Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
PayPal Certified Developer Program Study Guide March 2008 75
Express Checkout
Redirecting to PayPal
6
Using PayPal-Hosted Images
PayPal requires that you use Express Checkout button images hosted on PayPal's secure
servers, rather than hosting copies of these images on your own servers. Also, using the
buttons on the PayPal servers eliminates the need for you to maintain them yourself. If the
buttons are updated, the new buttons appear automatically in your application. Using out-of-
date PayPal buttons could reduce customer confidence in your PayPal deployment.
When you get the HTML code at https://www.paypal.com/express-checkout-buttons
, it will
work only with PayPal-hosted buttons.
Tips
z Create checkout pages that are uncluttered and free from visual distractions.
z Keep the checkout flow to as few a number of pages as possible.
z Be sure that the PayPal Express Checkout button is clickable, and all PayPal buttons are
used for the use they were intended.
z Do not use the Preview button when the next page is actually a purchase.
z Avoid using warning or legal text as part of the primary checkout experience.
z Do not alter, recolor, or resize the PayPal Express Checkout button, or adding text around
the PayPal checkout button.
Redirecting to PayPal
After the response from SetExpressCheckout, the application must redirect the customer’s
browser to PayPal. The SetExpressCheckout response includes an Express Checkout
session token. Add the value of the Token from the SetExpressCheckout response as a
name-value pair where noted, and redirect the customer’s browser to the following URL:
https://www.paypal.com/cgi-bin/webscr?cmd=_express-
checkout&token=
value_from_SetExpressCheckoutResponse
N OTE: Express Checkout has a variation on this redirect URL (called “user action”) that
allows the application to bypass the second request-response pair
(GetExpressCheckoutDetails and GetExpressCheckoutDetailsResponse)
and change the text of the final button displayed on PayPal. For more information on
this variation, see PayPal Website Payments Pro Integration Guide.
Recommendation for Browser Redirection
To redirect the customer’s browser to the PayPal URL, PayPal recommends the HTTPS
response 302 “Object Moved”, with the PayPal URL as the value of the Location header in
the HTTPS response. Ensure that the application uses an SSL-enabled server to prevent
browser warnings about a mix of secure and nonsecure graphics.