Manualshelf

Developer's Guide

ManualsBrandsPayPal ManualsSoftwarePayPal Gateway - 2012
21222324252627282930
Table Of Contents
Gateway Developer Guide and Reference 31 July 2012 27
2
Secure Token
This section describes the secure token.
“Secure Token” on page 27
“Integrating the Secure Token With the Hosted Checkout Pages” on page 27
“Integrating the Secure Token Without the Hosted Checkout Pages: Transparent Redirect”
on page 28
“Posting To the Hosted Checkout Page” on page 29
About the Secure Token
Use a secure token to send non-credit card transaction data to the Gateway server for safer
storage. The secure token prevents anyone from intercepting or manipulating the data. You
must use a secure token if you use hosted checkout pages. The token is good for a one-time
transaction and is valid for 30 minutes.
NOTE: PayPal Payments Pro and Payflow Pro merchants who do not use a secure token must
host their own payment pages. When hosting your own pages, you are responsible for
meeting PCI requirements by handling data securely. PayPal Payments Advanced and
Payflow Link merchants must use a secure token with hosted checkout pages.
To obtain a secure token, pass a unique, 36-character secure token ID and set
CREATESECURETOKEN=Y in a request to the Gateway server. The Gateway server associates
your ID with a secure token and returns the token as a string of up to 32 alphanumeric
characters.
To pass the transaction data to the hosted checkout page, you pass the secure token and secure
token ID in an HTTP form post. The token and ID trigger the Gateway server to retrieve your
data and display it for customer approval.
NOTE: You cannot modify the data sent with a secure token, with one exception. You can
configure PayPal Manager to allow you to modify billing and shipping information.
Integrating the Secure Token With the Hosted Checkout Pages
To create a secure token, pass all parameters that you need to process the transaction except for
payment details parameters such as the credit card number, expiration date, and check number.
For details on transaction parameters, see “Submitting Credit Card Transactions” on page 47.
In addition, pass the following Payflow parameters to create the secure token.