Authorization' for trip #1, then a 'Sale' for trip #2?
因此,这里的细节问题编码类型的东西: 对于我的R&安培; d检验我建立我自己的名字/值对参数字符串(见下文),并通过WebRequest的通过他们的沙箱/测试网址通信网关服务器(pilot-payflowpro.paypal.com)。我得到一个成功的响应和SECURETOKEN回来。初始请求(如下图所示),用于安全令牌是TRXTYPE = A(授权),无卡信息发送。难道我想先授权?
So here's the nitty gritty coding type stuff: For my R&D testing I'm building my own name/value pair parameter string (see below) and communicating to the gateway server via WebRequest through their sandbox/test url (pilot-payflowpro.paypal.com). I do get a successful response and SECURETOKEN back. Initial request (shown below) for secure token is TRXTYPE = A (Authorization), no card info is sent. Do I want to authorize first?
下面是我的参数(可能包括SHIPTO信息为好,但它没有下面列出):
Here are my parameters (might include shipto info as well, but it's not listed below):
USER=myAuthUserName
&VENDOR=myAuthUserName
&PARTNER=myPartner
&PWD=myPassword
&AMT=21.43
&BILLTOFIRSTNAME=FName
&BILLTOLASTNAME=LName
&BILLTOSTREET=123 Main Street
&BILLTOSTREET2=Apt 203B
&BILLTOCITY=MyCity
&BILLTOSTATE=CA
&BILLTOZIP=77777
&BILLTOPHONENUM=4444444444
&EMAIL=myemail@somedomain.com
&CURRENCY=USD
**&TRXTYPE=A**
&SILENTTRAN=TRUE
&CREATESECURETOKEN=Y
&SECURETOKENID=a99998afe2474b1b82c8214c0824df99
正如我所说的,我得到了成功响应,并移动到发送的安全数据的一个步骤(CC#,EXPDATE,安全code)。当我删除我的UN / PW /供应商/合作伙伴,从我得到一个错误的PARAMS信息由于无效的用户身份验证。不过,看到我动态地建立这个第二个呼叫我不能让我的贝宝UN / PW那里。我在想什么?任何人从上面提供的与本或其他问题的援助?
As I said, I get a successful response and move to the next step of sending the secure data (CC#, EXPDATE, security code). When I remove my UN/PW/VENDOR/Partner info from the params I get an error due to invalid user authentication. But, seeing I'm dynamically building this 2nd call I can't have my paypal un/pw there. What am I missing? Anyone offer assistance with this or the other questions from above?
请让我知道如果我需要添加任何澄清。在此先感谢您的时间!
Please let me know if I need any clarification to be added. Thanks in advance for your time!
推荐答案
花费了大量的时间与贝宝工程师,我已经成功地想出了PayPal的Payflow透明重定向一个解决方案,而托管的网页后(有自己的支付页面) 。同样,这里其中,每个工程师,为pretty的混乱文档: Payflow API文档。此外,code不进行优化,因为它只是A R和D的应用程序,但作为一个整体,这是为我工作。只是一个例子,解释,我敢肯定有做的各个步骤的更好的方法。希望这可以帮助,并允许你绕过一些已经放慢您的贝宝Payflow一体化的路障。
After spending a bunch of time with a Paypal engineer I've successfully figured out a solution for the Paypal's Payflow Transparent Redirect without hosted pages (have own payment page). Again, here's the documentation which, per the engineer, is pretty confusing: Payflow API Documentation. Also, the code isn't optimized as it was just a R&D app, but as a whole, it is working for me. Just an example and explanation, and I'm sure there are better ways of doing individual steps. Hope this helps and allows you to bypass some of the roadblocks that have been slowing down your Paypal Payflow integration.
