Pay with PayPal

Prerequisites

As a prerequisite, you should understand:

Prerequisites for PayPal Payment

In order to use PayPal payments it is needed that our application can:

  • Create transactions and manage the payment process

  • Receive information about the progress or problems

Thus you must set up your PayPal account this way:

  1. Create App credentials for our software on the PayPal developer website at https://developer.paypal.com/.

  2. Restrict the access of the App credentials (details below).

  3. Set up webhook notifications for the App (details below).

  4. Register the App credentials in our secuOffice under "Payment" » "Settings" » "PayPal".

Needed permissions for the App credentials:

  • "Accept payments"

If you use subscriptions grant furthermore:

  • "Billing agreements" (inside "Accept payments" » "Advanced options")

Webhook URLs:

  • for PayPal Live system: https://connect.secucard.com/pay-pal/push

  • for PayPal Sandbox: https://core-testing.secupay-ag.de/app.core.connector/pay-pal/push

Needed webhook events:

  • "Payment Capture Completed"

  • "Payment Capture Refunded"

  • "Payment Capture Reversed"

If you use subscriptions additionally these events:

  • "Billing Subscription Cancelled"

  • "Billing Subscription Expired"

  • "Billing Subscription Re-Activated"

  • "Billing Subscription Suspended"

  • "Payment Sale Completed"

  • "Payment Sale Refunded"

  • "Payment Sale Reversed"

Please ask our help desk to guide you through this process if this is not intuitive for you.

Step 1: Create a Smart Transaction

The API endpoint to create a Smart Transaction is POST https://connect.secucard.com/api/v2/Smart/Transactions.

Request
POST /api/v2/Smart/Transactions HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
 
{
"is_demo": true,
"intent": "sale",
"contract": {
"id": "GCR_CNEUVF64H5S8R58R7PB4Q6CNJESBPJ"
},
"customer": {
"id": "PCU_38RG7MHRE2NJTPFMXRYQP3NKW6GVAZ"
},
"merchantRef": "K/01234",
  "transactionRef": "B/001234567",
   "basket": {
"products": [
{
"id": 1,
"articleNumber": 30037,
"ean": "4999012345678",
"desc": "Höhenverstellbarer Schreibtisch",
"quantity": 1,
"priceOne": 49800,
"tax": 19
},
{
"id": 2,
"item_type": "coupon",
"desc": "Coupon 20 €",
"quantity": 1,
"priceOne": 2000,
"tax": 19
},
{
"id": 3,
"item_type": "shipping",
"desc": "Versand Spedition",
"quantity": 1,
"priceOne": 3500,
"tax": 19
}
]
},
"basket_info": {
"sum": 51300,
"currency": "EUR"
},
  "payment_context": {
"auto_capture": false
}
}

This creates a Smart Transaction to pay a hotel reservation. The customer is preset with the previously created object, and the amount is €119.70.

Monetary amounts are expressed in the smallest currency unit (e. g. Euro Cent).

If everything is fine, the API responds with 200 OK:

Response
HTTP/1.1 200 OK
Content-Type: application/json
 
{
"object": "smart.transactions",
"id": "STX_33PXAW2YN2NJTPM5KPGMK7QF5PBVA2",
"merchant": {
"object": "general.merchants",
"id": "MRC_AZS7P6FTNTC6NK0QWFDBREW94ZY2O7",
"companyname": "Smart Checkout Testmerchant 8"
},
"provider_contract": {
"object": "general.contracts",
"id": "GCR_QP49BFHYYKVAQBFWGE5VBBUUJEQ2P8"
},
"contract": {
"object": "general.contracts",
"id": "GCR_CNEUVF64H5S8R58R7PB4Q6CNJESBPJ"
},
"customer": {
"object": "payment.customers",
"id": "PCU_38RG7MHRE2NJTPFMXRYQP3NKW6GVAZ",
"contact": {
"forename": "Max",
"surname": "Mustermann",
"name": "Max Mustermann",
"salutation": "Mr.",
"address": {
"street": "Max-Muster-Str.",
"street_number": "25a",
"additional_address_data": "Whg. 202",
"postal_code": "09555",
"city": "Musterstadt",
"country": "DE"
},
"email": "mmustermann@example.net",
"mobile": "+491775555555",
"phone": "+495555555555"
}
},
"transactions": [],
"created": "2020-03-27T10:55:23+01:00",
"status": "created",
"merchantRef": "K/01234",
  "transactionRef": "B/001234567",
  "intent": "sale",
"basket": {
"products": [
{
"id": 1,
"articleNumber": 30037,
"ean": "4999012345678",
"desc": "Höhenverstellbarer Schreibtisch",
"quantity": 1,
"priceOne": 49800,
"tax": 19
},
{
"id": 2,
"item_type": "coupon",
"desc": "Coupon 20 €",
"quantity": 1,
"priceOne": 2000,
"tax": 19
},
{
"id": 3,
"item_type": "shipping",
"desc": "Versand Spedition",
"quantity": 1,
"priceOne": 3500,
"tax": 19
}
]
},
"basket_info": {
"sum": 51300,
"currency": "EUR"
},
  "is_demo": true,
// ...
"payment_context": {
"auto_capture": false,
"payment_methods": null,
"merchant_initiated": false,
"accrual": false,
"creditcard_schemes": [
"mastercard",
"visa",
"american express"
]
},
// ...
}

