Use this page to view and modify your configuration data.
PayPal recommends that for your first pass that you perform minimum configuration using a Test environment. You can re-open this page and make improvements to the forms as often as you like - be sure to save your configuration changes each time that you make modifications. Once the pages meet your requirements, you can move your account to Live status. Any configuration that you perform on Payflow in Test status carries over directly to your live account settings.
For more information on Test and Live status, refer to Specify Test or Live Transaction.
Only administrators can modify this information. If you do not have administrator privileges, you can only view this information here.
Quotation marks (") and the ampersand (&) characters are not allowed in most configurable fields. You can use these characters only in the Receipt Text, Email Text, Merchant Display Name, and Receipt Footer fields. The ampersand (&) character can be used in URLs, for example, the Return URL, Silent POST URL, and Forced Silent Post URL.
To access the Configuration page, navigate to Service Settings -> Payflow -> Configuration. You can configure the following on this page:
The Form Configuration section enables you to specify the URL to which customers return, required and optional fields that should appear on the Payflow forms, and how data is handled upon completion of a transaction.
It contains the following configurable fields:
Specify what should happen when the customer clicks Continue on the Receipt page. This action applies to successful transactions only.
Specify one of the following values:
Link. Returns the customer to the website that you specify in the Return URL field (typically your merchant website). Link is the default setting and is strongly recommended for merchants new to HTML. This setting returns the customer to the specified site. No additional transaction data is POSTed if this option is specified.
Post. Returns the customer and transaction data to the website that you specify in the Return URL field. This option is typically used by experienced HTML/CGI developers to store information that was collected on the PayPal-hosted Order forms.
Enter the URL of the website to which customers should be sent upon clicking the Continue button on the Receipt page. The URL is typically your merchant site. If you do not specify a URL, then the Continue button does not appear on the Receipt page.
The Return URL Method determines whether only the customer, or the customer and their data are returned to this URL.
Select the check box and enter the URL to which transaction data will be posted in the background (invisible to the customer) after transaction processing.
This option is typically used by experienced HTML/CGI developers to store information that was collected on the PayPal-hosted order processing forms.
Using the Silent Post URL ensures that the transaction data is passed back to your website when a transaction is completed. This occurs even if a customer closes his browser before returning to your site or if the PayPal-hosted Receipt page is disabled.
Even if you use this feature to monitor actual sales, you should always verify the data in the Order report.
This option is used in conjunction with Silent POST — it causes Payflow to verify that the Silent Post data was received by your website.
If your server does not acknowledge receipt of the Silent POST, Payflow voids the transaction. Even if you use this feature to monitor actual sales, you should always verify the data in the lreport.
If you select this option, specify in the Failed Silent Post Return URL field where customers should go if their transactions are voided by the Force Silent Post Confirmation feature.
Force Silent POST is implemented by checking for a "200 Response" message from your website acknowledging receipt of data. If the "200 Response" message is not received, Payflow voids the customer transaction (even if the transaction was approved by the processor) and displays an error to the customer.
Specify whether to conduct simulated or real transactions.
TEST. Transactions are handled through the test system to enable you to verify and fine-tune system operation. No money changes hands. PayPal strongly urges that you operate in Test mode and verify the operation of your account before you go live.
LIVE. Real financial transactions are performed through the PayPal transaction servers. This option appears only if you have activated your account.
For more information, refer to Specify Test or Live Transaction.
The fields listed in this section represent information that you collect from the customer. A check mark specifies that the field is required — the customer will not be allowed to continue with the transaction until the field is filled in.
If you specify that a field is required, then you must do either of the following:
Pass in the data (from your Web page) to populate the field.
Specify that the field is editable in the next section.
A check mark in this section means that the customer can edit the contents of the field on the PayPal-hosted order processing forms.
De-select the fields that the customer should not be allowed to modify.
The fields listed in this section represent information that you collect from the customer. A check mark specifies that the field is required — the customer will not be allowed to continue with the transaction until the field is filled in.
