Integration Guide
Table Of Contents
- Preface
- How Website Payments Standard Works
- Using Your Merchant Account Profile and Tools
- The Account Profile Summary
- Branding PayPal’s Payment Pages
- Streamlining Purchases with Website Payment Preferences
- Blocking Certain Kinds of Payment
- Adding Your Credit Card Statement Name
- Getting Customer Contact Telephone Numbers
- Language Encoding Your Data
- Multi-User Access to Your PayPal Account
- PayPal-Supported Currencies
- Issuing Refunds
- Single-Item Payment: Buy Now and Donations
- Multiple-Item Payment: Shopping Cart
- Encrypted Website Payments
- Testing in the PayPal Sandbox
- Website Payments Standard HTML FORM Basics
- Website Payments Standard HTML Variables
- Country Codes
- Index
Website Payments Standard Checkout Integration Guide November 2005 85
5
Encrypted Website Payments
To add security to online payments, you can create Encrypted Website Payment (EWP) button
code that relies on standard public key encryption. With public and private keys, you can
dynamically encrypt payment information before sending it to PayPal.
Encrypted Website Payments works in the following way.
Prerequisites to Using EWP
This section describes how to create your private and public keys for EWP, upload your public
key to PayPal, and download a copy of PayPal’s public key:
z Generate a private key
z Generate a public certificate
z Upload your public certificate to the PayPal website at https://www.paypal.com/us/cgi-
bin/webscr?cmd=_profile-website-cert
z Download PayPal's public certificate from https://www.paypal.com/us/cgi-
bin/webscr?cmd=_profile-website-cert
TABLE 5.1 How Encrypted Website Payments Work
Merchant Customer PayPal
Creates HTML name/value pairs that represent
the parameters of the HTML
FORM to post to
PayPal when a customer clicks a button on his
website
Encrypts the button parameters with PayPal’s
public key
Signs the encrypted data with his own private
key
Publishes the signed, encrypted
FORM to his
website with a “Pay” button
Clicks “Pay” button, which
posts the signed, encrypted
FORM data to PayPal’s URL
Checks the authenticity of the data by
using the merchant’s uploaded public
key
Decrypts the data with PayPal’s
private key
Directs the buyer’s browser to the
PayPal payment flow specified in the
button parameters