1

I am building a website for an artist. The dev site can be found at: http://03993a0.netsolhost.com

For each painting on the site I want to dynamically generate a buy it now button. In other words I want to pass the price and item name to paypal from php which is in turn pulling the info from my database.

I have my api credentials and am just looking for the simplest way to implement this functionality.

I checked out the following thread, but wasn't quite sure how the implementation worked or if that is the right solution. If that is the correct solution, how do I generate the encrypted key in the form and why doesn't the form POST a local php file with the cURL requests? Dynamic PayPal button generation - isn't it very insecure?

Many thanks for the help!

Community
  • 1
  • 1
Sam
  • 103
  • 1
  • 1
  • 5

1 Answers1

1

If you use the button manager API to create hosted payment buttons then they would be secure. Payments Standard in general is only not secure when the HTML elements of the form are all output on the screen so anybody could view source and see all the values, make changes, and then pay off an adjusted button. Hosted buttons don't allow that to happen.

If you look at the BUTTONCODE parameter on the BMCreateButton API you'll see the following options.

(Optional) The kind of button code to create. It is one of the following values:

HOSTED - A secure button stored on PayPal; default for all buttons except View Cart, Unsubscribe, and Pay Now

ENCRYPTED - An encrypted button, not stored on PayPal; default for View Cart button

CLEARTEXT - An unencrypted button, not stored on PayPal; default for Unsubscribe button

TOKEN - A secure button, not stored on PayPal, used only to initiate the Hosted Solution checkout flow; default for Pay Now button. Since version 65.1

That said, if you're familiar with API's I would really recommend you build a shopping cart into your site and use Express Checkout instead. It will be much easier to manage and maintain, and it's a lot more flexible, too.

If you're working with PHP my class library will make the API calls very simple for you.

Drew Angell
  • 25,968
  • 5
  • 32
  • 51