| Products |
| Web How-To |
| Free Tools |
| FAQ |
| Contact Us |
| Our Clients |
You are here: Home > Articles > PayPal Integration
PayPal Payment Integration
PayPal is a quick and easy way to get into online sales of your products, software, and eBooks on your website. PayPal allows the convenience accepting credit card and other transactions without having a credit card merchant account or pay monthly fees. Your cost is limited to a charge and percentage of each transaction that gets lower as your sales volume increases.
This site will help webmasters and those wanting to start selling online get their products up for sale using PayPal.
Overview of the PayPal System
The most popular way to integrate into PayPal is to use payment buttons, such as the "Buy It Now" or with PayPal's hosted shopping cart - an Add To Cart button. You can also pass an entire shopping cart of products through a button as well. Integration with the PayPal API is another more complicated method, but outside the scope of this page.
Once Paypal processes the customer payment, you have the option of receiving the data for the transaction as a POST back to your website with Instant Payment Notification (IPN) or the more complicated Payment Data Transfer (PDT).
Using PayPal's Instant Payment Notification (IPN) can you you implement more complicated back end processing such as preparing shipping lables or for electronic products - providing and instant download option.
Security of PayPal Integration
Using any 3rd party payment processing provider has some risks. Your product and pricing information is usually passed along with the user through a html form POST. This does open the possibility of malicious users changing the data before or in transit to the payment processor:
A typical PayPal payment form looks like this:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="paid@yourdomain.com"> <input type="hidden" name="item_name" value="my product"> <input type="hidden" name="item_number" value="12345"> <input type="hidden" name="amount" value="9.99"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="bn" value="PP-BuyNowBF"> <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
Now the problem with the above payment button, is that it is subject to what's called "e-Shoplifting". Users can save your HTML page to their local computer and edit the HTML pricing value to lower the cost, say $0.01.
PayPal allows the form data to be sent in an encrypted way, their ButtonBuilder code will create
code like:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAlAEglEZ83ByKzWti7Ji6fzStyqOk4lMhwIAniDMH8wayk2CIpzGTgXWB11uhBciiAuREbJPapwrbjAbV8Q3x6UFq+8Diw2+mLuyH37i+BHTb6aq40f2RAS2aVxH+9oZBEkM7Bcw7rLFJXmpKJBNyogON29gk2/U73fVLcvZoLVjELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIcSvdoZTJGTuAgaA77JdP4RmxeBmdT/kj3KYJLqPK8FSMk1Q7JVL07mr4zbb30p6EFUFRDHWWML5B85EzUQEBgB2W4RRHOMhnFHxvxmZNgtYPU2V8CZMzpMAN9ljGCeUxPgBXRa/pF1/BS9I8yuG9wIxL1RDhR9pgyHTtJHiqkcLoFJPauxhZT7kPhq2jJKiEeDSkmSz7PL/Aorq6yqn+bvlAJi1dLlLqz6zGoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNTEwMDMxMzM1WjAjBgkqhkiG9w0BCQQxFgQUOAQ2uF/uUqWhQiw/83ZSo1QjtykwDQYJKoZIhvcNAQEBBQAEgYBAgky/QK/8KklX5LLNYW6FOh59HIW+6P879ovhIWmeA78/a+/skrPPKg0lCbQwI+6kAqbv/MscxfIgbkcgXy4pXUxRCXGa7UWTu3YJwn1eK+njm8tdUji8pwcEDlHvmPvyEE+2O1abEF0yMnsNemIQnXpDLg28YjhHDmAk382lMg==-----END PKCS7----- "> </form> |
In the above example, all the form data - product info and pricing - are passed in the encrypted data. Note that you must ensure that you limit your PayPal account to only accept encypted payments to prevent malicious users from creating an entire form with tainted data.
How-To: Build your own PayPal Encrypted Buttons
Making PayPal Encrypted buttons with PHP or Perl
How-To: PayPal Instant Payment Notification
Coming Soon