paypal: xml specification is an international e-commerce business allowing payments and money...

4.3

PayPal: XML Specification

This is a supplemental document to be read in conjunction with the XML Specification. Published: 10 May 2018

http://www.securetrading.com/sites/default/files/downloads/xml/STPP%20XML%20Specification.pdf


© Secure Trading Limited 2018 10 May 2018 / 45

Table of Contents

1 Introduction ...................................................................................................................................... 3

2 Express Checkout Mark (ECM) ....................................................................................................... 4

2.1 What will the customer see? ...................................................................................................... 4 2.2 Displaying PayPal to the customer ............................................................................................ 4 2.3 How does it work behind the scenes? ....................................................................................... 5 2.4 Performing the order .................................................................................................................. 6 2.5 Authenticating with PayPal....................................................................................................... 14 2.6 Performing the authorisation .................................................................................................... 15

3 Express Checkout Shortcut (ECS) ............................................................................................... 20

3.1 What will the customer see? .................................................................................................... 20 3.2 Displaying PayPal to the customer .......................................................................................... 21 3.3 How does it work behind the scenes? ..................................................................................... 22 3.4 Performing the order ................................................................................................................ 23 3.5 Authenticating with PayPal....................................................................................................... 31 3.6 Retrieve order details from PayPal .......................................................................................... 32 3.7 Performing the authorisation .................................................................................................... 36

4 Settlement ....................................................................................................................................... 40

4.1 Deferred Settlement ................................................................................................................. 40 4.2 Partial Settlement ..................................................................................................................... 40 4.3 Immediate Settlement .............................................................................................................. 40

5 Notifications ................................................................................................................................... 41

5.1 Configuring the authorisation notification ................................................................................. 41 5.2 Configuring the settlement notification ..................................................................................... 41 5.3 Check the notification ............................................................................................................... 41

6 Performing a refund ....................................................................................................................... 42

6.1 REFUND XML Request ........................................................................................................... 43 6.2 REFUND XML Response ......................................................................................................... 43

7 Testing ............................................................................................................................................. 44

8 Further Information and Support ................................................................................................. 45

8.1 PayPal Support ........................................................................................................................ 45 8.2 Secure Trading Support ........................................................................................................... 45 8.3 Secure Trading Sales ............................................................................................................... 45 8.4 Useful Documents .................................................................................................................... 45 8.5 Frequently Asked Questions .................................................................................................... 45



1 Introduction

PayPal is an international e-commerce business allowing payments and money transfers to be made online. To enable PayPal on your Secure Trading account, please follow the steps outlined in the Enabling PayPal guide. This document outlines processing PayPal Authorisation requests using Secure Trading API. Secure Trading supports two PayPal transaction flows:

Express Checkout Mark (ECM)

PayPal is shown as an additional method of payment on your existing checkout, alongside credit/debit cards. See section 2 for further information.

Why implement ECM?

Allows you to integrate PayPal into your existing

checkout solution.

The address the customer submits on your website is

final and cannot be changed on PayPal’s website.

Express Checkout Shortcut (ECS)

Customers click the “Check out with PayPal” button on your website and are redirected to PayPal’s servers. See section 3 for further information.

Why implement ECS?

The customer does not need to type in their delivery

address. They can use the details saved on their PayPal

account.

Simplifying the checkout experience can help

increase both your online and mobile conversion rates.

Allows you to append a delivery charge to the

transaction that can differ based on the delivery

address selected by the customer while on PayPal’s

website.

https://www.paypal.com/uk

http://www.securetrading.com/files/documentation/Enabling-PayPal.pdf



2 Express Checkout Mark (ECM)

2.1 What will the customer see?

Basket page During the checkout process, your website states that PayPal is a supported payment method.

Details page The customer selects their preferred delivery address and opts to pay using PayPal.

PayPal login The customer is redirected to PayPal, where they sign in using their PayPal credentials (they can register with PayPal if they do not already have an account).

Review order The customer reviews their order and agrees to the payment on PayPal’s website.

