[ic] PayPalExpress Signature and Token?

Lyn St George lyn at zolotek.net
Sun Sep 21 08:58:11 UTC 2008

On Friday 19 September 2008 17:32:49 Rick Bragg wrote:
> Hi,
> What is the PayPal "Three Token System" for the "signature" setting for
> paypalexpress? It seems there is a contradiction in the PayPalExpress
> documentation.
> One line reads:
> Log onto your PayPal Business (not Personal) account and go to "Profile" ->
> "API access" -> "Request API Credential" -> "Signature".  This will
> generate a user ID, a password and a signature for you to use.
> Then after that is says:
> signature      xxx  (Required.  Use the three-token system - not the
> certificate system at PayPal)

This is correct.

> Also, it says to:
> "Create a page called "ord/paypalsetrequest.html", with the following
> content, and make it the target of any "PayPal" buttons or links."
> [value name="pprequest" set="" hide=1]
> [charge route="paypalexpress" pprequest="setrequest"]
> [if scratch token]
>     [bounce
> href="https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=[sc
>ratch token]"] [else]
>     [bounce href="[area href=ord/checkout secure=1]"]
> [/else]
> [/if]

This needs to be updated, as the module redirects internally now to Paypal, so 
the [if scratch token ... /if] bit can be omitted.

> The problem here is that "token" is never set.  Where does the scratch
> variable "token" get set? And what should it's value be?

It's set internally within the module when Paypal returns the token. If the 
token is not returned, typically because the customer's shipping address 
fails validation or because Paypal simply fails for no reason, then the token 
is not set. I've sent you another version which includes better error 
messages which indicate to the customer where the problem may lie.

(PS to Jon Jensen: I'm back from Australia now and hopefully will soon be able 
to finalise this module and the others previously mentioned, and send them to 

> Thanks!
> rick

Lyn St George
consulting and hosting

More information about the interchange-users mailing list