PayPal error. This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow

0
votes

I'm trying to implement PayPal Direct payement to my website.

I get a Succes token back from PayPal when making a SetExpressCheckout call:

Array
(
    [TIMESTAMP] => 2015-03-06T10:16:55Z
    [CORRELATIONID] => 7d0a42f74fa6b
    [ACK] => Success
    [VERSION] => 121
    [BUILD] => 15420584
    [AMT] => 125.00
    [CURRENCYCODE] => EUR
    [AVSCODE] => X
    [CVV2MATCH] => M
    [TRANSACTIONID] => 29A40018PU668530B
)

The Response looks like this:

TIMESTAMP=2015%2d03%2d06T10%3a16%3a55Z&CORRELATIONID=7d0a42f74fa6b&ACK=Success&VERSION=121&BUILD=15420584&AMT=125%2e00&CURRENCYCODE=EUR&AVSCODE=X&CVV2MATCH=M&TRANSACTIONID=29A40018PU668530B

I've tried to depercent the url in several ways to send the response back top paypal. What I'm using now is: 

$result = rawurldecode($result);

The result looks like this as depercented: TIMESTAMP=2015-03-06T10:16:55Z&CORRELATIONID=7d0a42f74fa6b&ACK=Success&VERSION=121&BUILD=15420584&AMT=125.00&CURRENCYCODE=EUR&AVSCODE=X&CVV2MATCH=M&TRANSACTIONID=29A40018PU668530B

I've tried to lovercase the request with strtolower the result became like this:

Lowercased result:

timestamp=2015-03-06t10:31:45z&correlationid=490f48424be02&ack=success&version=121&build=15420584&amt=125.00¤cycode=eur&avscode=x&cvv2match=m&transactionid=80g4320670816912n

I've realised that strange character before cycode: ¤

When i try to send back the token with a redirect from PHP like this, (with or without the lowercased):

header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&'.$result);

I get redirected to: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=...

Saying:

This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow. Return to merchant At this time, we are unable to process your request. Please return to and try another option. Test Site

Even when I'm using the not lowercased version I got the same error!

I've realized that localhost was a problem. When uploaded my site the SetExpressCheckout Token was fine.

The problem is now when i'm getting back this token: TOKEN=EC%2d0PA6125744246545G&TIMESTAMP=2015%2d03%2d06T13%3a10%3a09Z&CORRELATIONID=10c7929423b68&ACK=Success&VERSION=121&BUILD=15640276

And sending a GetExpressCheckoutDetails request, with these parameters:

Array
(
    [METHOD] => GetExpressCheckoutDetails
    [USER] => ...
    [PWD] => ...
    [SIGNATURE] => ...
    [VERSION] => 121
    [TOKEN] => TOKEN=EC-0PA6125744246545G&TIMESTAMP=2015-03-06T13:10:09Z&CORRELATIONID=10c7929423b68&ACK=Success&VERSION=121&BUILD=15640276
)

I still get a Token error: 

Array
(
    [TIMESTAMP] => 2015-03-06T13:10:10Z
    [CORRELATIONID] => 4ec125d8280f3
    [ACK] => Failure
    [VERSION] => 121
    [BUILD] => 15640276
    [L_ERRORCODE0] => 10410
    [L_SHORTMESSAGE0] => Invalid token
    [L_LONGMESSAGE0] => Invalid token.
    [L_SEVERITYCODE0] => Error
)

Thank you for helping me out on this!

1
paypalpaypal-sandbox
That 'strange character' is &CURREN, and is there because you're decoding the entire string as a single querystring value.Adrian Wragg

1 Answers

2
votes

I realize that this question is over a year old, but I thought it was worth answering.

To start, the response that the token is invalid is accurate based on what you show in your array:

TOKEN=EC-0PA6125744246545G&TIMESTAMP=2015-03-06T13:10:09Z&CORRELATIONID=10c7929423b68&ACK=Success&VERSION=121&BUILD=15640276

This should stop at the ampersand (&) and as I show below, the $response array can be accessed like this to pass individual values into your next API request:

 $response["TOKEN"]; // this will ONLY return "EC-0PA6125744246545G" - remember that 
 // these tokens don't last beyond a few hours, but your next call should be 
 // a few seconds after the SetEC.

The resolution deals with a particular method: http_build_query()

// this is a method in a class that I built. Use it as needed
public function startRequest($params = array()){
    // this creates a handle to use later to add the request parameters to the curl call
    $request = http_build_query($params);

    $ch = curl_init();

    // cURL settings
    // the variable $this->_endpoint in this case points to:
    // https://api-3t.sandbox.paypal.com/nvp - you may be using SOAP, 
    // so URL will be different
    $curlOptions = array(
        CURLOPT_URL             => $this->_endpoint,
        CURLOPT_VERBOSE         => 1,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_POST            => 1,
        CURLOPT_POSTFIELDS      => $request
    );

    curl_setopt_array($ch, $curlOptions);

    // send request - $response will hold the API response
    $response = curl_exec($ch);

The $response variable is an array response from PayPal which can be used like this:

$responseText = '';
foreach($response as $k=>$v){
        $responseText .= $k ."=". $v ."\r\n";
}

// log the API response (and the request) to a file - always a good idea, 
// in case you need support for issues later on.
file_put_contents(path_to_log_file, current_time . ' MST - API response: \r\n' . $responseText ."\r\n===========\r\n", FILE_APPEND);

// also, you can access each value in the $response array so that you can use them 
// in later calls like DoEC:
$response["TOKEN"];

Let me know if I can clarify anything further.