Confirmation The customer is redirected to your website, where a confirmation is displayed (e.g. “Payment successful”).

2.2 Displaying PayPal to the customer

The official PayPal acceptance mark must be presented with equal prominence and close proximity to other payment types on your details page. No payment type should be selected by default.

You can download the latest official PayPal acceptance mark images from this URL: https://www.paypal.com/uk/webapps/mpp/logo-center

Upon selecting PayPal, card payment fields must be disabled or hidden from view.

https://www.paypal.com/uk/webapps/mpp/logo-center



2.3 How does it work behind the scenes?

The ECM payment flow can be split into three main parts, as shown below:

2.3.1 Performing the order

Customer agrees to a payment using PayPal on the merchant’s website.

Merchant submits ORDER request to initiate the

session, including cancelurl and returnurl.

Merchant receives ORDER response,

including paypaltoken and redirecturl.

2.3.2 Authenticating with PayPal

Merchant redirects the customer’s browser to the redirecturl, including the

paypaltoken.

Customer signs in and agrees to the payment

using their PayPal account.

If successful, the customer’s browser is

redirected to the returnurl.

If the PayPal order is cancelled, the browser is

redirected to the cancelurl (see section 2.3.4).

2.3.3 Performing the authorisation

If the previous steps have been successful:

The merchant submits combined ORDERDETAILS

and AUTH request to process the payment.

Merchant receives ORDERDETAILS AUTH response and displays

receipt page to the customer.

2.3.4 Handling cancellations or errors

If the payment was not successful, you will need to display the warning message returned in the response to the customer, informing them of the problem. We recommend allowing the customer to retry, presenting them with alternative payment methods (if supported on your account). If the customer opts to try again with PayPal, restart this process from the start as a new payment.



2.4 Performing the order

Once the customer opts to make a payment with PayPal, your system will need to perform an ORDER XML Request to STPP and interpret the response.

2.4.1 ORDER XML Request

The ORDER XML Request is similar to that of a standard e-commerce authorisation request as outlined in the XML Specification document, except for the following differences:

request type = “ORDER” merchant+

alias operation+

customer+

billing+

settlement+




2.4.1.1 <request type = “ORDER”>

The request type submitted must be “ORDER”.

2.4.1.2 <operation>

Within the <operation> tag there are two required fields: accounttypedescription and

sitereference.

Tag Type Length Required Comment

operation Y

account

type

description

an 20 Y Only “ECOM” is supported (e-commerce).

site

reference an 50 Y

The site reference identifies your Secure Trading account.

2.4.1.3 <merchant>

Within the <merchant> tag there are two required fields: returnurl and cancelurl.

If submitting the orderreference, the value of this field is sent to PayPal as the invoice ID.

PayPal checks for duplicate invoice IDs, therefore please ensure any order reference submitted in the ORDER XML Request is unique to each transaction.* Please refer to the table below for further information:


merchant Y

returnurl an 2048 Y The URL that the customer will be returned to following a successful authorisation on their PayPal account.

cancelurl an 2048 Y The URL that the customer will be returned to if they cancel the authorisation on their PayPal account.

order

reference an 255 N

Your unique order reference that can be stored on Secure Trading’s and PayPal’s system (this is your PayPal invoice ID).

When submitted, please ensure that the order reference is unique to each order.*

For non-mandatory fields that can be submitted in the <merchant> tag, please refer to the

XML Specification document.

Please note that when PayPal declines a transaction while the customer is on their servers, a message will be displayed on-screen. The customer may be prompted to try again or cancel the payment attempt.

*Please note that you can configure your PayPal account to disable the check on duplicate invoice IDs. Contact PayPal Support for further information.




