Using PayPal Standard with Encrypted Buttons ============================================ Use this method to encrypt your button so values in the form can't be tampered with. Thanks to `Jon Atkinson `_ for the `tutorial `_. 1. Encrypted buttons require the `M2Crypto` library:: pip install M2Crypto 2. Encrypted buttons require certificates. Create a private key:: openssl genrsa -out paypal_private.pem 1024 3. Create a public key:: openssl req -new -key paypal_private.pem -x509 -days 365 -out paypal_public.pem 4. Upload your public key to the paypal website (sandbox or live). https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-website-cert https://www.sandbox.paypal.com/us/cgi-bin/webscr?cmd=_profile-website-cert 5. Copy your ``cert id`` - you'll need it in two steps. It's on the screen where you uploaded your public key. 6. Download PayPal's public certificate - it's also on that screen. 7. Edit your ``settings.py`` to include cert information: .. code-block:: python PAYPAL_PRIVATE_CERT = '/path/to/paypal_private.pem' PAYPAL_PUBLIC_CERT = '/path/to/paypal_public.pem' PAYPAL_CERT = '/path/to/paypal_cert.pem' PAYPAL_CERT_ID = 'get-from-paypal-website' 8. Swap out your unencrypted button for a ``PayPalEncryptedPaymentsForm``: In views.py: .. code-block:: python from paypal.standard.forms import PayPalEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Create the instance. form = PayPalEncryptedPaymentsForm(initial=paypal_dict) # Works just like before! form.render() 9. If you need to use multiple certificates, you can pass the arguments directly to the PayPalEncryptedPaymentsForm as below: In views.py: .. code-block:: python from paypal.standard.forms import PayPalEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Paypal Certificate Information paypal_private_cert = '/path/to/another/paypal_private.pem' paypal_public_cert = '/path/to/another/paypal_public.pem' paypal_cert = '/path/to/another/paypal_cert.pem' paypal_cert_id = 'another-paypal-id' # Create the instance. form = PayPalEncryptedPaymentsForm(initial=paypal_dict, private_cert=paypal_private_cert, public_cert=paypal_public_cert, paypal_cert=paypal_cert, cert_id=paypal_cert_id) ... Using PayPal Payments Standard with Encrypted Buttons and Shared Secrets ------------------------------------------------------------------------ This method uses Shared secrets instead of IPN postback to verify that transactions are legit. PayPal recommends you should use Shared Secrets if: * You are not using a shared website hosting service. * You have enabled SSL on your web server. * You are using Encrypted Website Payments. * You use the ``notify_url`` variable on each individual payment transaction. Use postbacks for validation if: * You rely on a shared website hosting service * You do not have SSL enabled on your web server 1. Swap out your button for a ``PayPalSharedSecretEncryptedPaymentsForm``: In views.py: .. code-block:: python from paypal.standard.forms import PayPalSharedSecretEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Create the instance. form = PayPalSharedSecretEncryptedPaymentsForm(initial=paypal_dict) # Works just like before! form.render() 2. Verify that your IPN endpoint is running on SSL - ``request.is_secure()`` should return ``True``!