Basic Paypal Sandbox Authorization and Capture Logic for Express Checkout

Question

I'm not understanding or am on the wrong section of documentation. This is my first time doing anything beyond a basic IPN response.

I have a developer account set up with all the credentials including the signature. My whole site is PHP and I am hoping to use a single function for all Paypal authorization and captures. I am writing this function now and only have the following non-dynamic functionality

function testHandler()
{
    if ( function_exists('get_magic_quotes_gpc') ) { $get_magic_quotes_exists = true; }

    $req = '';

    $myPost = array(
    'USER'                          => 'USER',
    'PWD'                           => 'PASSWORD',
    'SIGNATURE'                     => 'SIGNATURE',
    'METHOD'                        => 'SetExpressCheckout',
    //'METHOD'                        => 'GetExpressCheckoutDetails',
    //'TOKEN' => 'EC-XXXXXXXXXXXX', 
    'VERSION'                       => '95'
    'PAYMENTREQUEST_0_PAYMENTACTION'=> 'Authorization', #Sets up authorization for a single future payment
    'PAYMENTREQUEST_0_AMT'          => '1', #The amount authorized
    'PAYMENTREQUEST_0_CURRENCYCODE' => 'USD', #The currency, e.g. US dollars
    'cancelUrl'                     => 'http://www.yourdomain.com/cancel.html',
    'returnUrl'                     => 'http://www.yourdomain.com/success.html' 
    );

    foreach ( $myPost as $key => $value )
    {
        if ( $get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1 )
        {
            $value = urlencode(stripslashes($value));
        }
        else
        {
            $value = urlencode($value);
        }

        $req .= "&$key=$value";
    }

    $ch = curl_init( 'https://api-3t.sandbox.paypal.com/nvp' );
    curl_setopt( $ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1) ;
    curl_setopt( $ch, CURLOPT_POST, 1) ;
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
    curl_setopt( $ch, CURLOPT_POSTFIELDS, $req );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 1 );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 2 );
    curl_setopt( $ch, CURLOPT_FORBID_REUSE, 1 );
    curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Connection: Close') );

    if(  !( $res = curl_exec($ch) ) ) { curl_close($ch); exit; }

    curl_close($ch);

    return $res;
}

First, is this all the backend I would need? Providing the contents of $myPost are tailored to whatever step we are in the process.

I've ran this script on my server and it does return a token. I manually enter the token to simulate a customer being redirected, and I'm seeing a blank checkout page, expected since no item details were passed at any point.

https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-XXXXXXXX

Was I supposed to include order details in $myPost when creating the token like the standard express checkout variables? item_name, etc. Even so the price was passed, why doesn't that show up? The checkout page's summary is completely bare.

Next, the portion of $myPost that is commented out is needed to retrieve the payerID with GetExpressCheckoutDetails.

When I try to run that step of code I get this response

TOKEN=EC%2dXXXXXXXXXX&BILLINGAGREEMENTACCEPTEDSTATUS=0&CHECKOUTSTATUS=PaymentActionNotInitiated&TIMESTAMP=2015%2d01%2d12T22%3a47%3a01Z&CORRELATIONID=403d2feb197db&ACK=Success&VERSION=95&BUILD=14726230&CURRENCYCODE=USD&AMT=1%2e00&SHIPPINGAMT=0%2e00&HANDLINGAMT=0%2e00&TAXAMT=0%2e00&INSURANCEAMT=0%2e00&SHIPDISCAMT=0%2e00&PAYMENTREQUEST_0_CURRENCYCODE=USD&PAYMENTREQUEST_0_AMT=1%2e00&PAYMENTREQUEST_0_SHIPPINGAMT=0%2e00&PAYMENTREQUEST_0_HANDLINGAMT=0%2e00&PAYMENTREQUEST_0_TAXAMT=0%2e00&PAYMENTREQUEST_0_INSURANCEAMT=0%2e00&PAYMENTREQUEST_0_SHIPDISCAMT=0%2e00&PAYMENTREQUEST_0_INSURANCEOPTIONOFFERED=false&PAYMENTREQUESTINFO_0_ERRORCODE=0

This makes sense seeing as no payment information was entered. Am I supposed to enter real financial info during Sandbox to get to the next step? Should I have collected it from the customer and passed it through when I created the token? Where can I access this created token and force the next step?

If this was live and provided I'm able to pass the item details so the checkout page isn't blank, the customer would enter their details and be redirected to the after page with their token in the URL. At that point I can use the token with GetExpressCheckoutDetails and retrieve a PayerID? And with that PayerID I can use DoExpressCheckoutPayment to get a transaction ID for final payment capture?

Thanks for reading

Answer 1

Sounds like you've got the gist of it. Express Checkout consists of 3 separate API calls: SetExpressCheckout , GetExpressCheckoutDetails , and DoExpressCheckoutPayment .

SEC is just the first step in the process, and yes, there are many more parameters you can include in the calls so that all order data shows up and is used as expected as you can see in the previous links.

No money is moved until that final DECP call is completed, and only the details included in that request will be saved and passed along through the PayPal system.