[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


osCommerce PayPal sandbox signature vs certificate issue

Posted on 2013-10-28
Medium Priority
Last Modified: 2016-03-24
I am working on a website that has a store running under osCommerce 2.2 with PayPal as its payment gateway. It appears to be properly configured, but there is a hiccup when users try to apply a coupon toward their purchase. In order to help me isolate the problem, I thought I would set up a PayPal sandbox to see what it is receiving from osc.

I created the API accounts needed to set up the sandbox, and PayPal generated the usernames, passwords and signatures. I then went into the osCommerce admin to modify the payment module to run some test transactions. I could not find a place to enter the signature. I went into the database and failed to find a place for a signature there either, but the database does have a path to a certificate file.

I checked the PayPal documentation and PayPal says that transactions can be run with either a signature or certificate. Further searching failed to turn up a way to generate a certificate for my sandbox seller. I do not want to modify osCommerce to use signatures since it is working fine using certificates in live mode.

How do I complete sandbox setup?
Question by:gpinzino
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 11

Accepted Solution

Andrew Angell earned 2000 total points
ID: 39607214
Working with the certificates is really sort of a pain.  That's the way they first launched back in 2003 or so.  They introduced the signature method to make it easier on people.  I really would recommend you just switch to that.  You'll kill a lot of time messing with certificates on sandbox and live servers.  Signatures are quick and easy.

That said, you should be able to leave your live configuration the way it is if you want to and just the signature method in the sandbox so you don't have to mess with certificates there.  You said you don't see signature in the osCommerce PayPal settings, though..??  It's been awhile since I've looked at osCommerce, but there should be a way to choose whether you're using certificate or signature, and when you choose signature you'd see those fields.  I could be wrong, but going from memory it seems like that's the way I always used it.  

If you really want to stick with certificates in both places you can take a look at this guide:  https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/apicertificates

It's a little bit out-dated (again, certificates are kinda the "old" way of authenticating) so it might not look exactly the same in your PayPal profile as the screenshots do, but the sections and the settings should still apply.  You'll just need to follow those steps inside the sandbox account.

Author Comment

ID: 39608750
Thanks, that great information. I'll respond in more detail as I work on this.

Author Comment

ID: 39614711
Well, I finally got it set up. Be warned that the documentation for getting a certificate is inaccurate on the PayPal Developer website. The support team also had inaccurate information. I had to contact them several times to get what I needed.

I also tried registering for the osCommerce forums, but gave up after three tries. The promised email with instructions to confirm my registration never arrived. No hope there.

Here is the process I finally used to get a certificate. Log in to https://www.sandbox.paypal.com/ using your “master” account credentials. Log in again in the gray Account login box, this time using the credentials for the seller account for which you need the certificate. Select Profile on the menu bar and you will see a long list of account settings. Select Request API Credentials in the Account Information section.

On the Request API credentials page, select Set up PayPal API credentials and permissions in the Option 1 box. On the API access page, select View API Certificate in the Option 2 box. On the Manage API certificate page, if you already have signature credentials, you will need to remove them, so click the Remove button. You will then be in a position where you can repeat the process to request and download the certificate.

It is not an obvious process to drop the signature credentials, but if you follow this procedure you should succeed.

Author Closing Comment

ID: 39614714
Thank you Angelleye, your perspective on the issue was most helpful.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question