Question
I'm using PayPal PayFlow Pro to process transactions. We've opted to use the secure token with transparent redirects to try and address PCI-Compliance issues.
In my token request, I am specifying the CUSTREF parameter like so:
https://stackoverflow.com/questions/17671391
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian&CUSTREF=461
I have also created a hidden field for this in the transaction form. I have the HTTPS proxy enabled for Fiddler and I can see these values coming through in both the secure token and transaction requests. The transactions complete successfully on the live PayFlow gateway.
However, when I view the transactions under https://manager.paypal.com/ > Reports > Daily Activity, the Cust Ref #: field on the detail page is empty.
The parameter is discussed for use in inquiry transactions on page 71 of this document: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf
I couldn't find much documentation on this field other than this. I had a look at some code samples, and it looks like the CUSTREF parameter should be passed in the transaction request (which was the first thing I tried), e.g.
https://github.com/angelleye/paypal/blob/master/PayFlowTransaction.php
Has anyone encountered this before? I have a ticket open with PayPal.
Solution
I received confirmation from PayPal that this is a bug.
This appears to work with the regular Payflow Pro API calls, but fails when passing the CUSTREF using a Secure Token API call or hosted pages (using Secure Token).
The recommended work-around was to pass the field through in the comments.