2.4.1.4 <billing>

amount

billing payment type = “PAYPAL” locale

paypaladdressoverride

paypalemail

Within the <billing> tag, you must specify “PAYPAL” as the payment type. There are

additional optional elements that can be submitted within the <payment> tag, as follows:


billing Y

amount

currencycode= ””

an 3 Y

The currency that the transaction will be processed in. There is a list of available currencies on our website (http://webapp.securetrading.net/currencycodes.html).

amount n 13 Y

Total cost of the transaction to the customer in base units, with no commas or decimal points, so £10 would be 1000. This value must be greater than zero. (Max length may vary depending on your acquiring bank - Contact your bank for further info)

payment type =

“PAYPAL” an 20 Y

The payment type value will be set as “PAYPAL”.

locale an 2 N

The language of the PayPal login page. For the country code values that can be submitted, please refer to https://developer.paypal.com/docs/classic/api/locale_codes/

paypal

address

override

n 1 Y Allows you to override delivery address chosen by the customer on PayPal’s servers. See section 2.4.1.5 for info.

paypal

email an 255 N

The email address that the customer will use to sign in to PayPal. Maximum length of 255 (maximum of 64 characters before the”@” symbol).

http://webapp.securetrading.net/currencycodes.html


https://developer.paypal.com/docs/classic/api/locale_codes/




2.4.1.5 Delivery Address

When using the ECM flow, the delivery address entered on your website is submitted to PayPal and cannot be modified by the customer on PayPal’s website. You can alternatively opt to not submit a delivery address for the customer if it is not needed (i.e. online download). This behaviour is controlled by sending the <paypaladdressoverride> field in the ORDER

XML Request and subsequent ORDERDETAILS/AUTH XML Request to STPP:

Override value Behaviour of PayPal checkout

1

Use address submitted in <customer> tags

• The address submitted in the customer fields will be displayed to the customer when they sign in to PayPal.

• They cannot modify this on PayPal’s website prior to purchase.

• This is for cases where the customer’s delivery address has already been agreed on your website.

2

Hide address entirely • This hides the display of delivery address on the PayPal pages.

• This is useful if you are selling a product or service that does not require delivery.

When using option “1”, please ensure you are submitting the required delivery address fields in the <customer> tag. See section 2.4.1.6.



2.4.1.6 <customer>

customer+

premise

street

county

country

postcode

town

name

first

middle

suffix

last

prefix

The <customer> tag contains fields containing the customer’s delivery details.

Fields highlighted with an asterisk (*) are required if address override is “1” (otherwise optional) (see section 2.4.1.5 for further information).


customer C*

name C* Contains the delivery name. You must submit at least one of the following elements within this tag:

prefix an 25 C The prefix name (e.g. Mr,Miss,Dr).

first an 127 C The first name.

middle an 127 C The middle name(s).

last an 127 C The last name.

suffix an 25 C The suffix name (e.g. Bsc).

premise an 25 C* The customer address premise (house name or number).

street an 127 N The customer address street name.

town an 127 C* The town of the customer address.

county an 127 N The customer county.

country an 2 C*

The country for the customer’s billing address. This will need to be in ISO2A format. For a list of Country Codes, see http://webapp.securetrading.net/countrycodes.html

postcode an 25 N Customer address postcode.

http://webapp.securetrading.net/countrycodes.html




2.4.1.7 ORDER XML Request Example

The following is an example of an ORDER XML Request to be submitted to Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold. <?xml version='1.0' encoding='utf-8'?>

<requestblock version="3.67">

<alias>test_site12345</alias>

<request type="ORDER">

<merchant>

<orderreference>Example PayPal</orderreference>

<returnurl>https://yourwebsite.com</returnurl>

<cancelurl>https://yourwebsite.com</cancelurl>

</merchant>

<customer>

<name>

<prefix>Miss</prefix>

<first>Joanne</first>

<middle>Mary</middle>

<last>Smith</last>

</name>

<premise>111</premise>

<town>Bangor</town>

<country>GB</country>

<postcode>CU888ST</postcode>

</customer>

<billing>


<email>[email protected]</email>

<telephone type="M">0777777777</telephone>

<amount currencycode="GBP">100</amount>

<postcode>TE45 6ST</postcode>


<payment type="PAYPAL">

<locale>GB</locale>

<paypaladdressoverride>1</paypaladdressoverride>

<paypalemail>[email protected]</paypalemail>

</payment>

</billing>

<operation>

<sitereference>test_site12345</sitereference>

<accounttypedescription>ECOM</accounttypedescription>

</operation>

</request>

</requestblock>



2.4.2 ORDER XML Response

The ORDER XML Response returned is similar to that of a standard e-commerce authorisation response, with some minor differences that we’ll cover below, along with any other important fields that need to be checked. Fields that are not explained here can be found in the XML Specification.

response type = “ORDER”

+settlement

merchant

transactionreference

+

live

timestamp

+

paypal

billing

+error

+operation

+

The response outlined here only relates to successful requests, not failures or errors.

