2

Am trying to move from legacy Payflow Link using hosted pages to using their secure token method (still PayFlow Link) using ColdFusion and have hit a wall. I think I I have been thru all the stuff here on Stack, and tried all of it, still no joy - sooo.

I created a form, just simple HTML and it works as expected

<cfscript>
  variables.pfl_user="suppressed";
  variables.pfl_vendor = "suppressed";
  variables.pfl_partner = "PayPal";
  variables.pfl_pwd = "suppressed";
  variables.pfl_host_addr = "https://payflowlink.paypal.com";
  //variables.pfl_gettoken_host_addr = "https://pilot-payflowpro.paypal.com";
  variables.pfl_gettoken_host_addr = "https://payflowpro.paypal.com";
</cfscript>

<cfoutput>
<form method="post" action="#variables.pfl_gettoken_host_addr#">

<input type="text" name="USER" value="#variables.pfl_user#" />
<input type="text" name="VENDOR" value="#variables.pfl_vendor#" />
<input type="text" name="PARTNER" value="#variables.pfl_partner#" />
<input type="text" name="PWD" value="#variables.pfl_pwd#" />
<input type="text" name="CREATESECURETOKEN" value="Y" />
<input type="text" name="SECURETOKENID" value="#key#" />
<input type="text" name="TRXTYPE" value="S" />
<input type="text" name="AMT" value="24.95" />
<input type="text" name="CURRENCY" value="USD" />
<input type="submit" />
</form>
</cfoutput>

And this works just fine, gives me just what I am looking for. But...The cfhttp code below just returns my securetokenId and an error code that makes NO sense..

Result Code 4 means that my AMT is incorrectly formatted

RESULT=4&SECURETOKENID=08646BF7E5BC88E8A44015803CCF54&RESPMSG=Invalid amount

<cfhttp method="post" url="#pfl_gettoken_host_addr#" useragent="Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.7 (KHTML, like Gecko) Chrome/5.0.391.0 Safari/533.7" >
        <cfhttpparam name="USER" type="formField" value="#variables.pfl_user#">
        <cfhttpparam name="VENDOR" type="formField" value="#variables.pfl_vendor#">
        <cfhttpparam name="PARTNER" type="formField" value="#variables.pfl_partner#">
        <cfhttpparam name="PWD" type="formField" value="#variables.pfl_pwd#">
        <cfhttpparam name="CREATESECURETOKEN" type="formField" value="Y">
        <cfhttpparam name="SECURETOKENID" type="formField" value="#rStr.newTokenKey#">
        <cfhttpparam name="TRXTYPE" type="formField" value="S">
        <cfhttpparam name="AMT" type="formField" value="24.95">
        <cfhttpparam name="CURRENCY" type="formfield" value="USD">


        <cfhttpparam type="header" name="X-VPS-REQUEST-ID" value="#gettickcount()#" >
        <cfhttpparam type="header" name="Accept-Encoding" value="gzip, deflate, sdch, x-gzip, compress, x-compress" >
        <cfhttpparam type="header" name="X-VPS-CLIENT-TIMEOUT" value="10" >
        <cfhttpparam type="header" name="Accept" value="application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5">
        <cfhttpparam type="header" name="Accept-Language" value="en-US,en;q=0.8">
        <cfhttpparam type="header" name="Accept-Charset" value="ISO-8859-1,utf-8;q=0.7,*;q=0.3">
        <cfhttpparam type="header" name="content-type" value="text/name value">
    </cfhttp>

Anyone have some ideas? All the Header ideas come from the PayPal Docs and things I have found here on Stack.

I have to do something, I have some screenscraper douche using my PayPal account to test out his/her stolen credit cards..so I have turned PayPal off until I make the change. I have to do this first call server side, via a post to "protect" my credentials

To answer the obvious question up front:

  1. yes, I am generating a new key
  2. yes everything is set correctly (according to PayPal) in my account
  3. yes, I am using the same vars (except for the newly generated SECURETOKENID) for both requests

M

**The Solution is pretty simple; though finding the actual problem was a bit of work. For all of the CFHTTPPARAM type=formfield tags, choose encoded="no"

**

MikeG
  • 107
  • 1
  • 8
  • Might try looking at the headers of the successful call, with something like [Live HTTP Headers](https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/) to those of your failed cfhttp call (with only the common fields) using a tool like [Fiddler](http://fiddler2.com/) or enabling debugging in the jvm via `-Djavax.net.debug=all` . Just to see if there are any obvious differences. – Leigh Feb 22 '14 at 16:47
  • Turns out that the problem is that cfhttp is urlencoding the amount. Whole numbers in the amount work fin, add a decimal and you get the result=4. The way I found out was to cfhttp to a different page on the server where I did a GetHttpRequestData() and dumped the result to a file. Now to figure out how to get around CF making it "simple" for me.. – MikeG Feb 24 '14 at 20:45
  • Ashamed to admit it, but this seems to be a case of !RTFM. The correct way to do this is to add `encoded="no"` to each of the cfhttpparam formfield calls. (assuming you have CF9 or higher). I am going to edit the question to include this info in case someone else is running into this. – MikeG Feb 24 '14 at 20:53
  • I would go ahead and post it as a separate "answer", so the solution will be more visible to any one that runs into this same problem. – Leigh Feb 24 '14 at 21:33

1 Answers1

0

This was a case of !RTFM.

**The Solution is pretty simple; though finding the actual problem was a bit of work, though in hindsight I should have done that right off the bat.

SOLUTION: For all of the CFHTTPPARAM type=formfield tags, choose encoded="no"

To find the problem I posted from a page on my dev server to a catching page on my dev server where I used GetHttpRequestData() to dump what I was sending. Once I saw the encoding I knew what the problem was and from there the fix was simple.

MikeG
  • 107
  • 1
  • 8