Paypal payflow setup in rails

After long time of automation testing on rspec, recently I have started doing development. The initial task itself an interesting task – Paypal Payflow setup as a payment gateway for my rails application. Even though it took me three days to complete it :),  I finally I did it and this gave me feeling that I learnt something new.

Let’s see how we can setup Payflow payment gateway for a rails application. It is a four step process:

  1. Setup test payflow account with paypal.
  2. Add Paypal API credentials in your application.
  3. Fetch secure token before making payment.
  4. Redirect to paypal hosted pages for payment and handling the callback.

Setup test payflow account with Paypal

This is pretty straight forward and here is a good article which explains with screen shots how can we setup for test payflow merchant account.

Add Paypal API credentials in your application

The login credentials can be used as API credentials to call Paypal API. Save the credentials on config/initializers/paypal.rb.

# config/initializers/paypal.rb

unless Rails.env.production?
  PAYPAL_CONFIG = { :mode => 'test',
                    :partner => 'Paypal',
                    :currency => 'USD',
                    :payflow_url => 'https://pilot-payflowpro.paypal.com',
                    :gateway => "https://payflowlink.paypal.com"    }
else  # only production
  PAYPAL_CONFIG = { :partner => 'Paypal',
                    :currency => 'USD',
                    :payflow_url => 'https://payflowpro.paypal.com',
                    :gateway => "https://payflowlink.paypal.com"}
end

Fetch secure token before making payment

This is the most important step. Using a secure token we can make secure transaction with paypal server. This token is valid only for five minutes. After five minutes you can’t complete the transaction.  In my application I have used ‘curb’ (a curl ruby wrapper) to generate HTTP post request. You can alternatively use http/net or HttParty or Faraday.


#lib/paypal.rb
module Paypal
  class Configuration
    def self.gen_secure_token(amount, order)
       curl = Curl::Easy.new
       curl.ssl_version = Curl::CURL_SSLVERSION_SSLv3
       curl.url = PAYPAL_CONFIG[:payflow_url]
       success = curl.http_post(Curl::PostField.content('TRXTYPE', 'A'),
                         Curl::PostField.content('TENDER', 'C'),
                         Curl::PostField.content('AMT', amount.round),
                         Curl::PostField.content('ORDERID', order.id),
                         Curl::PostField.content('CURRENCY', PAYPAL_CONFIG[:currency]),
                         Curl::PostField.content('CREATESECURETOKEN', 'Y'),
                         Curl::PostField.content('SECURETOKENID', SecureRandom.hex(18)),
                         Curl::PostField.content('PARTNER', PAYPAL_CONFIG[:partner]),
                         Curl::PostField.content('VENDOR', <paypal_login>),
                         Curl::PostField.content('USER', <paypal_login>),
                         Curl::PostField.content('PWD', <paypal_password>)
                        )
       if success
          recd_string = curl.body_str.split('&').collect{|i| i.split('=')}
          Hash[recd_string]
       else
          {}
       end
    end
  end
end

I am generating a secure token for an order and for a particular amount. Below is the explanation for the parameters:

TNXTYPE: Transaction Type. ‘A’ – Authorization request will be used to generate secure token.(mandatory)
TENDER : Method of payment. ‘C’ stands for it’s credit card payment.(mandatory)
AMT : Transaction Amount(mandatory)
ORDERID: For which order you are doing transaction.
CURRENCY: Currency of the transaction(here it is USD)
CREATESECURETOKEN: Boolean value whether paypal should needs to create secure token or not.
SECURETOKENID: Before generating secure token we need to generate secure token ID.  Both secure token ID and secure token will make a unique transaction. It should be ’18′ characters.
PARTNER: it is always ‘paypal’
VENDOR : Paypal login
USER: paypal login
PWD: Paypal password.

Note: Before sending the request to paypal you have to set SSL version. Otherwise paypal won’t give any secure token. This request gets sent to https://pilot-payflowpro.paypal.com on testing mode and to https://payflowpro.paypal.com in production mode.

Redirect to paypal hosted pages for payment and handling the callback

After we get secure token then we have to submit the form with secure ID and secure token to https://payflowlink.paypal.com.

<form accept-charset="UTF-8" action="https://payflowlink.paypal.com" id="pay" method="post">
  <input id="SECURETOKEN" name="SECURETOKEN" type="hidden" value="1j3G4l8NGMUyUOulrB3I0bAAQ">
  <input id="SECURETOKENID" name="SECURETOKENID" type="hidden" value="801f9cfb2dd4127002138e21794f0e77b252">
  <input id="mode" name="mode" type="hidden" value="test"> <!-- Comment this line when your are running app on production mode -->
</form>

As we are using paypal hosted pages for doing payment, it redirects to paypal website where the can actually do payment. You can customize hosted pages by logging on to your paypal account. You can even set the success and failure redirect URLs in the hosted pages configuration.

This process ensures that there is never any sensitive credit card or payment information being sent to our server, hence we have auto-compliance for the website and don’t require any PCI compliance or even an SSL certificate!

I hope after reading this article no one will spend that much time that I have spent on this to integrate. Suggestions would be welcome.

About these ads
This entry was posted in Ruby on Rails, Tutorials and tagged , . Bookmark the permalink.

3 Responses to Paypal payflow setup in rails

  1. Awesome! Thanks for posting this. It’s nice to see that you show how to do this using plain requests instead of using yet another gem

  2. Imtiaz says:

    my paypal billing info page needs to be apprear in Arabic. How can i do that?

  3. @imtiaz I don’t know. I need to investigate on this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s