osCommerce PayPal sandbox signature vs certificate issue

Posted on 2013-10-28
Last Modified: 2016-03-24
I am working on a website that has a store running under osCommerce 2.2 with PayPal as its payment gateway. It appears to be properly configured, but there is a hiccup when users try to apply a coupon toward their purchase. In order to help me isolate the problem, I thought I would set up a PayPal sandbox to see what it is receiving from osc.

I created the API accounts needed to set up the sandbox, and PayPal generated the usernames, passwords and signatures. I then went into the osCommerce admin to modify the payment module to run some test transactions. I could not find a place to enter the signature. I went into the database and failed to find a place for a signature there either, but the database does have a path to a certificate file.

I checked the PayPal documentation and PayPal says that transactions can be run with either a signature or certificate. Further searching failed to turn up a way to generate a certificate for my sandbox seller. I do not want to modify osCommerce to use signatures since it is working fine using certificates in live mode.

How do I complete sandbox setup?
Question by:gpinzino
  • 3
LVL 11

Accepted Solution

Andrew Angell earned 500 total points
ID: 39607214
Working with the certificates is really sort of a pain.  That's the way they first launched back in 2003 or so.  They introduced the signature method to make it easier on people.  I really would recommend you just switch to that.  You'll kill a lot of time messing with certificates on sandbox and live servers.  Signatures are quick and easy.

That said, you should be able to leave your live configuration the way it is if you want to and just the signature method in the sandbox so you don't have to mess with certificates there.  You said you don't see signature in the osCommerce PayPal settings, though..??  It's been awhile since I've looked at osCommerce, but there should be a way to choose whether you're using certificate or signature, and when you choose signature you'd see those fields.  I could be wrong, but going from memory it seems like that's the way I always used it.  

If you really want to stick with certificates in both places you can take a look at this guide:

It's a little bit out-dated (again, certificates are kinda the "old" way of authenticating) so it might not look exactly the same in your PayPal profile as the screenshots do, but the sections and the settings should still apply.  You'll just need to follow those steps inside the sandbox account.

Author Comment

ID: 39608750
Thanks, that great information. I'll respond in more detail as I work on this.

Author Comment

ID: 39614711
Well, I finally got it set up. Be warned that the documentation for getting a certificate is inaccurate on the PayPal Developer website. The support team also had inaccurate information. I had to contact them several times to get what I needed.

I also tried registering for the osCommerce forums, but gave up after three tries. The promised email with instructions to confirm my registration never arrived. No hope there.

Here is the process I finally used to get a certificate. Log in to using your “master” account credentials. Log in again in the gray Account login box, this time using the credentials for the seller account for which you need the certificate. Select Profile on the menu bar and you will see a long list of account settings. Select Request API Credentials in the Account Information section.

On the Request API credentials page, select Set up PayPal API credentials and permissions in the Option 1 box. On the API access page, select View API Certificate in the Option 2 box. On the Manage API certificate page, if you already have signature credentials, you will need to remove them, so click the Remove button. You will then be in a position where you can repeat the process to request and download the certificate.

It is not an obvious process to drop the signature credentials, but if you follow this procedure you should succeed.

Author Closing Comment

ID: 39614714
Thank you Angelleye, your perspective on the issue was most helpful.

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Often people are aiming at development of perfect Magento websites. Though, it is easier said than done. You know what’s much easier? To ruin everything. It can be done in seconds. Many of us experimented with design, tried to change some values dir…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now