2.4.2.1 <response type = “ORDER”>

The response type is “ORDER”.

2.4.2.2 <billing>


billing Y

payment

type=”PAYPAL” an 20 Y

The payment type value will be set as “PAYPAL” for all successful PayPal Order responses.

2.4.2.3 <error>


error Y

code n 5 Y “0” indicates the request was successful. Non-zero values indicate an error.



http://webapp.securetrading.net/errorcodes.html



2.4.2.4 <paypal>

A new <paypal> tag is returned within the response. This tag contains two further elements:


paypal Y

redirecturl an 255 Y

The RedirectURL is the URL your system will need to redirect the customer to sign in to their PayPal account.

token an 255 Y

The token relates to the customer’s session within PayPal’s system. You should log this, as you can then use it in relation to any relevant queries you may have with PayPal.

2.4.2.5 ORDER XML Response Example

The following is an example of an ORDER XML Response to be returned by Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold. <?xml version='1.0' encoding='utf-8'?>

<responseblock version="3.67">

<requestreference>X62d3qhev</requestreference>

<response type="ORDER">

<merchant>


<operatorname>test_site12345</operatorname>

</merchant>

<transactionreference>23-32-20003</transactionreference>

<billing>

<payment type="PAYPAL"/>

</billing>

<timestamp>2014-11-27 12:08:04</timestamp>

<paypal>

<redirecturl>https://www.paypal.com/cgi-

bin/webscr?token=56604A14170900854600&useraction=commit&cmd=_e

xpress-checkout&paypalemail=billing%40email.com</redirecturl>

<token>56604A14170900854600</token>

</paypal>

<settlement>

<settleduedate>2014-11-27</settleduedate>

<settlestatus>0</settlestatus>

</settlement>

<live>1</live>

<error>

<message>Ok</message>

<code>0</code>

</error>

<operation>


</operation>

</response>

</responseblock>



2.5 Authenticating with PayPal

After successfully submitting an ORDER XML Request, your system will be returned a <redirecturl> in the XML Response. Your system will need to redirect the customer to this

URL, which is a page hosted by PayPal, in order to process the payment. When testing, the Secure Trading’s simulated PayPal login page (as shown below) is shown in place of a real PayPal login page. After logging in to their PayPal account, the customer has the option to continue with the transaction or to cancel. When testing, you can replicate this by using one of the e-mails below on our test PayPal login screen.

Email address Scenario Result

[email protected] The user performs a successful transaction.

The user is redirected to the URL specified in the ReturnURL specified in your ORDER XML Request.

[email protected] The user opts to cancel the transaction.

The user is then redirected to the URL specified in the CancelURL tags of your ORDER XML Request.

Please note that you must wait for the customer to return from the PayPal login page to the ReturnURL hosted on your servers before processing an authorisation.



2.6 Performing the authorisation

If customer is

redirected to

ReturnURL

If customer is

redirected to

CancelURL

Present your customer with

alternative payment methods

so they can try again.

Follow the instructions

outlined in this section

of the document.

2.6.1 Summary

Submit combined ORDERDETAILS and AUTH XML Request to STPP. This is used to retrieve the final billing and delivery details for the transaction and submit an authorisation request to PayPal.

Interpret combined ORDERDETAILS and AUTH XML Response from STPP.

This will contain information on whether or not the authorisation request was successful.

