How to redirect to paypal with Soap instead of Simple Form

Question

I have my own shopping cart. When the client click on Submit Order, I Redirect the user to paypal page where the client will be able to pay the order.

Here is my form

<form name="paypalform" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="invoice" value="<? echo $idInvoice; ?>">
<input type="hidden" name="business" value="aa_aaa_biz@hotmail.com">
<input type="hidden" name="notify_url" value="http://domaine.com/catalog/IPNReceip">


 <? 
    $cpt = 1;
        foreach($ordering as $k => $v)
        {
        ?>
            <input type="hidden" name="item_number_<? echo $cpt?>" value="<? echo$v->Product->id; ?>">
            <input type="hidden" name="item_name_<? echo $cpt?>" value="<? echo$v->Product->ProductNumber; ?>">
            <input type="hidden" name="quantity_<? echo $cpt?>" value="<? echo $v->Qty; ?>">
            <input type="hidden" name="amount_<? echo $cpt?>" value="<? echo $v->Price ?>"> 
            <?
            $cpt++;
        }
    ?>


<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="tax_cart" value="<? echo $taxes;?>">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form> 

I would like to do the samething but within the code behind. Somebody have an idea. I don't want to use form anymore to redirect to paypal.

Thanks

Answer 1

Robert's answer is a great option - Express Checkout cannot be altered because its server to server and users need your API credentials - but if you want to stick with Website Payments Standard (WPS) see below:

Your concern is that your button can be tampered with. Yes this is possible if the buttons on your website are unhosted/unencrypted buttons. There are tools (like tamper data) that edit HTTP POST's before they are sent to the receiving address, or users can download the HTML form and alter it, then click the button (the referring URL would be different, but could be spoofed); unencrypted buttons are vunerable.

I would advise either using one of the options below to prevent this from occurring in the future:

1. The button manager API to create dynamic hosted buttons for payments
2. Create and use hosted buttons
3. Create and use encrypted website payment buttons

Answer 2

The first thing you'll want to decide is decide which products suits you best.
What you describe, would be easiest to accomplish with Express Checkout.

Express Checkout consists of three API calls: SetExpressCheckout, GetExpressCheckoutDetails and DoExpressCheckoutPayment.

1. SetExpressCheckout prepares the transaction and returns a token. You must take this token from the API response and append it to a url to which you'll redirect the buyer.
2. Once the buyer has agreed to the purchase on the PayPal page, he/she is redirected back to the URL you specified in the RETURNURL parameter of the SetExpressCheckout API call.
3. On this return page, you need to call GetExpressCheckoutDetails or (optionally) look at 'PayerID' in the $_GET array for the return URL.
4. Once you have the token and the PayerID; either through GetExpressCheckoutDetails or as part of the GET data, call DoExpressCheckoutPayment to finalize the payment. This can be accomplished on the same return page, or can be actioned after the buyer clicks a 'Buy now' button on your return page.

See also the general Express Checkout page on X.com, Getting Started with Express Checkout and the Express Checkout Integration Guide (PDF).

Some sample code for SetExpressCheckout, GetExpressCheckoutDetails and DoExpressCheckoutPayment is available on https://www.x.com/developers/PayPal/documentation-tools/code-sample/78 as well.

Hope this helps! Let me know if anything is unclear.