1

We have PayPal Payments Advanced and I'm unable to get past the first gateway integration step. Perhaps I'm missing something simple that should be obvious.

All the official PayPal documents I've been able to find for integrating the gateway for Advanced say the first step is to obtain a Secure Token. The page at https://developer.paypal.com/webapps/developer/docs/classic/payflow/gs_ppa_hosted_pages/ for example.

I'm posting my test script below (sensitive info modified).

Every time I run the test script, I get a "Error: Your transaction can no longer be processed. Please return to the merchant's web site or contact the merchant. Error: 160" error message.

According to the PayPal Gateway Developer Guide and Reference, error 160 is, "Secure Token already been used. Indicates that the secure token has expired due to either a successful transaction or the token has been used three times while trying to successfully process a transaction. You must generate a new secure token."

Yet, the secure token has not already been used. A new one is generated every time the script is run.

"Enable Secure Token" is set to "Yes" in PayPal Manager.

Here is the script. What am I doing wrong?

<?php
$url = 'https://payflowlink.paypal.com';
#$url = 'https://pilot-payflowlink.paypal.com';

$token = md5( 'Will Bontrager' . time() );

/* $info assignment is all one line. Multi-line here for readability */
$info = "PARTNER=PayPal&
VENDOR=CertainReservations&
USER=ABC123&
PWD=321cba&
TRXTYPE=S&
AMT=23.45&
CREATESECURETOKEN=Y&
SECURETOKENID=$token";

echo "<pre>Value:$info</pre>";

$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER         => false,
CURLOPT_VERBOSE        => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST           => 1,
CURLOPT_POSTFIELDS     => $info
);
$ch = curl_init($url);
curl_setopt_array($ch,$options);
$content = curl_exec($ch);
$err = curl_errno($ch);
$errmsg = curl_error($ch) ;
$info = curl_getinfo($ch);
curl_close($ch);
if( $err )
{
echo "<pre>Error. $err\n$errmsg\n";
print_r($info);
echo '</pre>';
}
echo $content;
?>

Thank you very much for any guidance.

I think I must be missing some critical information.

Will

user2464134
  • 11
  • 1
  • 2

3 Answers3

1

Just wanted to add that error 160 is also thrown when no secure token is passed to step 2.

Had this happen: host blocked curl calls, so the Paypal iframe was requested without the secure token which resulted in error 160.

Raivo
  • 679
  • 5
  • 3
0

According to Page 31 of this Payflow Gateway documentation this might work. I've copied the content here in the event he PDF is removed or moved without a proper 301 redirect.

To create a secure token, pass all parameters that you need to process the transaction except for payment details parameters such as the credit card number, expiration date, and check number.

In addition, pass the following Payflow parameters to create the secure token.

  1. Set SECURETOKENID to a unique alphanumeric value up to 36 characters in length. SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4c5

  2. Set CREATESECURETOKEN to the value Y to request that the Gateway server return a token. CREATESECURETOKEN=Y

  3. Set SILENTTRAN to the value TRUE to suppress the display of hosted pages. SILENTTRAN=TRUE

Successful transactions will return RESULT=0. From page 33.

A Payflow Secure Token will expire:

  • If the same Secure Token is passed to Payflow a total of 3 times.
  • 20 minutes after the Secure Token was generated.
  • When the token is used in a successful transaction

It's likely the formatting... here's a little about the parameters you're passing (from page 51):

Because the ampersand (&) and equal sign (=) characters have special meanings, they are invalid in a name-value pair value.

The following are invalid:

COMPANYNAME=Ruff & Johnson COMMENT1=Level=5

To include special characters in the value portion of a name-value pair, use a length tag. The length tag specifies the exact number of characters and spaces that appear in the value. The following are valid.

COMPANYNAME[14]=Ruff & Johnson

COMMENT1[7]=Level=5

NOTE: Do not use quotation marks ("") even if you use a length tag.

Community
  • 1
  • 1
AbsoluteƵERØ
  • 7,816
  • 2
  • 24
  • 35
  • "…copied the content here in the event he PDF is removed or moved without a proper 301 redirect" : this is always good protocol when dealing with PayPal. They have more manual moves than a rickshaw driver. – Parapluie Mar 18 '19 at 18:39
0

As far as I can tell (this is not documented clearly that I have found though this is helpful) you can't get a secure token from https://pilot-payflowlink.paypal.com but https://pilot-payflowpro.paypal.com seems to work just fine. Once you have your token you can use it with payflowlink.

Marshall
  • 196
  • 10