Working example of paypal Website Payments Pro Hosted Solution Iframe?

Question

I am looking to use use paypals Website Payments Pro Hosted Solution so we can accept payments through paypal without our users feeling like they are leaving the site and without us having to be PCI compliant.

We are wanting this to work in this format:

• user hits buy page for an item and selects quantity and hits buy now button
• AJAX request is sent to server to validate quantity/calculate total etc
• AJAX request returns url for iframe
• Iframe is populated with the page, then once it has finished loading the iframe is shown
• User fills in credit card details and paypal completes the transaction
• The success page which paypal redirects the iframe to calls some javascript in the parent page to redirect to another url.

So, I have the quantity select page,
I know how to send the data to the server and validate quantity/calculate total

What I don't know how to do is from this point send the request to paypal to get the url for the iframe.

What I have tried doing (as a very basic standalone example) is:

<?php

class paypal {

    private $APIuser;
    private $APIpass;
    private $APIsign;
    private $APIvers = '74.0';  
    private $APIaddr = 'https://api-3t.sandbox.paypal.com/nvp';
    private $post_params = array();

    function __construct($APIuser, $APIpass, $APIsign){
        $this->APIuser = $APIuser;
        $this->APIpass = $APIpass;
        $this->APIsign = $APIsign;
    }

    function param($name, $value = null){
        $this->post_params[$name] = $value;
        return $this;
    }

    function getUrl(){

        $post = $this->post_params;
        $post['pwd']        = $this->APIpass;
        $post['user']       = $this->APIuser;
        $post['method']     = 'BMCreateButton';
        $post['version']    = $this->APIvers;
        $post['signature']  = $this->APIsign;
        $post['buttoncode'] = 'CLEARTEXT';
        $post['buttontype'] = 'PAYMENT';

        $post_string = '?';
        foreach($post as $k => $v)
            $post_string .= $k.'='.urlencode($v).'&';

        $post_string = substr($post_string, 0, -1);

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $this->APIaddr.$post_string);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        $out = curl_exec($ch);
        curl_close($ch);

        $out = explode('&', $out);
        $final = array();
        foreach($out as $k => &$v){
            $v = explode('=', $v);
            $final[$v[0]] = urldecode($v[1]);
        }
        return $final;
    }
}

//mock variables
$price = 10.00;
$APIu  = 'xxxxxxxxxx';
$APIp  = 'xxxxxxxxxx';
$APIs  = 'xxxxxxxxxx';  


$paypal = new paypal($APIu, $APIp, $APIs);
$paypal->param('L_BUTTONVAR0=subtotal', $price*$_GET['quantity']);
$paypal->param('L_BUTTONVAR1=template', 'templateD');
$resp = $paypal->getUrl();
?>
<iframe width="100%" height=100%" src="<?php echo $resp['EMAILLINK']; ?>"></iframe>

Which at first seems to work fine, until you enter your test buyers credit card details and get hit with

Please return to the payment page and correct the address.

What am I doing wrong/ what do I need to make this work?

Answer 1

Actually, try the following API call and let me know if this works for you:

METHOD=BMCreateButton&
BUTTONTYPE=PAYMENT&
BUTTONCODE=TOKEN&
L_BUTTONVAR0=subtotal=11&
L_BUTTONVAR1=tax=2&
L_BUTTONVAR2=shipping=3&
L_BUTTONVAR3=handling=4&
L_BUTTONVAR4=template=templateC