PayPal Community

TheOutlier · ‎May-24-2017

A test purchase goes through fine with the endpoint: https://api-3t.sandbox.paypal.com/nvp but according to the PayPal page: https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1927&viewlocale... which explains the new security standards, it says the testing endpoint should be: api-3t.paypal.com That one doesn't seem to be working for me. I don't see any error message but the page just stays and doesn't do anything. How concerned should I be? Is the endpoint api-3t.paypal.com the same as api-3t.sandbox.paypal.com/nvp (with the /nvp at the end)? Or are they completely different endpoints? I'm using PayPal Pro with OpenCart 2.3.0.2. I'm using the latest SSL certificate and have TLS 1.2 and HTTP/1.1 Like I said I'm not seeing any error message but I'm not seeing a successful purchase either. Any suggestion?

MTS_Ciaran · ‎May-29-2017

They are the same endpoint, just /nvp is specifically for NVP format API calls, whereas /2.0 is specific to SOAP API calls.

To confirm your site is ready, you can test using the sandbox as the sandbox has all the changes already made. If sandbox works for your integration, then you are good to go.

TheOutlier · ‎May-29-2017

So if a test purchase goes through fine right now with the endpoint: https://api-3t.sandbox.paypal.com/nvp then are you saying it will be fine after June 30, 2017 when PayPal implements the changes?

One other question: Is it true that after June 30, 2017 PayPal will only accept TLS1.2 and nothing else? If it's true, then would it be a good idea to configure the httpd.conf file to only accept TLS1.2? My default setting for this was: All -SSLv2 -SSLv3 but I was thinking of changing this to: -All +TLSv1.2 so that only TLS1.2 is accepted. Is this a good idea? Or was I fine to leave it at the default setting?

MTS_Ciaran · ‎May-30-2017

Correct, if it works on sandbox it will work on live 🙂

I wouldnt recommend changing that conf file to be honest, because other sites you use may not yet support TLS1.2 and you could run into issues there. But yes, following the change on live we/PayPal will only using TLS1.2 connections.

TheOutlier · ‎Jun-30-2017

When I checked the PayPal Merchant Security Roadmap page: https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1913 it says:

"UPDATE: While we are allowing for these security updates to be made after June 30, 2017, we continue to recommend that you prioritize the changes and updated protocols specified by the PCI Council so you are best positioned to protect your customers from security and fraud-related issues."

Do you know when the exact new deadline will be? I would like to be able to check my PayPal Pro to see if it works after the deadline but I'd need to know when that date is. I would prefer not to wait until a customer complains that their payment didn't go through and I would prefer not to be testing it every single day. An exact date would be very nice to know...

MTS_Ciaran · ‎Jul-03-2017

I updated the other thread for you 🙂

PayPal Community

How can I tell if my site is compliant with the new PayPal security standards?

Haven't Found your Answer?