PayPal APIs_ Up and Running_ A Developer's Guide - Michael Balderas [3]
Obtaining API Credentials
To access the NVP API, you first need to establish credentials. These identify who you are and ensure payments get to where they need to go. You establish credentials through either an API signature or an API certificate. You will need two sets of API credentials: one for development and one for production.
Creating an API Signature
Developing your application only requires access to the PayPal API sandbox. You can sign up for access to the sandbox at http://developer.paypal.com or http://x.com. Once your account is established, you can create your test accounts and obtain your API credentials. Sandbox accounts and live accounts require different processes to obtain credentials. Use the following steps for a sandbox account:
Go to https://developer.paypal.com and click “Sign Up Now.”
Enter the requested information and click “Agree and Submit.”
PayPal will send you an email to complete the sign-up process.
After confirming your email address, click “Sign Up Now” to access the sandbox.
Log into your sandbox account (after the initial login, this can be accessed directly by going to https://www.sandbox.paypal.com).
Click the “Test Accounts” link.
Click the “Create Test Account” link.
Choose Seller for the account type and select the other appropriate options (going with the defaults is highly recommended).
When using the defaults, API credentials are created automatically.
Click the API credentials link to access your API credentials.
Note
PayPal recommends you use a different login and password for your developer account than those for your live PayPal account. This will allow other people on your development team to access the sandbox and test your application without giving them access to your regular PayPal account.
For a live account, use the following steps:
Log into your PayPal Account. Under “My Account”, click the “Profile” option.
Click “API Access.”
Click “Request API Credentials.”
Check the “Request API signature” option, and then click “Agree and Submit.”
We will use the API Signature method of specifying credentials throughout this book. An API Signature is composed of three elements, as shown in Table 1-1.
Table 1-1. NVP API Signature components
API Signature component Example value
API username sdk-three_api1.sdk.com
API password QFZCWN5HZM8VBG7Q
API signature A-IzJhZZjhg29XQ2qnhapuwxIDzyAZQ92FRP5dqBzVesOkzbdUONzmOU
When you are ready to go live, you will need to activate either the Website Payments Standard or Website Payments Pro Product on your account and establish your credentials for that account. You can sign up for your account at http://www.paypal.com.
Tip
Website Payments Pro requires additional vetting before being activated.
Creating a Name-Value Pair (NVP) Request
There are three key steps that your application must accomplish to post to the NVP API: URL encoding, constructing the request in a format the NVP API can interpret, and posting the request via HTTPS to the server.
URL encoding
Both the request to the PayPal server and the response from the server are URL encoded. This method ensures that you can transmit special characters, characters not typically allowed in a URL, and characters that have reserved meanings in a URL. For example:
NAME=John Doe&COMPANY= Acme Goods & Services
is URL encoded as follows:
NAME=John+Doe&Company=Acme+Goods+%26+Services
Each application language typically has a specific built-in URL encode method. Refer to the list in Table 1-2.
Table 1-2. URL encoding methods
Application language Function Method name
ASP.NET Encode System.Web.HttpUtility.UrlEncode(buffer, Encoding.Default)
Classic ASP Encode Server.URLEncode
Java Encode java.net.URLEncoder.encode
PHP Encode urlencode()
ColdFusion Encode URLEncodedFormatstring [, charset ]
Request format
Each NVP API request is composed of required and optional parameters and their corresponding values. Parameters are not case-sensitive,