Classic ASP - Attempting to generate OAUTH

spineh
Contributor
Contributor

Hello,

 

We've got a legacy system running Classic ASP that we need to get Express payments setup using the REST API.

However whenever we attempt to post using the following:

Set objHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objHTTP.open "POST", "https://api.sandbox.paypal.com/v1/oauth2/token", false
objHTTP.setRequestHeader "Accept", "application/json"
objHTTP.setRequestHeader "Accept-Language", "en_US"
objHTTP.setRequestHeader "Authorization", "Basic " & Base64Encode("client-id:secret")
objHTTP.send
response.write(objHTTP.responsetext)

We get an error saying a client certificate is required. We've installed the provided to .pem to our server and attempted to assign it to our server using:

objHTTP.setOption(3) = "LOCAL_MACHINE\My\api-3t.sandbox.paypal.com"

 

However we now get an error saying there's no credentials in the certificate.

 

Has anyone here successfully got paypal REST API working on classic ASP?

Login to Me Too
8 REPLIES 8

angelleye
Advisor
Advisor

It looks like maybe you have your endpoints **bleep** up somewhere.  You're showing https://api.sandbox.paypal.com/v1/oauth2/token in your request sample, but then you mention the Certificate mode for authentication (which is the original/old method)...but then you're showing LOCAL_MACHINE\My\api-3t.sandbox.paypal.com.  the api-3t would be used with Signature mode as opposed to Certificate or OAUTH tokens.  So it seems you've got three separate auth methods somehow tied into this thing.  

 

I don't have an immediate answer for you, but that's where I'd start looking.  

Angell EYE - www.angelleye.com
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
Login to Me Too

MSDev
Contributor
Contributor

Spineh: Were you ever able to get the PayPal oAuth token using an XHR call with classic ASP? I know this is a late reply but I'm having the same issue.

 

Angelleye: I can get data fine from a https URL using classic ASP's MSXML2.ServerXMLHTTP.6.0 or WinHttp.WinHttpRequest.5.1 server objects, but when hitting https://api.sandbox.paypal.com/v1/oauth2/token/ I get the ASP error on the line xmlhttp.Send("grant_type=client_credentials") The error number is -2147012852 and the description "A certificate is required to complete client authentication". This is not the reply from PayPal; it doesn't get that far. Like Spineh I used Basic authentication. If I do specify a certificate like so...

xmlhttp.setOption(3) = "LOCAL_MACHINE\My\{common name}" ' For MSXML2.ServerXMLHTTP.6.0

xmlhttp.setClientCertificate("LOCAL_MACHINE\My\{common name}" ' For WinHttp.WinHttpRequest.5.1

...then I get the error number -2147012710 and the description "The client certificate credentials were not recognized."

 

Any help would be much appreciated!

Login to Me Too

spineh
Contributor
Contributor

Hi MSDev,

 

Edit: Paypal has helpfully added emojis anywhere you see the happy/sad guy it's ( : S ) (remove spaces) 

 

We did get this working eventually.

 

The code is below but needs amending for your setup:

  1. CLIENT ID:SECRET ID (This needs to be the IDs from developers.paypal.com of your REST api application. It needs to be base64 encoded first so either write a function for base64 encoding or just use an online tool)
  2. Generate payment function is a WIP, just update URL with what endpoint you need to target and include JSON in the POST.

 

 

 

function GenerateBearerToken
Set objHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objHTTP.open "POST", "https://api.sandbox.paypal.com/v1/oauth2/token", false
objHTTP.setRequestHeader "Accept", "application/json"
objHTTP.setRequestHeader "Accept-Language", "en_US"
objHTTP.setRequestHeader "Authorization", "Basic " & "CLIENT ID:SECRET ID"
objHTTP.send "grant_type=client_credentials"
GenerateBearerToken = objHTTP.responsetext
end function

function GeneratePayment
Set objHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objHTTP.open "POST", "https://api.sandbox.paypal.com/v1/payment-experience/web-profiles/", false
objHTTP.setRequestHeader "Accept", "application/json"
objHTTP.setRequestHeader "Accept-Language", "en_US"
objHTTP.setRequestHeader "Authorization", "Bearer " & GenerateBearerToken
''objHTTP.send SEND JSON HERE
GeneratePayment = objHTTP.responsetext
end function

 

Login to Me Too

spineh
Contributor
Contributor

Hi MSDev,

 

Edit: Paypal has helpfully added emojis anywhere you see the happy/sad guy it's ( : S ) (remove spaces) 

 

We did get this working eventually.

