Cannot create ENCRYPTED CART UPLOAD button but unsecured works

KarelCemus
Contributor
Contributor

Hi,

 

I need to dynamically generate buttons to upload the whole cart at once and then proceed to the payment. For that purpose, there is a CART button with upload=1.

 

When I do this in HTML without any security, it works as expected.

 

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> 
    <input type="hidden" name="cmd" value="_cart">
    <input type="hidden" name="upload" value="1">
    <input type="hidden" name="business" value="my-business-account">
    <input type="hidden" name="item_name_1" value="Item name 1">
    <input type="hidden" name="amount_1" value="1.00">
    <input type="hidden" name="item_name_2" value="Item name 2">
    <input type="hidden" name="amount_2" value="2.00">
    <input type="submit" value="PayPal">
</form>

However, when I try to create exactly the same button but encrypted through NVP Button Manager API, it fails.

 

curl https://api-3t.sandbox.paypal.com/nvp \
  --data-urlencode USER=<user> \
  --data-urlencode PWD=<pass> \
  --data-urlencode SIGNATURE=<signature> \
  --data-urlencode METHOD=BMCreateButton \
  --data-urlencode VERSION=204.0 \
  --data-urlencode BUTTONCODE=ENCRYPTED \
  --data-urlencode BUTTONTYPE=CART \
  --data-urlencode L_BUTTONVAR0=business=<account> \
  --data-urlencode L_BUTTONVAR1=upload=1 \
  --data-urlencode L_BUTTONVAR2=item_name_1=ABC \
  --data-urlencode L_BUTTONVAR3=amount_1=1 \
  --data-urlencode L_BUTTONVAR4=item_name_2=DEF \
  --data-urlencode L_BUTTONVAR5=amount_2=1 

Invocation of this command returns this error in both the sandbox and the production environments.

 

TIMESTAMP=2017-07-20T20:18:06Z
CORRELATIONID=a1ccba5db437c
ACK=Failure
VERSION=204.0
BUILD=33063964
L_ERRORCODE0=11929
L_SHORTMESSAGE0=Invalid Data
L_LONGMESSAGE0=A cart button must have an item name and amount specified.
L_SEVERITYCODE0=Error

Do you have any clue what could be wrong and why unencrypted version works and encrypted does not? Thanks in advance

Login to Me Too
1 ACCEPTED SOLUTION

Accepted Solutions
Solved

MTS_MichaelL
PayPal Employee
PayPal Employee

Hi KarelCemus,

 

It's not only with ENCRYPTED. If you try CLEARTEXT, the same error is thrown.

 

Upload cart is a slightly different kind of button, that was never intended to be pre-built, and that's why this functionality doesn't exist in BMCreateButton. If you compare the Button Manager in the account and the API functionality - they have the same capabilities and, in both cases, the upload cart isn't there.

 

Looking at the documentation, you will also notice the BUTTONTYPE=CART refers to Add to cart.

 

It makes perfect sense to try to secure the upload cart code, but the best way will always be post-transaction consistency verification (with IPN).

View solution in original post

Login to Me Too
3 REPLIES 3
Solved

MTS_MichaelL
PayPal Employee
PayPal Employee

Hi KarelCemus,

 

It's not only with ENCRYPTED. If you try CLEARTEXT, the same error is thrown.

 

Upload cart is a slightly different kind of button, that was never intended to be pre-built, and that's why this functionality doesn't exist in BMCreateButton. If you compare the Button Manager in the account and the API functionality - they have the same capabilities and, in both cases, the upload cart isn't there.

 

Looking at the documentation, you will also notice the BUTTONTYPE=CART refers to Add to cart.

 

It makes perfect sense to try to secure the upload cart code, but the best way will always be post-transaction consistency verification (with IPN).

Login to Me Too

KarelCemus
Contributor
Contributor

Thank you @MTS_MichaelL for the explanation, though I am sorry to hear that. I noticed the hints you mention but it might be helpful to explicitly highlight in the documentation that this kind of functionality is not supported. I found several questions throughout the forums trying to achieve exactly the same thing as I do because the documentation is a bit confusing about this.

 

Thanks!

 

Login to Me Too

MTS_MichaelL
PayPal Employee
PayPal Employee
Couldn't agree more. I've filed a request with the team responsible for the Documentation to clarify this.
Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.