ActiveMerchant and Encrypted Paypal Standard Checkout


#1

Hi,

Does any know about a good resource for using ActiveMerchant to create
an encrypted button that will use Paypal’s Standard checkout mode?

Best regards,


#2

I have found some info on the following page:
http://www.fortytwo.gr/blog/14/Using-Paypal-with-Rails

However at some point, the writer creates a Crypto42 module which
encrypts the data for the button, but this defeats the purpose of using
ActiveMerchant. Doesn’t AM ship with a way to encrypt the button?

AM has all the code necessary to handle the IPN so that’s not a problem,
but I don’t understand how to create an encrypted button with AM.


#3

This took me about a week of hair-pulling to finally locate and I’m
happy to save you that pain – :slight_smile:

It seems that the nice folks at PayPal actually wrote a rails plugin to
do this and then decided to TELL NO ONE ABOUT IT!

Somehow I found it after A LOT of looking. The name of the magic plugin
is “PayPalWPSToolkit” and currently sits in my Rails Plugin folder. I
wish I could tell you the exact url I downloaded it from but I’m sure
you can google around and find it somewhere.

I have it up and running on my site and it works like a charm.


#4

Hi John,

Thanks for your reply. In the mean time I had found the Paypal plugin
which is buried somewhere in their developer website.

The link I have posted earlier actually has taken code from it to create
the button. I still don’t understand why it is not made available
out-of-the-box in ActiveMerchant.

I would have one Paypal specific question for you: do you know how to
redirect the user automatically to the credit card form instead of
having him redirected first to a page where there is no credit card
form and where the buyer must seek for a “don’t have a paypal account
yet” link?

Best regards,

PS: You are right, Paypal’s websites are total crap with respect to user
interface, I constantly get lost…


#5

Like you, I spent some time trying to avoid this obfuscation for my
users but had no luck – obviously, Paypal has set it up that way on
purpose to encourage Paypal usage. Not nice of them especially since a
lot of my users are from an older demographic less savvy about
Paypal/Web and less able to notice the little link allowing them to use
a credit card. They get confused.

Seperately, from the recesses of my brain here’s one more little “tip”
if you adopt the plugin – the plugin can override most any setting that
you can set on the website. So, for example, if you change your ipn
redirect url or anything in your “profile” on the website it will have
no effect if you’ve also set it in your call from the rails app.

I recently switched my site from http to https and couldn’t figure out
why PayPal kept sending my IPNs and PDTs to http even though I
instructed https on the website. The answer was that I had forgotten
that I was overriding the website with my orginal call from my app.


#6

Like you, I spent some time trying to avoid this obfuscation for my
users but had no luck – obviously, Paypal has set it up that way on
purpose to encourage Paypal usage.

I know it is possible to do it, because the peepcode.com website does
it. As the developer of the website didn’t even bother encrypting the
params, I tried to look at the html code, but I was not able to identify
any param that could alter this behaviour. It is probably a hidden
option somewhere in the paypal Business profile.

Seperately, from the recesses of my brain here’s one more little “tip”
if you adopt the plugin […]

The code in this plugin is an absolute joke. Very php-compliant. Some
methods simply call other methods without doing anything at all except
passing the exact same args. I am also fed up having to hunt for these
class vars scattered all over the place.

I would not recommend using this plugin as is, it is better to
understand it and refactor it… a lot.

By the way, why do you use SSL for the IPN? Isn’t Paypal’s notification
encrypted?

PS: the developer of the Rails plugin by Paypal is a developer of
ActiveMerchant.


#7

I checked out peepcode and it seems like I landed on the same PayPal
page that my users land on. Specifically, there’s this text on the left
side of the Paypal page –
Don’t have a PayPal account?
Use your credit card or bank account (where available). Continue
<–small, easily missed link
The right side of the page has a big “Log In To Paypal” box.

Yep, plugin seems to be haphazardly translated from some other source
(as you sugggest–probably PHP). I cut and pasted what I needed and I’m
not even sure how much of it I’m actually using any more. In that
sense, it got the job done and I was grateful for it.

You’re right, SSL for ipn is overkill. It was quicker to just SSL the
whole checkout controller instead of making an exception for my
ipn_update action.

My app has a lot of private data on it so for marketing purposes I often
use https in places that don’t really need it – there’s that small
slice of observant people that perhaps take comfort in seeing https
sprinkled around and maybe that’s worth the extra server encryption
overhead.


#8

Clearly, PayPal/Ebay has a bias for Mac users.

Maybe PayPal’s running a quick and dirty test on click-through rates and
is using browser type to maintain a consistent presentation to the two
classes of users. In the off chance that someone buys multiple items
through WPS they won’t keep seeing different versions of the landing
page (assuming they always use the same web browser).


#9

I tested again on my WinXP box, you seem to be right, Paypal checks for
the client Platform:

I tested on my own website to see how it redirects to Paypal:

Mac+FF3: crap page
Mac+Saf: credit card form

Win+FF3: credit card form
Win+IE6: credit card form

Best regards,


#10

John C. wrote:

I checked out peepcode and it seems like I landed on the same PayPal
page that my users land on. Specifically, there’s this text on the left
side of the Paypal page –
Don’t have a PayPal account?
Use your credit card or bank account (where available). Continue
<–small, easily missed link
The right side of the page has a big “Log In To Paypal” box.

There is something paranormal going on, I just tested again peepcode,
and I directly landed on the credit card form using Safari 3.1. Then I
tried with Firefox 3, and I landed on the crappy paypal page where you
must first click on the tiny link to get to the credit card form…