If you specify that a field is required, then you must do either of the following:
Pass in the data (from your Web page) to populate the field.
Specify that the field is editable in the next section.
A check mark in this section means that the customer can edit the contents of the field on the PayPal-hosted order processing forms.
De-select the fields that the customer should not be allowed to modify.
The General Display Options section enables you to configure the appearance of the order processing forms. You can display your organization's name and logo and specify the colors to be used on the forms.
PayPal strongly recommends that you add your logo to the pages and customize the color scheme to match your Web store pages. These actions help to support the customer's sense of security when using the Payflow forms. For initial testing, or to implement the simplest possible solution, you can safely skip this step - no special graphics or colors will appear on the order forms, and default settings will be used.
Enter your name text (up to 63 characters) to display in the following locations:
Browser title area for all forms
At the top of all order forms (unless you specify a logo)
On email receipts
If you enter a merchant display name and upload a logo, only the logo image appears.
You can configure the look and feel of your Web site by selecting the color, uploading a logo, changing the background and specifying the alignment. Click the corresponding radio button to configure the following:
Configure Page Color. Set custom colors for any of three elements on your transaction page: the header, the sidebar, and the body. To do so, click Configure Page Color.
Change Logo. Upload a logo, or delete an existing logo. To do so, click Change Logo.
Change Background. Upload a background image, or delete an existing background image. To do so, click Change Background.
Specify whether the forms should be aligned with the left margin or should be centered in the Web page by clicking on the appropriate radio button.
For initial testing, or to implement the simplest possible solution, you can safely skip this step — no graphics or colors will appear on the order forms, and default settings will be used.
This section is available to users only if you have signed up for PayPal Express Checkout.
The Express Checkout Configuration section enables you to select your shipping address and configure your express checkout display.
When selecting a shipping address for your website, you can either use the address you specified on the PayPal Express Checkout page, or the address specified on the Order page.
You can also configure your express checkout display. To do so, click on Express Checkout Pages.
The Receipt Display Options section enables you to customize the Receipts
page that customers see after a transaction has been successfully processed.
Enter the text as it show appear on the Receipt page. To cause a new line
of text, enter the characters </br>
at the end of the previous line.
For initial testing, or to implement the simplest possible solution, you can safely skip this step - no custom text will appear on the Receipts page.
Specify up to 510 characters of text to be displayed at the top of the Receipt page.
Specify up to 510 characters of text to be displayed at the bottom of the Receipt page.
Specify up to 32 characters for the Receipt Button — the button that returns your customer to your website. (You specified the website in the Form Configuration section.)
You have the option to send the customer email receipts for each successful transaction. You specify the sender's address and text that appears in the message. You also have the option to send the messages to yourself.
Specify Yes to automatically send a confirmation email message to the customer, confirming each successful transaction.
Specify No to not send a confirmation email.
Unlike the Merchant email message, the Customer email message contains the following detailed order information:
Receipt Header Text
Merchant Display Name
Invoice Number
Billing Information
Shipping Information
Order Description
Tax Amount
Total Amount
Payment Type
Receipt Footer Text
Transaction Time
Transaction ID
Enter the email address from which email to customers should appear to come (typically the email address of a person or staff that can provide support).
PayPal generates this email on behalf of the merchant. However, this email does not appear in the merchant's Sent Items folder, nor is the actual email message accessible to the merchant.
Enter the email address to which successful transaction confirmation emails should be sent. Leave this field blank if no confirmation should be sent.
Unlike the Customer email message, the Merchant email message does not contain detailed order information. The following information appears in the Merchant email message:
Merchant Display Name
Amount of Transaction
Invoice
Description
Date of Transaction
AuthCode
Transaction ID
Customer's Name
If desired, enter a second email address to which successful transaction confirmation emails should be sent. Leave this field blank if no confirmation should be sent.
Unlike the Customer email message, the Merchant email message does not contain detailed order information. The following information appears in the Merchant email message:
Merchant Display Name
Amount of Transaction
Invoice
Description
You have the option of sending order confirmation email messages to the customer, to you, or to both.