是的,这是符合PCI标准中,没有安全的客户数据会打你自己的服务器。请记住,PCI合规性是pretty的复杂和参与,但这个是它的重要组成部分。好了,我会解释我做了什么,使这项工作在MVC中的C#环境。我将在这里解释的步骤,然后在下方code。
YES, it is PCI compliant in that no secure customer data will hit your own servers. Remember that PCI compliance is pretty complicated and involved but this is big part of it. Ok, so I'll explain what I did to make this work in a MVC C# environment. I'll explain the steps here, then include code below.
- 客户端:客户端完成将项目添加到购物车,presses购买按钮。 Javascript的处理按钮点击,不提交,并带你到下一个步骤。
- 客户端 - >服务器:AJAX功能职位服务器方法联系贝宝的单次使用的安全令牌。这种通信识别您(商家)到PayPal与您的身份验证,唯一的事务ID(一个GUID),以及有关交易(总,账单信息,发货信息,返回URL详细信息)的非安全的详细信息。这样一来,所有的商家个人科目的信息是安全的(网络服务器,以贝宝)。
- 服务器 - >客户端:从你上面的事务将收到包含安全令牌的参数字符串(以及其他的东西,看到法的例子)。利用这片信息,我动态地创建我的网址,我将最终需要的客户端透明重定向的部分上,并发送URL字符串返回给客户端。
- 客户端:使用第3步中返回的URL,我通过增加使用jQuery的需要刷卡完成参数的URL。
- 客户端 - > PAYPAL:这是我不明白该怎么做。虽然第2步一个帖子,这一步将是一个重定向。当然,这似乎是恰当的看到,它被称为透明重定向,但是这部分只是没有任何意义,我。所以,一旦你的整个URL是完整的,你会从字面上重定向窗口,贝宝处理您的交易。
- 在PAYPAL - >服务器:贝宝回发到你包含在步骤2中(对我的控制器之一的公共方法)中有一个网址,我读了响应对象,并解析参数
容易吧?也许吧,但是对我来说第5步给我造成了很大的问题。我使用的是POST和不理解为什么我一直在响应收到错误信息。正是有了一些关于无效的商家或认证的HTML页面。请记住,重定向,不张贴的步骤#5。
Easy, right? Perhaps, but for me step 5 caused me big problems. I was using a POST and didn't understand why I kept getting errors on the response. It was an html page with something about an invalid merchant or authentication. Remember to redirect, not post for step #5.
code
第1步:的onclick按钮属性调用为gettoken功能
STEP 1: onclick attribute on button to call GetToken function.
步骤2和步骤3
客户端:的
function GetToken() {
$.ajax({
url: '@Url.Action("GetToken", "MyController")',
type: 'POST',
cache: 'false',
contentType: 'application/json; charset=utf-8',
dataType: 'text',
success: function (data) {
// data is already formatted in parameter string
SendCCDetailsToPaypal(data);
},
//error:
//TODO Handle the BAD stuff
});}
服务器端:的
我有用来构建所有需要的令牌请求的参数值不同的方法。前三个版本:身份认证,交易明细,透明的重定向。我把网址和payflow会计信息的web.config文件。最后的方法,ProcessTokenTransaction,并所有繁重通过WebRequest的联系贝宝,然后解析成将被发送回客户端的URL。这个方法应该被重构为一个更清洁的方式,但我会离开,给你。 ParseResponse是填充,我创建了一个简单的模型的方法,并返回该模型。
I have separate methods used to build all the parameter values needed for the token request. First three build: authentication, transaction details, transparent redirect. I keep urls and payflow acct info in a web.config file. Last method, ProcessTokenTransaction, does all the heavy lifting to contact Paypal via WebRequest, and then parse it into the URL that will be sent back to the client. This method should be refactored for a cleaner delivery, but I'll leave that up to you. ParseResponse is a method that populates a simple model that I created, and returns that model.
URL令牌(沙盒): HTTPS://pilot-payflowpro.paypal。 COM
这是不同于令牌网址!用在PaypalTranactionAPI配置值。
THIS IS DIFFERENT THAN THE TOKEN URL!! Used in the PaypalTranactionAPI config value.
