PayPal Website Payments Standard
PayPal Website Payments Standard allows users to pay with either their PayPal account or a credit card, but the payment happens on the PayPal site. If you use only PayPal Standard and no other payment options, then you can get away with not having an SSL certificate, because no sensitive information is entered directly in your site. PayPal passes a token back to our site then the mojoportal code uses that token to make a secure SSL request to PayPal to get the details. There is no monthly fee to use PayPal Standard so it is easy and affordable. mojoPortal content management system implements both the Payment Data Transfer (PDT) and Instant Payment Notification (IPN) handlers so that we can know when the final payment has cleared. In most cases payment clears very quickly but if the user pays on PayPal using an echeck it can take longer.
These settings are needed for PayPal Standard:
<add key="Site1-PaymentGatewayUseTestMode" value="false" />
<add key="Site1-PayPalUsePayPalStandard" value="true" />
<add key="Site1-PayPalStandardProductionEmail" value="" />
<add key="Site1-PayPalStandardProductionPDTId" value="" />
Note that all the settings are prefixed with Site1-
In most cases this will be correct for a single site installation because the first site will typically have SiteID = 1, however you may want to verify your SiteID by looking in the mp_Sites table. If you SiteID is 2 then your prefix will be Site2- and so on depending on your SiteID.
After you sign into your PayPal account:
- Under the My Account tab click on "my selling tools" in left nav bar
- Click on the "website preferences" from the list in the center of the screen.
- Set Auto Return to "On"
- For the return url enter http://yoursiteroot/Services/PayPalPDTHandler.aspx
- Set Payment Data Transfer to "On"
- Click the SAVE button at the bottom of the page
- At the top you'll see a confirmation message. Look for and save the Identity Token which will look something like this:
- Click on the "Instant payment notifications" from the list in the center of the screen and edit settings.
- Set the notification url to http://yoursiteroot/Services/PayPalIPNHandler.aspx
- On this same screen under "IPN messages" click the radio button that says "Receive IPN messages (Enabled)" and then SAVE
If PayPal Standard will be your only or primary payment system then you also need this setting:
<add key="Site1-PrimaryPaymentGateway" value="PayPalStandard"/>
To test with the sandbox, you would need these settings:
<add key="Site1-PaymentGatewayUseTestMode" value="true" />
<add key="Site1-PayPalStandardSandboxEmail" value="" />
<add key="Site1-PayPalStandardSandboxPDTId" value="" />
However, I would recommend don't bother with the sandbox for the following reasons:
- It is extremely difficult to get the sandbox working, production is much easier, believe me on this and save yourself some unnecessary stress.
- Even if you did manage to test with the sandbox, you still need to also test production with order(s) before real customers show up, so there is not much benefit to testing in the sandbox.
When you test on production you can configure a test product priced at $1, since the money goes into your account the only cost is the transaction fee which will be around 35 cents per transaction on a $1 product.
Note that PayPal returns a contact phone number only if your Merchant account profile settings require the buyer to enter one.
Medium Trust Hosting Considerations
In Medium Trust hosting there may be limitations on the ability to make server side web requests. This can be a problem when using PayPal because when PayPal posts to your site they post a transaction id and then the server must make a server side web request to PayPal to get the transaction details. In some Medium Trust hosting environments this may fail and you may see network errors such as SocketExceptions in the mojoPortal log.
We can test medium trust on a development machine by forcing medium trust from Web.config like this:
<trust level="Medium" originUrl=".*" />
By having the originUrl specified as .* server side web requests are allowed but if your host is forcing medium trust they may not have this orginUrl set and it may not allow server side web requests. Note that we cannot change to less restrictive trust level from web.config, if the host has specified medium trust in the machine.config, we cannot change it to Full Trust from Web.config, whereas in Full Trust hosting we can force more restrictive trust level for testing purposes.
In some cases you may be able to get your host to add the needed originUrl setting in machine.config to allow server side web requests. In other cases your host may have a proxy server that you can configure to enable server side requests. The proxy server would need to be specified in the <system.net section of Web.config as in the example below:
<proxy usesystemdefault = "False" bypassonlocal="False" proxyaddress="http://myproxyaddress:port" />
So you may need to ask your host about this if you are having trouble getting the order notifications from PayPal.