The Payflow gateway has become an essential part of PayPal's premier product offerings, coming standard with all new PayPal Payments Advanced and PayPal Payments Pro accounts. But because Payflow is only loosely integrated with the PayPal Sandbox at this time, developers are often unsure how to best get started--and may run into some minor roadblocks.
This guide aims to be the missing manual, and will get you going and running testable code in no time!
If you already have a live account and login information for https://manager.paypal.com, skip to Part II.
(Want to know more about what manager.paypal.com is for? Here's a video intro.)
Part I: Creating a test-only Payflow account
1. Go to https://registration.paypal.com/welcomePage.do?country=US&mode=try for an account that can be used to test everything Payflow Pro offers.
(But if you want Payflow Link and plan to take this same account live in the future, start here instead for a Link account)
2. Click Continue
3. Choose a unique merchant login; I’ll use palexanderpayflowtest. Note that it *is* case sensitive.
4. Fill out the rest of the form, leaving "Processor" at the default value (FDMS)
5. On the next page, click the blue "Login to PayPal Manager", NOT the Continue button.
6. Again: do not click "Continue" to activate the account!! This is for testing, you don’t want to be billed.
Henceforth, your Payflow test credentials will be:
PARTNER=PayPal
VENDOR=(your merchant login, case sensitive)
USER=(the same merchant login again—it's the default admin user)
PWD=(your password)
Note that when logging into https://manager.paypal.com, you may leave USER blank. But for running your own API calls or integrating software such as a shopping cart, USER should be specified. By default there's an admin user with the same name as the merchant login, so use that.
Part II: Creating a Website Payments Pro account in the sandbox
(To clarify: Yes you'll be using Payflow rather than accessing this account directly through PayPal APIs, but we must link a sandbox account for Payflow to work in test mode.)
2. Sign in and under Test Accounts click to create a "preconfigured account"
3. Set the "Account Type" to PayPal Payments Pro
4. For the Login Email, use "selpro"
5. For the Password, use 123456789 or some other trivial password you won’t forget.
6. Create Account. This may take a minute.
7. If PayPal is your processor (which is usually the case if you skipped PART I), then this is also a good time to create a preconfigured Buyer account and click "View details" to save a copy of its fake Visa and expiration date numbers someplace handy for testing.
8. On the list of test accounts, note the virtual email address for your Pro account, which should be of the form:
selpro_xxxxxxxxxxxx_biz @ youremaildomain.com
selpro_xxxxxxxxxxxx_biz @ youremaildomain.com
9. Copy it to your clipboard.
Part III: Setting up the manager
1. Log in to https://manager.paypal.com and go to Service Settings => Hosted Checkout Pages => Set Up.
2. Verify that Transaction Process Mode is set to "Test".
3. Under "PayPal Express Checkout", paste your "selpro_xxx.." email from PART II into the "PayPal Sandbox email address" field. This is the most vital step! If the email is missing, or if there are spaces after it in the textbox, testing will produce an "Invalid Merchant Configuration" error.
4. Under Billing Information => "Make these fields required", check the box next to CSC. Do the same under "Make these fields editable."
5. Under Payment Confirmation, change "Show confirmation page" to "On my website".
6. Change "Return URL Method" to Post.
7. At the very bottom, change "Enable Secure Token" to "Yes"
8. "Save Changes"
9. Go to Service Settings => Fraud Protection => Test Setup => Edit Standard Filters
(if your account does not have this Fraud Protection section, then you can skip this step)
10. Uncheck all the boxes on the leftmost column, and "Deploy".
10. Uncheck all the boxes on the leftmost column, and "Deploy".
NOTE: Fraud protection settings and other account-level changes will propagate and take effect within 1 hour. Until then, test transactions with test credit card numbers will result in a message that it’s been flagged for review by fraud filters.
Part IV: Configuring Hosted Checkout Pages for Layout C
If you have a PayPal Payments Advanced account or just want to try the embeddable iframe that helps simplify PCI compliance, log in to https://manager.paypal.com and go to Service Settings => Hosted Checkout Pages => Customize.
1. Under "Choose a layout and color", click on Layout C.
2. Note how the color of the border, header text, Pay Now button background, and button text are all adjustable to fit your site’s colorscheme…
3. Scroll down and "Save and Publish".
Part V: Submitting transactions in test mode
Let’s cover some essential points on testing vs. live.
When testing, all API transactions—including CREATESECURETOKEN=Y calls–must be submitted to the endpoint:
https://pilot-payflowpro.paypal.com
https://pilot-payflowpro.paypal.com
When you are ready to go live (with an account in live mode), the endpoint becomes https://payflowpro.paypal.com
Regardless of the type of Payflow account, if you are using a secure token (such as for Hosted Checkout Pages) and thus having your user’s browser post to https://payflowlink.paypal.com (or in the case of layout C, loading it in an iframe), you must include a parameter with name=MODE and value=TEST in your POST or GET to the payflowlink endpoint.
For example, with Layouts A or B:
<form method="post" action="https://payflowlink.paypal.com" target="paypal">
<input type="hidden" name="SECURETOKEN" value="3TdlUs0KhwEKEazxgX2s3twmD">
<input type="hidden" name="SECURETOKENID" value="5dee1a12109a747f2643411c74658aa6">
<input type="hidden" name="MODE" value="TEST">
<input type="submit" value="Proceed to Checkout">
</form>
<input type="hidden" name="SECURETOKEN" value="3TdlUs0KhwEKEazxgX2s3twmD">
<input type="hidden" name="SECURETOKENID" value="5dee1a12109a747f2643411c74658aa6">
<input type="hidden" name="MODE" value="TEST">
<input type="submit" value="Proceed to Checkout">
</form>
And in the case of Layout C:
<iframe src='https://payflowlink.paypal.com?SECURETOKEN=$securetoken&SECURETOKENID=$securetokenid&MODE=TEST' width='490' height='565' border='0' frameborder='0' scrolling='no' allowtransparency='true'>
</iframe>
</iframe>
When you have a live account and are ready to do a live transaction with a real credit card, you may set MODE to LIVE.
If you created a test account in PART I and are using the default FDMS processor (or any processor other than PayPal), you should test with the fake Visa number 4111111111111111 (a 4 and fifteen 1’s), expiration date 12/15, card security code 123.
If PayPal is your credit card processor (PayPal Payments Pro and PayPal Payments Advanced accounts), go tohttps://developer.paypal.com, create a preconfigured buyer account in the sandbox, then click "View Details" to see its fake Visa number and expiration date. Store this somewhere handy for testing, and use 123 as the card security code.
Part VI: Try the demo
Here's a screenshot:
To get the above running in your development environment, download:
This contains two PHP demos -- one for Advanced and one for a Pro integration
And a similar one for ASP.net C#
The code is simple and easy to grasp--yet fully functional. Enjoy!
//Disclaimer//
This demo code is not supported by PayPal, and only an example of how to do this. This is not the only way to do it, just a quick example. All code in and attached to this post is provided AS IS and has no warranties of any kind. You must make sure all code meets the specs for your application.