URL的交易:(沙盒) HTTPS://pilot-payflowlink.paypal。 COM
private string PrepareApiAuthenticationParams()
{
var paypalUser = ConfigurationManager.AppSettings["PaypalUser"];
var paypalVendor = ConfigurationManager.AppSettings["PaypalVendor"];
var paypalPartner = ConfigurationManager.AppSettings["PaypalPartner"];
var paypalPw = ConfigurationManager.AppSettings["PaypalPwd"];
//var amount = (decimal)19.53;
var apiParams = @"USER=" + paypalUser
+ "&VENDOR=" + paypalVendor
+ "&PARTNER=" + paypalPartner
+ "&PWD=" + paypalPw
+ "&TENDER=C"
+ "&TRXTYPE=A"
+ "&VERBOSITY=HIGH";
// find more appropriate place for this param
//+ "&VERBOSITY=HIGH";
return apiParams;
}
private string PrepareTransactionParams(CustomerDetail detail)
{
var currencyType = "USD";
var transactionParams = @"&BILLTOFIRSTNAME=" + detail.FirstName
+ "&BILLTOLASTNAME=" + detail.LastName
+ "&BILLTOSTREET=" + detail.Address1
+ "&BILLTOSTREET2=" + detail.Address2
+ "&BILLTOCITY=" + detail.City
+ "&BILLTOSTATE=" + detail.State
//+ "&BILLTOCOUNTRY=" + detail.Country + // NEEDS 3 digit country code
+ "&BILLTOZIP=" + detail.Zip
+ "&BILLTOPHONENUM=" + detail.PhoneNum
+ "&EMAIL=" + detail.Email
+ "&CURRENCY=" + currencyType
+ "&AMT=" + GET_VALUE_FROM_DB
+ "&ERRORURL= " + HostUrl + "/Checkout/Error"
+ "&CANCELURL=" + HostUrl + "/Checkout/Cancel"
+ "&RETURNURL=" + HostUrl + "/Checkout/Success";
// ADD SHIPTO info for address validation
return transactionParams;
}
private string PrepareTransparentParams(string requestId, string transType)
{
var transparentParams = @"&TRXTYPE=" + transType +
"&SILENTTRAN=TRUE" +
"&CREATESECURETOKEN=Y" +
"&SECURETOKENID=" + requestId;
return transparentParams;
}
// Method to build parameter string, and create webrequest object
public string ProcessTokenTransaction()
{
var result = "RESULT=0"; // default failure response
var transactionType = "A";
var secureToken = string.Empty;
var requestId = Guid.NewGuid().ToString().Replace("-", string.Empty);
var baseUrl = ConfigurationManager.AppSettings["PaypalGatewayAPI"];
var apiAuthenticationParams = PrepareApiAuthenticationParams();
// Create url parameter name/value parameter string
var apiTransactionParams = PrepareTransactionParams(detail);
// PCI compliance, Create url parameter name/value parameter string specific to TRANSAPARENT PROCESSING
var transparentParams = PrepareTransparentParams(requestId, transactionType);
var url = baseUrl;
var parameters = apiAuthenticationParams + apiTransactionParams + transparentParams;
// base api url + required
var request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "text/name"; // Payflow?
