Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


osCommerce PayPal sandbox signature vs certificate issue

Posted on 2013-10-28
Medium Priority
Last Modified: 2016-03-24
I am working on a website that has a store running under osCommerce 2.2 with PayPal as its payment gateway. It appears to be properly configured, but there is a hiccup when users try to apply a coupon toward their purchase. In order to help me isolate the problem, I thought I would set up a PayPal sandbox to see what it is receiving from osc.

I created the API accounts needed to set up the sandbox, and PayPal generated the usernames, passwords and signatures. I then went into the osCommerce admin to modify the payment module to run some test transactions. I could not find a place to enter the signature. I went into the database and failed to find a place for a signature there either, but the database does have a path to a certificate file.

I checked the PayPal documentation and PayPal says that transactions can be run with either a signature or certificate. Further searching failed to turn up a way to generate a certificate for my sandbox seller. I do not want to modify osCommerce to use signatures since it is working fine using certificates in live mode.

How do I complete sandbox setup?
Question by:gpinzino
  • 3
LVL 11

Accepted Solution

Andrew Angell earned 2000 total points
ID: 39607214
Working with the certificates is really sort of a pain.  That's the way they first launched back in 2003 or so.  They introduced the signature method to make it easier on people.  I really would recommend you just switch to that.  You'll kill a lot of time messing with certificates on sandbox and live servers.  Signatures are quick and easy.

That said, you should be able to leave your live configuration the way it is if you want to and just the signature method in the sandbox so you don't have to mess with certificates there.  You said you don't see signature in the osCommerce PayPal settings, though..??  It's been awhile since I've looked at osCommerce, but there should be a way to choose whether you're using certificate or signature, and when you choose signature you'd see those fields.  I could be wrong, but going from memory it seems like that's the way I always used it.  

If you really want to stick with certificates in both places you can take a look at this guide:  https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/apicertificates

It's a little bit out-dated (again, certificates are kinda the "old" way of authenticating) so it might not look exactly the same in your PayPal profile as the screenshots do, but the sections and the settings should still apply.  You'll just need to follow those steps inside the sandbox account.

Author Comment

ID: 39608750
Thanks, that great information. I'll respond in more detail as I work on this.

Author Comment

ID: 39614711
Well, I finally got it set up. Be warned that the documentation for getting a certificate is inaccurate on the PayPal Developer website. The support team also had inaccurate information. I had to contact them several times to get what I needed.

I also tried registering for the osCommerce forums, but gave up after three tries. The promised email with instructions to confirm my registration never arrived. No hope there.

Here is the process I finally used to get a certificate. Log in to https://www.sandbox.paypal.com/ using your “master” account credentials. Log in again in the gray Account login box, this time using the credentials for the seller account for which you need the certificate. Select Profile on the menu bar and you will see a long list of account settings. Select Request API Credentials in the Account Information section.

On the Request API credentials page, select Set up PayPal API credentials and permissions in the Option 1 box. On the API access page, select View API Certificate in the Option 2 box. On the Manage API certificate page, if you already have signature credentials, you will need to remove them, so click the Remove button. You will then be in a position where you can repeat the process to request and download the certificate.

It is not an obvious process to drop the signature credentials, but if you follow this procedure you should succeed.

Author Closing Comment

ID: 39614714
Thank you Angelleye, your perspective on the issue was most helpful.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question