Enter the text (up to 510 characters) to display at the top of the confirmation email
You have the option of sending order confirmation email messages to the customer, to you, or to both.
Enter the text (up to 510 characters) to display at the bottom of the confirmation email.
Payflow enables you to configure the AVS, Card Security Code, and Accepted URL security features.
If you have purchased Fraud Protection Services, then you will not see the AVS and Card Security Code options.
It is your responsibility to protect your passwords and other confidential data and to implement security safeguards on your website and in your organization, or to ensure that your hosting company or internal Web operations team is implementing them on your behalf.
The Address Verification Service (AVS) verifies the cardholder’s billing address to combat fraud in card-not-present transactions (for example, mail order, telephone order, Internet). For more information, refer to Using Address Verification Service (AVS).
To specify the level of AVS checking, select one of the following values in the AVS field:
No. Accept the transaction regardless of the AVS response. This is the default setting.
Full. Accept the transaction only if a value of YY is returned (Y for street number and Y for zip code). If the bank does not return YY, then PayPal voids the transaction and the customer is declined.
Medium. Accept the transaction only if at least one Y is returned. If the bank does not return YY, YX, or XY, then PayPal voids the transaction and the customer is declined.
Light. Accepted the transaction for all return values except NN. If the bank does not return NN, then the transaction is approved.
The table below summarizes AVS levels:
|
AVS Setting |
Allowed Responses |
|
Full |
(Y, Y) |
|
Medium |
(Y,Y), (Y,X), (X,Y) |
|
Light |
(Y,Y), (Y,N), (Y,X), (N,Y), (X,Y), (N,X), (X,N) |
If you are using AVS checking and the Silent Post feature, then you can identify which transactions have been voided by looking for the following values:
RESPMSG = AVSDECLINED and Result = 0
Be sure to look at the response message for your transaction. Even if your result code is 0, your response message might say that the transaction has failed.
The Card Security Code is a 3- or 4-digit number printed on either the front or the back of a credit card (typically in the signature field). The number appears only on the card itself (not on receipts or statements) so it can provide some indication that the physical card is in the possession of the buyer. For more information, refer to Card Security Code.
If the buyer submits the Card Security Code on the Order form, the cardholder's bank returns a Yes/No response on whether the value matches the number on file at the bank. Payflow accepts or rejects orders based on this information.
The bank returns one of the following values:
Y. The submitted value matches the data on file.
N. The submitted value does not match the data on file.
X. The cardholder's bank does not support this service.
Specify one of the following settings in the Card Security Code field:
No. Approve the transaction regardless of the response. This is the default responses.
Full. Accept the transaction only if Y is returned. If N or X is returned, then void the transaction and send a declined message to the customer.
Light. Accept the transaction only if Y or X is returned. If N is returned, then void the transaction and send a declined message to the customer.
If you are using Card Security Code checking and the Silent Post feature, then you can identify which transactions have been voided by looking for the following values:
RESPMSG=CSCDECLINED and Result = 0
Be sure to look at the response message for your transaction. Even if your result code is 0, your response message might say that the transaction has failed.
The Accepted URL security feature stops fraudsters from changing the monetary value of amounts being passed to or from Payflow.
When a customer places an order, Payflow compares the originating website against the domain names that you specify in the Accepted URL fields (typically, your Web store). If the website from which the transaction originates is not one of the specified domains, then the order is rejected.
Be sure to enter a valid Domain Name (IP Address will not work) prefixed with http:// (for example, http://www.acme.com). This feature does not support https:.
You can specify a domain name such as http://www.acme.com to enable Payflow to accept orders from the same domain name with a path reference, for example http://www.acme.com/path.html. However, if you specify a path like http://www.acme.com/path.html, then Payflow will decline orders from http://www.acme.com.
Click Save Changes to implement the changes you made.
If you leave the page without clicking Save Changes, then your changes are lost.