2.6.2 Combined ORDERDETAILS and AUTH XML Request

This section describes the XML Request that needs to be sent in order to process a combined ORDERDETAILS and AUTH XML Request. Your system is required to send two requests within the same call to Secure Trading. A full XML example can be found in section 2.6.2.3.

request type = “AUTH”

alias

request type =

“ORDERDETAILS”

parenttransactionreference

sitereference

+billing payment type = “PAYPAL” paypaladdressoverride

operation

2.6.2.1 <request type=”ORDERDETAILS”>


request type=

”ORDERDETAILS” Y

operation Y

parent

transaction

reference

an 25 Y

The transaction reference of the preceding ORDER XML Request. This will come from the redirect from PayPal.

site

reference an 50 Y




2.6.2.2 <request type=”AUTH”>


request type=

”AUTH” Y

billing Y

payment type

= “PAYPAL” Y

paypal

address

override

n 1 Y Must be the same value submitted in the ORDER XML Request (see section 2.4.1.4).

settlement N

settlestatus n 3 N

You can opt to submit the following: ‘0’ - Pending settlement by Secure Trading (usually within 24hrs). ‘2’ - Suspend the transaction. Must be scheduled for settlement within 7 days from the authorisation or will be cancelled by Secure Trading. ’100’ - Immediately settles the transaction. (Automatically set to 0 if left blank)

Please note that you cannot perform tokenisation with PayPal.

2.6.2.3 Combined ORDERDETAILS and AUTH XML Request Example

The following is an example of a combined ORDERDETAILS and AUTH XML Request to be submitted to Secure Trading. <?xml version="1.0" encoding="utf-8"?>



<request type="ORDERDETAILS">

<operation>


<parenttransactionreference>23-32-20003</parenttransactionreference>

</operation>

</request>

<request type="AUTH">

<billing>



</payment>

</billing>

</request>

</requestblock>



2.6.3 Combined ORDERDETAILS and AUTH XML Response

The combined ORDERDETAILS and AUTH XML Response is returned following a successful request. The XML Response has the same structure as the request. It is divided into two sections; the ORDERDETAILS Response followed by the AUTH Response. Both of these responses follow the same specification as a standard e-commerce authorisation response, with some minor differences that we’ll cover below, along with any other important fields that need to be checked. Fields that are not explained here can be found in the XML Specification.

2.6.3.1 <response type=”ORDERDETAILS”>

The ORDERDETAILS Response includes a new tag called <paypal>:

response type =

“ORDERDETAILS”paypal addressstatus

payerstatus

payerid


paypal Y

addressstatus an 25 Y The status of the address with PayPal. Either “Confirmed” or “Unconfirmed”.

payerstatus an 25 Y The status of the payer with PayPal. Either “verified” or “unverified”.

payerid an 255 Y Unique PayPal customer account number.

The fields returned in the <paypal> tag are defined by PayPal. These are correct

at time of writing, but may be subject to change.

http://www.securetrading.com/files/documentation/STPP-XML-Specification.pdf



2.6.3.2 <response type=”AUTH”>

Ensure your system checks the following field values in the AUTH Response to determine the state of the payment.


error Y

code n 5 Y

The error code should be used to determine if the request was successful or not.

If the error code is “0” then the transaction was successful.

If the error code is “70000” then the transaction was declined.

Full list of error codes: http://webapp.securetrading.net/errorcodes.html

settlement Y

settlestatus n 3 Y

‘0’ - Pending settlement by Secure Trading (usually within 24hrs). ‘2’ - Transaction suspended. Must be scheduled for settlement within 7 days from the authorisation or will be cancelled by Secure Trading. ‘3’ - Transaction cancelled. ’100’ - Transaction settled.