As you see, the system behind the secuconnect API added many things. Most interesting for is the ID of the Smart Transaction, here STX_33PXAW2YN2NJTPM5KPGMK7QF5PBVA2. You need it for the subsequent API calls.

Step 2: Authorise the Payment


Do not test PayPal payments with non-demo transactions on our test servers. This will result in live transactions on PayPal side. Make sure you always use demo transactions to test PayPal, as these will go to the PayPal sandbox.

First we need to authorise the PayPal payment. The procedure is much like credit card payment. We start with an API call to the endpoint for PayPal authorisation:

Request
POST /api/v2/Smart/Transactions/STX_xxx/prepare/paypal HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
{
"callback_urls": {
"success_url": "https://shop.example.com/auth-success",
"failure_url": "https://shop.example.com/auth-failure"
}
}

This are the parameters:

Parameter

Explanation

success_url

Your URL to direct the customer to after successful authorization or conclusion.

failure_url

Your URL to direct the customer when the authorization failed, or he canceled the process.

If everything is fine, the API responds with 200 OK and the object representation. The status is still created (or processing) and there is an iframe_url:

Response
HTTP/1.1 200 OK
Content-Type: application/json
...
{
"object": "smart.transactions",
"id": "STX_HNYFD9RMK2NTEAG6HA4NUFR2Y0FVA2",
// ...
"transactions": [
{
"object": "payment.transactions",
"id": "PCI_DGV8C350XMXP2PDBHQS63W5000W9NN"
}
],
// ...
"updated": "2020-11-13T10:39:13+01:00",
"status": "created",
// ...
"payment_method": "paypal",
"trans_id": "40000537",
"iframe_url": "https://www.sandbox.paypal.com/checkoutnow?token=7T650704F18422052",
// ...
}

Now you need to direct the user to the iframe_url. This takes him to the PayPal page. After finishing the process there, he is directed back either to you success_url or to the failure failure_url.

Despite its name, you should not open the iframe_url within an Iframe ( <iframe> ):

  • 3-D Secure checks can leave the Iframe and switch to full-screen. In this case, the success (success_url) or failure URL (failure_url) of the shop is not opened inside the Iframe, but in the uppermost browser window (DOM window.top).

  • Some popular browsers have very strict same-origin restrictions for third party content, so that Cookie technology will not work inside Iframes. Most external authorisation flows cannot be completed.

In case you would also like to offer Sofort, please note that such payments are not allowed in Iframes at all.

When the user arrives at the success URL, the Smart Transaction is updated too. It has status approved now, and can be captured now. If auto_capture was enabled for this Smart Transaction, the status would be ok, received or collection. The payment ist alreay captured, and you can save the next API call.

When the user arrives at the failure URL, the Smart Transaction has status failed, and you must repeat the payment process.

Step 3: Capture the Payment

The way to capture an authorised payment is the same for all payment methods. If you have already studied this for invoice or direct debit payment, you will not find any new details.

In order to start the authorized Smart Transaction, you only need to call POST Smart/Transactions/STX_xxx/start.

Request
POST /api/v2/Smart/Transactions/STX_33PXAW2YN2NJTPM5KPGMK7QF5PBVA2/start HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Accept: application/json

If everything is fine, the API responds with 200 OK:

Response
HTTP/1.1 200 OK
Content-Type: application/json
...
{
"object": "smart.transactions",
"id": "STX_33PXAW2YN2NJTPM5KPGMK7QF5PBVA2",
// ...
"transactions": [
{
"object": "payment.transactions",
"id": "PCI_FDBREW9ZS7P6FTN4ZY2ATC6NK0QWO7"
}
],
"created": "2020-03-27T10:55:23+01:00",
"updated": "2020-03-27T10:56:41+01:00",
"status": "ok",
// ...
}

Status ok, received or collection means you can deliver. Status pending means you have to wait for one of these statusses. Status failed means the payment failed, and you must repeat the payment process.

Note: You also need to mark the actual delivery. This is needed to determine the due date of the payment.