PayPal Payflow: How to verify in one request, and then authorize in another without saving CC info?

StackOverflow https://stackoverflow.com/questions/21486475

  •  05-10-2022
  •  | 
  •  

Question

I'm building a book store and I am building the checkout using PayPal Payflow . This is the checkout flow:

Shipping info --> Billing info |verify CC using Paypal| --> Order summary --> Submit |authorize CC using Paypal|

  1. Shipping info: fill out shipping address, nothing special here

  2. Billing info: fill out your billing address + credit card info. Don't save the credit card info since it's against standards, instead just send the CC number, expiration date, and CVV directly to PayPal to verify. PayPal approves.

  3. Order summary: The order sees the summary of his order before he submits the order. He presses submit and another request to PayPal is sent to authorize the funds.

However, the CC info vanishes after #2, so how would I persist that data to #3 so that I can send it to PayPal again?

Can I just use the ORIGID to point to the PNREF ? The documentation says I have to do a full request with the whole params list (including CC info, CVV, exp date, etc).

TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant&USER=S uperMerchant&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&COMMENT1=Seco nd purchase&COMMENT2=Low risk customer&INVNUM=123456789&STREET=5199 MAPLE&ZIP=94588

Or am I just misunderstanding what authorization means? Isn't authorization actually reserving funds in the user's CC? So that shouldn't be done until the user presses submit order right?

Was it helpful?

Solution

I figured it out.

The documentation here: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/pp_payflowpro_guide.pdf

on page 40 mentions it briefly, but doesn't go into much detail about this checkout flow even though it seems pretty common.

My assumption was right, in that I could just do an address verification request first with all the CC info, and use the PNREF returned. I save the PNREF id in my session and reuse it to submit a request that looks like this:

def authorize_transaction(pnref)
  make_request(authorization_data(pnref))
end

def authorization_data(pnref)
  {
     "TRXTYPE" => "A",
     "TENDER" => "C",
     "USER" => PAYPAL_API["user"],
     "PWD" => PAYPAL_API["pwd"],
     "VENDOR" => PAYPAL_API["user"],
     "PARTNER" => "Paypal",
     "AMT" => purchase.total_price,
     "ORIGID" => pnref,
     "VERBOSITY" => "HIGH"
   }
end

And receive the desired response:

{"RESULT"=>"0", "PNREF"=>"A10A6A9C08E1", "RESPMSG"=>"Approved", "AUTHCODE"=>"752PNI", "AVSADDR"=>"Y", "AVSZIP"=>"Y", "HOSTCODE"=>"A", "PROCAVS"=>"Y", "VISACARDLEVEL"=>"12", "TRANSTIME"=>"2014-01-31 11:53:56", "FIRSTNAME"=>"net", "LASTNAME"=>"theory", "AMT"=>"15.64", "ACCT"=>"1111", "EXPDATE"=>"0115", "CARDTYPE"=>"0", "IAVS"=>"N"}

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top