2.6.3.3 Combined ORDERDETAILS and AUTH XML Response Example

The following is an example of a combined ORDERDETAILS and AUTH XML Response returned by Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold. <?xml version='1.0' encoding='utf-8'?>


<requestreference>X538160153</requestreference>

<response type="ORDERDETAILS">

<merchant>

<merchantname>My Test Site</merchantname>



</merchant>

<customer>

<town>PAYPAL City</town>

<county>MI</county>

<street>MORE STREET</street>

<name>

<last>PayPalShipToName</last>

</name>

<premise>1 PayPalStreet</premise>

<country>US</country>

<ip>1.2.3.4</ip>

</customer>


<billing>

<name>

<last>PAYPALLastName</last>





</name>




</billing>


<paypal>

<addressstatus>Confirmed</addressstatus>

<payerstatus>verified</payerstatus>

<payerid>4d22e2606apid</payerid>

</paypal>

<settlement>



</settlement>

<live>1</live>

<error>


<code>0</code>

</error>

<operation>



</operation>

</response>

<response type="AUTH">

<merchant>




</merchant>



<acquirerresponsecode>None</acquirerresponsecode>

<operation>



</operation>

<settlement>



</settlement>

<billing>



</billing>

<authcode>83154-D140912749345</authcode>

<live>1</live>

<error>


<code>0</code>

</error>

</response>

</responseblock>



3 Express Checkout Shortcut (ECS)

3.1 What will the customer see?

Basket page On your basket page, your website offers the customer the ability to check out using PayPal. The customer clicks the button and is redirected to PayPal.

PayPal login The customer signs in using their PayPal credentials (they can register with PayPal if they do not already have an account).

Details page The customer selects their preferred delivery address and payment method on PayPal’s website.

Review order The customer is redirected back to your website, where you can add any additional delivery charges and display a final summary with the total amount shown.

Confirmation The customer is redirected to your website, where a confirmation is displayed (e.g. “Payment successful”).



3.2 Displaying PayPal to the customer

When the customer clicks the “Check out with PayPal” button, your system will need to submit an ORDER XML Request to Secure Trading to initiate the session with PayPal.

You can download the latest official “Check out with PayPal” buttons from this URL: https://www.paypal.com/us/webapps/mpp/logos-buttons The “Check out with PayPal” button must take the customer directly to PayPal without any deviations or intermediate steps and return to your website afterwards. The customer is not required to sign in to a store account prior to purchase. In addition, the button should:

Be placed directly below or next to each of your own checkout buttons. Be placed above the fold (visible without needing to scroll). Have alternative text “Checkout with PayPal” for cases where the image isn’t loaded in

the customer’s browser.

Please note that these guidelines are outlined by PayPal and are subject to change. Please refer to this URL for further information: https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECUIRequirements/

https://www.paypal.com/us/webapps/mpp/logos-buttons

https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECUIRequirements/

https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECUIRequirements/



3.3 How does it work behind the scenes?

The ECS payment flow can be split into four main parts, as shown below:

3.3.1 Performing the order

Customer agrees to a payment using PayPal on the merchant’s website.

Merchant submits ORDER request to initiate the

session, including cancelurl and returnurl.

Merchant receives ORDER response,

including paypaltoken and redirecturl.

3.3.2 Authenticating with PayPal

Merchant redirects the customer’s browser to the redirecturl, including the

paypaltoken.

Customer signs in and agrees to the payment

using their PayPal account.

If successful, the customer’s browser is

redirected to the returnurl.

If the PayPal order is cancelled, the browser is

redirected to the cancelurl (see section 3.3.5).

3.3.3 Retrieve order details from PayPal

If the previous steps have been successful:

The merchant submits ORDERDETAILS request to retrieve the transaction

details.

Merchant receives ORDERDETAILS response.

3.3.4 Performing the authorisation

The merchant displays a final confirmation page to the customer, including billing details and final

amount.

If the customer agrees to payment, the merchant submits AUTH request.

Merchant receives AUTH response and displays

receipt page to the customer.



3.3.5 Handling cancellations or errors

If the payment was not successful, you will need to display the warning message returned in the response to the customer, informing them of the problem. We recommend allowing the customer to retry, presenting them with alternative payment methods (if supported on your account). If the customer opts to try again with PayPal, restart this process from the start as a new payment.

3.4 Performing the order

Once the customer opts to make a payment with PayPal, your system will need to perform an ORDER XML Request to STPP and interpret the response.

