How does PayPal work with Sage Pay?

Using PayPal with the Sage Pay hosted payment page (Form and Server)

The PayPal payment option will be available for your customer to select on the payment screen alongside the other card types activated on your Sage Pay account.
A breakdown of the transaction process using Sage Pay with PayPal Express Checkout is shown below:

Please click here for more detailed information about PayPal Express Checkout.

Using PayPal with your own hosted payment page (Direct & Server with iFrame)

To support PayPal Express Checkout in Direct involves a little more integration work at your site, but nothing more complex than is currently required for 3D-Authetication.

There is an initial server-to-server POST with Sage Pay, then a redirection to the PayPal logon URL. After that, there is a call back to your servers from Sage Pay, and an additional server-to-server POST to confirm the transaction and complete the process.

The steps are detailed below and summarised at the end in the diagram:

Step 1:

The customer shops at your site and fills up a shopping basket with items.

Step 2:

At the point the customer wishes to check-out, BEFORE they enter any address or customer details, your site can optionally allow the customer to select to pay either with PayPal, or another payment process. This is the “Express Checkout” option and should be presented using the orange logo:

 (To download the PayPal images to use on your own site visit: https://www.paypal.com/express-checkout-buttons)

This is optional because you may wish to use PayPal as a different “card type” rather than an alternative payment method, (for example, if you wish to collect customer details on your own pages first).

If the customer selects this Express Checkout option, the process jumps ahead to step 6.

Step 3:

Since the customer has not selected Express Checkout (or has not had the option to do so), your site presents the normal customer detail entry screens, requesting name, e-mail address, and billing address in the following format:

- Name (compulsory - 32 chars max)
- Street (compulsory - 100 chars max)
- Street2 (optional - 100 chars max)
- City (compulsory - 40 chars max)
- Zip (compulsory - 20 chars max)
- Country (compulsory – 2 digit ISO 3166-1 code)
- State (compulsory for US Addresses only)
- Phone (optional – 20 characters)

This structure is required to allow PayPal to validate the addresses against those held in their database.

Step 4:

Once the customer has entered their details, they select their card type, as in a normal Direct payment, with the addition of the PayPal Logo.

(or “PayPal” as a drop down item in a card-type list)

This is called “Mark” integration (as opposed to “Express Checkout” integration above). From a Sage Pay perspective, the process is almost identical.

Step 5:

If the customer selects a method other than PayPal, then the normal Direct process with 3D-authentication continues from this point onwards, as detailed in the Direct payment process from page 7, i.e. the customer enters the card number, expiry date, cv2 etc. and the full server-to-server POST is sent.

If the customer has selected PayPal, either Mark or Express Checkout, the new process begins at this step.

Step 6:

The Direct registration message (see Appendix A1) is sent with the cardtype field set to PAYPAL (no other card details should be sent). Mark implementations will also require the full billingnnnnn AND deliverynnnn sections to be completed as detailed above, but Express Checkouts will leave this empty. This POST also includes a PayPalCallbackURL field which points to a script on your site to handle the completion process (explained in step 14).

Step 7:

The information is POSTed to the Direct Transaction Registration URL and the post is validated as normal. If all fields are validated and the information is correct, the Sage Pay servers construct a message to send to the PayPal servers; for “Express Checkouts”, as you have not collected customer details on your own pages first, a message is sent to ensure the customer enters their address once they reach the PayPal screens. “Mark” checkouts will already have the address information provided, and therefore the customer will not have the option to select an alternative address once on the PayPal screens.

Step 8:

The PayPal servers respond to Sage Pay with a unique token. The transaction is updated in the Sage Pay Database to record this token against the transaction, before returning the Direct response to your servers (Appendix A6).

Step 9:

Your site redirects the customer’s browser to the PayPalRedirectURL value returned in the Direct response (Appendix A6).

Step 10:

The customer logs into PayPal and selects their chosen payment method. For Express Checkouts they will also enter their delivery address. For Mark, this address selection is disabled.

Step 11:

Once the shopper confirms their details on the PayPal screens, PayPal exchange information with Sage Pay, and then Direct builds a response message containing the fields listed in Appendix A7. This data is POSTed via the customer’s browser to the PayPalCallbackURL (provided as part of the original Direct POST Appendix A1). This URL is also the place to which the customer’s browser is redirected in the event of any errors.

Step 12:

Your site can check the information in the message to determine if you wish to proceed with the transaction. If the AddressStatus is UNCONFIRMED, and the PayerStatus is UNVERIFIED, for example, you may not wish continue without PayPal Seller Protection. If you do NOT wish to proceed, you should build a Direct PayPal Capture message with the ‘Accept’ field set to “NO” (Appendix A8) and POST it to the Direct PayPal Completion URL. You can then redirect the customer back to select a different payment method at this stage, and begin the Direct process again.

Step 13:

If you DO wish to proceed, you should store the delivery address details in your database (if they differ from those supplied), then build a Direct PayPal Capture message with the ‘Accept’ field set to “YES” (Appendix A8) and POST it to the Direct PayPal Completion URL.

Step 14:

Direct will validate the POST and, if correct, forward that to PayPal.

Step 15:

PayPal will complete the transaction and return the details to Direct. Sage Pay will update the transaction with the required IDs and build a completion response.

Step 16:

Direct replies to the POST sent to the PayPal Completion URL with the Direct completion message (Appendix A2).

Step 17:

You display a completion page to the customer.

Direct PayPal Message Flow

The diagram below show the message and customer flow for a Direct PayPal payment (described above) (screenshot to change).