Integration Guide
Table Of Contents
- PayPal Payments Pro Integration Guide
- Contents
- Preface
- Introducing PayPal Payments Pro
- Introducing Direct Payment
- Introducing Express Checkout
- Getting Started With Direct Payment
- Getting Started With Express Checkout
- Integrating Recurring Payments
- How Recurring Payments Work
- Recurring Payments Terms
- Recurring Payments With Direct Payment
- Recurring Payments With the Express Checkout API
- Options for Creating a Recurring Payments Profile
- Recurring Payments Profile Status
- Getting Recurring Payments Profile Information
- Modifying a Recurring Payments Profile
- Billing the Outstanding Amount of a Profile
- Recurring Payments Notifications
- Getting Started With the PayPal Name-Value Pair API
- Implementing 3-D Secure Transactions (UK Only)
PayPal Payments Pro Integration Guide April 2012 91
Implementing 3-D Secure Transactions (UK Only)
Transaction Processing
B
– Error information: Evaluate and take appropriate action if nonzero. Refer to the Thin
Client Integration Guide for error codes, descriptions, explanations, and recommended
actions.
– Cardinal transaction information that you will pass to other requests: TransactionId,
Enrolled, Payload, and EciFlag.
– ACSUrl: If Enrolled=Y, this contains the URL for the card issuer’s (bank’s)
authentication site.
Evaluate Enrolled and ACSUrl:
– If cardholder is not enrolled (Enrolled is N) or if the Authentication service is
unavailable (ACSUrl is U or N), continue with Step 5 below.
– If cardholder is enrolled, continue with the next step.
3. Using an HTTP form POST, pass the cardholder to the URL (ACSUrl) returned by
cmpi_lookup, which is the card issuer’s authentication URL. Pass several fields to this
request:
– Transaction information from cmpi_lookup.
– MD field optionally containing arbitrary merchant data; set to blank if not used.
– TermUrl: The URL of the page you set up to handle the issuer’s return call.
See Issuer Authentication Request for the complete list of required fields.
Cardholders attempt to authenticate themselves at the issuer’s URL. The completion of the
attempt returns a response to your application by using HTTP Form POST to call the URL
you specified in TermUrl. The response contains the PaRes.
4. Call cmpi_authenticate, passing PaRes as PAResPayLoad. This interprets the
payload to determine whether the cardholder passed the authentication process with the
card’s issuer.
See cmpi_authenticate API for the complete list of required fields.
5. The cmpi_authenticate request returns several fields:
– Error information: Evaluate and take appropriate action if nonzero. Refer to the Thin
Client Integration Guide for error codes, descriptions, explanations, and recommended
actions.
– Authentication information in PAResStatus, SignatureVerification, Cavv,
EciFlag, and
Xid.
See cmpi_authenticate API for details about the returned fields.
Evaluate SignatureVerification:
– If the signature is not verified, return an authentication-failed message to the cardholder
and stop processing the transaction.
– If the signature is verified, continue with the next section.