3.4.1 ORDER XML Request

The ORDER XML Request is similar to that of a standard e-commerce authorisation request as outlined in the XML Specification document, except for the following differences:

request type = “ORDER” merchant+

alias operation+

customer+

billing+

settlement+

Other fields that can be included in this request are covered in the XML Specification document.




3.4.1.1 <request type = “ORDER”>

The request type submitted must be “ORDER”.

3.4.1.2 <operation>

Within the <operation> tag there are two required fields: accounttypedescription and

sitereference.


operation Y

account

type

description

an 20 Y Only “ECOM” is supported (e-commerce).

site

reference an 50 Y


3.4.1.3 <merchant>

Within the <merchant> tag there are two required fields: returnurl and cancelurl.

If submitting the orderreference, the value of this field is sent to PayPal as the invoice ID.

PayPal checks for duplicate invoice IDs, therefore please ensure any order reference submitted in the ORDER XML Request is unique to each transaction.* Please refer to the table below for further information:


merchant Y

returnurl an 2048 Y The URL that the customer will be returned to following a successful authorisation on their PayPal account.

cancelurl an 2048 Y The URL that the customer will be returned to if they cancel the authorisation on their PayPal account.

order

reference an 255 N

Your unique order reference that can be stored on Secure Trading’s and PayPal’s system (this is your PayPal invoice ID).

When submitted, please ensure that the order reference is unique to each order.*

For non-mandatory fields that can be submitted in the <merchant> tag, please refer to the

XML Specification document.

Please note that when PayPal declines a transaction while the customer is on their servers, a message will be displayed on-screen. The customer may be prompted to try again or cancel the payment attempt.

*Please note that you can configure your PayPal account to disable the check on duplicate invoice IDs. Contact PayPal Support for further information.




3.4.1.4 <billing>

amount

billing payment type = “PAYPAL” locale

paypaladdressoverride

paypalemail

paypalmaxbaseamount

Within the <billing> tag, you must specify “PAYPAL” as the payment type. There are

additional optional elements that can be submitted within the <payment> tag, as follows:


billing Y

amount

currencycode= ””

an 3 Y

The currency that the transaction will be processed in. There is a list of available currencies on our website (http://webapp.securetrading.net/currencycodes.html).

amount n 13 Y

Total cost of the transaction to the customer in base units, with no commas or decimal points, so £10 would be 1000. This value must be greater than zero. (Max length may vary depending on your acquiring bank - Contact your bank for further info)

payment type =

“PAYPAL” an 20 Y

The payment type value will be set as “PAYPAL”.

locale an 2 N

The language of the PayPal login page. For the country code values that can be submitted, please refer to https://developer.paypal.com/docs/classic/api/locale_codes/

paypal

address

override

n 1 Y Allows you to override delivery address chosen by the customer on PayPal’s servers. See section 3.4.1.5 for info.

paypal

email an 255 N

The email address that the customer will use to sign in to PayPal. Maximum length of 255 (maximum of 64 characters before the”@” symbol).

paypal

maxbaseamount n 11 N

The expected maximum total amount of the complete order, including shipping cost and tax charges. PayPal uses this value to validate the buyer's funding source. Must be in base units (see <amount>).

For further information on this field, please refer to PayPal’s own specification.







3.4.1.5 Delivery Address

The customer can select their delivery address from their PayPal account. Alternatively, they can use the address entered on your website. This behaviour is controlled by sending the <paypaladdressoverride> field in the ORDER XML Request and subsequent

ORDERDETAILS/AUTH XML Request to STPP:

Override value Behaviour of PayPal checkout

0 Customer can change delivery address on PayPal • Customer will be offered a choice between the delivery address

entered on your website and addresses on their PayPal account.

1

Use address submitted in <customer> tags

• The address submitted in the customer fields will be displayed to the customer when they sign in to PayPal.

• They cannot modify this on PayPal’s website prior to purchase.

• This is for cases where the customer’s delivery address has already been agreed on your website.

2

Hide address entirely • This hides the display of delivery address on the PayPal pages.

• This is useful if you are selling a product or service that does not require delivery.

