Payflow Gateway w/ Secure Token & Transparent Redirect - return URL issue

Question

I've built a client (in .NET, but it could be in any framework) to consume the Payflow Gateway NVP API using the Transparent Redirect and Secure Token features. I am able to receive the token, send the credit card data, and receive an Approved response from PayPal. The problem is that PayPal is not redirecting properly back to my site. I passed a RETURNURL (http://localhost:49881/transaction/details?processor=PayflowGateway) parameter when requesting the Secure Token, but instead of returning me to that URL after the transaction, it navigates my browser to the following URL:

https://pilot-payflowlink.paypal.com/http%3A%2F%2Flocalhost%3A49881%2Ftransaction%2Fdetails%3Fprocessor%3DPayflowGateway?POSTFPSMSG=No%20Rules%20Triggered&RESPMSG=Approved&ACCT=1111&COUNTRY=US&PROCCVV2=M&VISACARDLEVEL=12&CVV2MATCH=Y&CARDTYPE=0&PNREF=A70A8EB8B6A1&AVSDATA=XXN&SECURETOKEN=9eGKZsSldEU6mIdSEV5DB4wWd&PREFPSMSG=No%20Rules%20Triggered&SHIPTOCOUNTRY=US&AMT=14.75&SECURETOKENID=1850a8f2-f180-4474-aa31-35d736fd7921&TRANSTIME=2016-03-24%2007:58:48&HOSTCODE=A&COUNTRYTOSHIP=US&RESULT=0&BILLTOCOUNTRY=US&AUTHCODE=872PNI&EXPDATE=1218

I have tried removing the "?processor=PayflowGateway" to fix the multiple question mark issue in the URL, but that doesn't seem to help. I've also tried tagging the RETURNURL[xx] with xx being the length of the URL value, but that seems to be the same as not passing a RETURNURL at all as it just shows a confirmation page on paypal.com instead of redirecting back to my site.

In PayPal Manager, I set the "Show confirmation page" setting to "On my website", Return URL to blank, and Return URL Method to GET. Are there any other settings or API request changes I need to make to get this to return properly to my test site?

Answer 1

This problem is caused because you're URL-Encoding the RETURNURL parameter passed when requesting the secure token from payflowpro gateway.

See the Do Not URL Encode Name-Value Parameter Data section on the Integration Guide.

Also, here you can get some C# code working you can use.

And some guidelines about PayPal HTTP here.

Do not use System.Net.Http.HttpClient nor System.Net.WebClient to make the HTTP POST to request the secure token. Instead use the low level System.Net.WebRequest to be able to write the POST data unencoded.

For example:

private string RequestSecureToken(double amount)
{
    var secureTokenId = Guid.NewGuid().ToString();
    var requestId = Guid.NewGuid().ToString();
    var pairs = new Dictionary<string, string>()
    {
        {"PARTNER", "PayPal"},
        {"VENDOR", "VENDOR NAME"},
        {"USER", "USER NAME"},
        {"PWD", "PASSWORD"},
        {"TRXTYPE", "S"},
        {"AMT", amount.ToString()},
        {"CREATESECURETOKEN", "Y"},
        {"SECURETOKENID", secureTokenId},
        {"SILENTTRAN", "TRUE"},
        {"RETURNURL", "http://mycompany.com/success"},
        {"ERRORURL", "http://mycompany.com/error"}
    };
    string postData = string.Join("&", pairs.Select(p => string.Format("{0}[{2}]={1}", p.Key, p.Value, p.Value.Length)));
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://pilot-payflowpro.paypal.com");
    request.Method = "POST";
    request.ContentType = "text/namevalue";
    request.Headers.Add("X-VPS-CLIENT-TIMEOUT", "45");
    request.Headers.Add("X-VPS-REQUEST-ID", requestId);
    request.ContentLength = postData.Length;
    using (var writer = new StreamWriter(request.GetRequestStream()))
    {
        writer.Write(postData);
    }
    //Get the response
    var response = request.GetResponse();
    using (var reader = new StreamReader(response.GetResponseStream()))
    {
        return reader.ReadToEnd();
    }
}