Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
API Credentials
Using API Credentials
4
50 March 2008 PayPal Certified Developer Program Study Guide
To import the API certificate, execute the following command at a command prompt:
WinHttpCertCfg -i encryptedCertificateName -p privateKeyPassword
-c LOCAL_MACHINE\my -a username
where:
z encryptedCertificateName is the name of the encrypted API certificate that was generated
with OpenSSL.
z privateKeyPassword is the private key password of the encrypted API certificate.
z username is the name of the user executing the application.
If the API certificate will be used with the PayPal Sandbox, set
username to Everyone.
Do not use Everyone with a live API certificate, because granting private-key access to all
users on the server is not secure.
For an ASP.NET application, this value is ASPNET.
Under Windows IIS 5 (default configuration), this value is IWAM_
machineName, where
machineName is the appropriate computer name.
Under Windows IIS 6 (default configuration), this value is "NETWORK SERVICE"
(including the quotation marks).
Using API Credentials
Each request to the PayPal server must include a set of required security parameters, shown in
Table 4.1.
TABLE 4.1 Required Security Parameters
Parameter Required/Optional Value
USER Required The API username.
PWD Required The API password.
VERSION Required The version number of the NVP API service.
As of this printing, this value must be 3.3. Future
versions of the NVP API service will require different
values.
SIGNATURE Optional (only if using
API signature
authentication)
The API signature string.
Do not include this parameter if an API certificate is
being used.
SUBJECT Optional (only if
making a third-party
API call)
The email address of the PayPal account that has
granted permission to make the API call.
Do not use this parameter for requests that are not third-
party API calls.