request.Headers.Add("X-VPS-REQUEST-ID", requestId);
byte[] bytes = Encoding.UTF8.GetBytes(parameters);
request.ContentLength = bytes.Length;
Stream requestStream = request.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
WebResponse response = request.GetResponse();
Stream stream = response.GetResponseStream();
StreamReader reader = new StreamReader(stream);
try
{
// sample successful response
// RESULT=0&RESPMSG=Approved&SECURETOKEN=9pOyyUMAwRUWmmv9nMn7zhQ0h&SECURETOKENID=5e3c50a4c3d54ef8b412e358d24c8915
result = reader.ReadToEnd();
var token = ParseResponse(result, requestId, transactionType);
var transactionUrl = ConfigurationManager.AppSettings["PaypalTransactionAPI"];
secureToken = transactionUrl + "?SECURETOKEN=" + token.SecureToken + "&SECURETOKENID=" + requestId;
//ameValueCollection parsedParams = HttpUtility.ParseQueryString(result);
stream.Dispose();
reader.Dispose();
}
catch (WebException ex)
{
System.Diagnostics.Trace.WriteLine(ex.Message);
}
finally { request.Abort(); }
return secureToken;
}
private TokenResponse ParseResponse(string response, string requestId, string transactionType)
{
var nameValues = HttpUtility.ParseQueryString(response);
int result = -999; // invalid result to guarantee failure
int.TryParse(nameValues.Get(TokenResponse.ResponseParameters.RESULT.ToString()), out result);
// retrieving response message
var responseMessage = nameValues.Get(TokenResponse.ResponseParameters.RESPMSG.ToString());
// retrieving token value, if any
var secureToken = nameValues.Get(TokenResponse.ResponseParameters.SECURETOKEN.ToString());
var reference = nameValues.Get(TokenResponse.ResponseParameters.PNREF.ToString());
var authCode = nameValues.Get(TokenResponse.ResponseParameters.AUTHCODE.ToString());
var cscMatch = nameValues.Get(TokenResponse.ResponseParameters.CSCMATCH.ToString());
// populating model with values
var tokenResponse = new TokenResponse
{
Result = result,
ResponseMessage = responseMessage,
SecureToken = secureToken,
TransactionIdentifierToken = requestId,
TransactionType = transactionType,
ReferenceCode = reference,
AuthorizationCode = authCode,
CSCMatch = cscMatch
};
return tokenResponse;
}
第四步和第五步:
返回到客户端:的
下面我用从previous步骤建立了网址,并在最后加上所需的PARAMS(安全信用卡信息)使用jQuery,然后重定向到贝宝。
Here I use the URL built from the previous steps and add the final needed params (secure credit card info) using jQuery and then REDIRECT to Paypal.
function SendCCDetailsToPaypal(secureParm) {
//alert('in SendCCDetailsToPaypal:' + secureParm);
var secureInfo = '&ACCT=' + $('#ccNumber').val() + '&EXPDATE=' + $("#expMonth").val() + $("#expYear").val() + "&CSC=" + $('#ccSecurityCode').val();
secureInfo = secureParm + secureInfo;
window.location.replace(secureInfo);
}
第六步:
支付宝将回发到以下方法之一:取消,错误或Return(名称要在令牌请求的方法,任何东西)。解析响应,并期待在贝宝,特别是结果和RESPMSG返回的变量。阅读细节,你可以将地址验证和一堆其他功能的文档。基于响应,显示什么是合适的。
Paypal will post back to one of the following methods: Cancel, Error, or Return (name the methods anything you want in the token request). Parse the Response and look at the variables returned from Paypal, particularly the RESULT and RESPMSG. Read the documentation for specifics as you can incorporate address validation and a bunch of other features. Based on the response, display what's appropriate.
服务器端:的
public ActionResult Cancel()
{
var result = ParseRequest(HttpUtility.UrlDecode(Request.Params.ToString()));
//return View("Return", result);
}
public ActionResult Error()
{
var result = ParseRequest(HttpUtility.UrlDecode(Request.Params.ToString()));
return View("Return", result);
}
public ActionResult Return()
{
var result = ParseRequest(HttpUtility.UrlDecode(Request.Params.ToString()));
return View("Return", result);
}
希望这会有所帮助,祝你好运!我会回答澄清问题,因为我能。感谢您检查了这一点,并记得要支付它前进。
Hope this helps, and good luck! I'll answer clarification questions as I'm able. Thanks for checking this out, and remember to pay it forward.
这篇关于贝宝Payflow透明重定向,SecureToken使用AJAX?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