 

The code is below but needs amending for your setup:

  1. CLIENT ID:SECRET ID (This needs to be the IDs from developers.paypal.com of your REST api application. It needs to be base64 encoded first so either write a function for base64 encoding or just use an online tool)
  2. Generate payment function is a WIP, just update URL with what endpoint you need to target and include JSON in the POST.

 

 

 

function GenerateBearerToken
Set objHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objHTTP.open "POST", "https://api.sandbox.paypal.com/v1/oauth2/token", false
objHTTP.setRequestHeader "Accept", "application/json"
objHTTP.setRequestHeader "Accept-Language", "en_US"
objHTTP.setRequestHeader "Authorization", "Basic " & "CLIENT ID:SECRET ID"
objHTTP.send "grant_type=client_credentials"
GenerateBearerToken = objHTTP.responsetext
end function

function GeneratePayment
Set objHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
objHTTP.open "POST", "https://api.sandbox.paypal.com/v1/payment-experience/web-profiles/", false
objHTTP.setRequestHeader "Accept", "application/json"
objHTTP.setRequestHeader "Accept-Language", "en_US"
objHTTP.setRequestHeader "Authorization", "Bearer " & GenerateBearerToken
''objHTTP.send SEND JSON HERE
GeneratePayment = objHTTP.responsetext
end function

 

Login to Me Too

MSDev
Contributor
Contributor

Thanks for your help! That's the code I've been trying so we're on the same page. Here's what I have:

 

Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xmlhttp.Open "POST", "https://api.sandbox.paypal.com/v1/oauth2/token/", false
xmlhttp.SetRequestHeader "Accept", "application/json"
xmlhttp.SetRequestHeader "Accept-Language", "en_US"
xmlhttp.SetRequestHeader "Authorization", "Basic " & Base64Encode(CLIENT_ID & ":" & SECRET)
xmlhttp.Send("grant_type=client_credentials")
Response.write xmlhttp.ResponseText

 

But I always get the error:

msxml6.dll error '80072f0c'

A certificate is required to complete client authentication

 

I've confirmed that this is indeed my sandbox client ID and secret from Dashboard > My Apps & Credentials > App Name (type=REST) > SANDBOX API CREDENTIALS. I've also confirmed that the base64 encoding is correct. If I do use the Javascript example here then I can see that it returns the token for my client ID. If I do fetch the token through another means, I still get the same problem when making the call to https://api.sandbox.paypal.com/v1/payments/payment/

 

I can also make XHR calls to various other HTTPS URLs without issue. It's got me pretty puzzled!

Login to Me Too

spineh
Contributor
Contributor

Hi MSDev,

 

Apologies, I should of read your post first.

 

I missed out the key ingredient, you need to download and install the paypal specific API certificate.

 

Follow this guide:

https://www.paypal.com/gb/smarthelp/article/how-do-i-request-api-signature-or-certificate-credential...

 

Install the certificate then include it in your code like:

objHTTP.setOption(3) = "LOCAL_MACHINE\My\test_api1.hotmail.co.uk"

 

The client certificate is actually returned by paypal although it looks like a general MS error.

 

You still need the basic authentication stuff so my code above all still applies just add the setoption(3) to both functions

 

Kind regards

Login to Me Too

MSDev
Contributor
Contributor

Ah, ha! Thanks, spineh. I've got the sandbox certificate downloaded so now I'll try installing it, referencing it in the code (as you included), and seeing if I get success...

Login to Me Too

MSDev
Contributor
Contributor

Success! I had some snags with getting the certificate installed and accessible by ASP but I got it working like so:

  1. Download the sandbox PayPal certificate through https://www.sandbox.paypal.com > Profile > Profile and settings > My selling tools > API access > NVP/SOAP API integration (Classic).
  2. Convert it from PEM to PKCS12 format using:
    openssl pkcs12 -export -inkey PP_sandbox_cert_key.pem -in PP_sandbox_cert_key.pem -out PP_sandbox_cert_key.p12
  3. On the server, ran certlm.msc and imported the certificate PP_sandbox_cert_key.p12 unto the 'Personal' folder, which in turns makes if available to the ASP page under LOCAL_MACHINE/My/ so that I could use the line:
    xmlhttp.setOption(3) = "LOCAL_MACHINE\My\ISSUED_TO_NAME"
  4. At this point I got the following error on the line :
    msxml6.dll error '80072f9a'
    The client certificate credentials were not recognized.
    Which I fixed through certlm.msc by adding permission for the cert to the IIS application pool (thanks to this answer😞 right-click cert > All Tasks > Manage Private Keys > Add > IIS AppPool\DefaultAppPool
  5. Profit!
Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.