Using PayPal Standard with Encrypted Buttons¶
Encrypted buttons require the M2Crypto library:
pip install M2Crypto
Encrypted buttons require certificates. Create a private key:
openssl genrsa -out paypal_private.pem 1024
Create a public key:
openssl req -new -key paypal_private.pem -x509 -days 365 -out paypal_public.pem
Upload your public key to the paypal website (sandbox or live).
cert id- you’ll need it in two steps. It’s on the screen where you uploaded your public key.
Download PayPal’s public certificate - it’s also on that screen.
settings.pyto include cert information:
PAYPAL_PRIVATE_CERT = '/path/to/paypal_private.pem' PAYPAL_PUBLIC_CERT = '/path/to/paypal_public.pem' PAYPAL_CERT = '/path/to/paypal_cert.pem' PAYPAL_CERT_ID = 'get-from-paypal-website'
Swap out your unencrypted button for a
from paypal.standard.forms import PayPalEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Create the instance. form = PayPalPaymentsForm(initial=paypal_dict) # Works just like before! form.render()
If you need to use multiple certificates, you can pass the arguments directly to the PayPalEncryptedPaymentsForm as below:
from paypal.standard.forms import PayPalEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Paypal Certificate Information paypal_private_cert = '/path/to/another/paypal_private.pem' paypal_public_cert = '/path/to/another/paypal_public.pem' paypal_cert = '/path/to/another/paypal_cert.pem' paypal_cert_id = 'another-paypal-id' # Create the instance. form = PayPalPaymentsForm(initial=paypal_dict, private_cert=paypal_private_cert, public_cert=paypal_public_cert, paypal_cert=paypal_cert, cert_id=paypal_cert_id) ...
Using PayPal Payments Standard with Encrypted Buttons and Shared Secrets¶
This method uses Shared secrets instead of IPN postback to verify that transactions are legit. PayPal recommends you should use Shared Secrets if:
- You are not using a shared website hosting service.
- You have enabled SSL on your web server.
- You are using Encrypted Website Payments.
- You use the
notify_urlvariable on each individual payment transaction.
Use postbacks for validation if:
- You rely on a shared website hosting service
- You do not have SSL enabled on your web server
Swap out your button for a
from paypal.standard.forms import PayPalSharedSecretEncryptedPaymentsForm def view_that_asks_for_money(request): ... # Create the instance. form = PayPalSharedSecretEncryptedPaymentsForm(initial=paypal_dict) # Works just like before! form.render()
Verify that your IPN endpoint is running on SSL -