Please refer to the table above and choose the most appropriate option for your solution.

When using options “0” or “1”, please ensure you are submitting the required delivery address fields in the <customer> tag. See section 3.4.1.6.



3.4.1.6 <customer>

customer+

premise

street

county

country

postcode

town

name

first

middle

suffix

last

prefix

The <customer> tag contains fields containing the customer’s delivery details.

Fields highlighted with an asterisk (*) are required if address override is “0” or “1” (otherwise optional) (see section 3.4.1.5 for further information).


customer C*

name C* Contains the delivery name. You must submit at least one of the following elements within this tag:

prefix an 25 C The prefix name (e.g. Mr,Miss,Dr).

first an 127 C The first name.

middle an 127 C The middle name(s).

last an 127 C The last name.

suffix an 25 C The suffix name (e.g. Bsc).

premise an 25 C* The customer address premise (house name or number).

street an 127 N The customer address street name.

town an 127 C* The town of the customer address.

county an 127 N The customer county.

country an 2 C*

The country for the customer’s billing address. This will need to be in ISO2A format. For a list of Country Codes, see http://webapp.securetrading.net/countrycodes.html

postcode an 25 N Customer address postcode.





3.4.1.7 ORDER XML Request Example

The following is an example of an ORDER XML Request to be submitted to Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold. <?xml version='1.0' encoding='utf-8'?>



<request type="ORDER">

<merchant>


<returnurl>https://yourwebsite.com</returnurl>

<cancelurl>https://yourwebsite.com</cancelurl>

</merchant>

<customer>

<name>

<prefix>Miss</prefix>

<first>Joanne</first>

<middle>Mary</middle>

<last>Smith</last>

</name>


<town>Bangor</town>


<postcode>CU888ST</postcode>

</customer>

<billing>





<postcode>TE45 6ST</postcode>



<locale>GB</locale>


<paypalemail>[email protected]</paypalemail>

<paypalmaxbaseamount>200</paypalmaxbaseamount>

</payment>

</billing>

<operation>



</operation>

</request>

</requestblock>

mailto:[email protected]%3c/email



3.4.2 ORDER XML Response

The ORDER XML Response returned is similar to that of a standard e-commerce authorisation response, with some minor differences that we’ll cover below, along with any other important fields that need to be checked. Fields that are not explained here can be found in the XML Specification.

response type = “ORDER”

+settlement

merchant

transactionreference

+

live

timestamp

+

paypal

billing

+error

+operation

+

The response outlined here only relates to successful requests, not failures or errors.

3.4.2.1 <response type = “ORDER”>

The response type is “ORDER”.

3.4.2.2 <billing>


billing Y

payment

type=”PAYPAL” an 20 Y

The payment type value will be set as “PAYPAL” for all successful PayPal Order responses.

3.4.2.3 <error>


error Y







3.4.2.4 <paypal>

A new <paypal> tag is returned within the response. This tag contains two further elements:


paypal Y

redirecturl an 255 Y

The RedirectURL is the URL your system will need to redirect the customer to sign in to their PayPal account.

token an 255 Y

The token relates to the customer’s session within PayPal’s system. You should log this, as you can then use it in relation to any relevant queries you may have with PayPal.

3.4.2.5 ORDER XML Response Example

The following is an example of an ORDER XML Response to be returned by Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold. <?xml version='1.0' encoding='utf-8'?>


<requestreference>X62d3qhev</requestreference>

<response type="ORDER">

<merchant>



</merchant>


<billing>


</billing>


<paypal>

<redirecturl>https://www.paypal.com/cgi-

bin/webscr?token=56604A14170900854600&useraction=commit&cmd=_e

xpress-checkout&paypalemail=billing%40email.com</redirecturl>

<token>56604A14170900854600</token>

</paypal>

<settlement>



</settlement>

<live>1</live>

<error>


<code>0</code>

</error>

<operation>


</operation>

</response>

</responseblock>



3.5 Authenticating with PayPal

After successfully submitting an ORDER XML Request, your system will be returned a <redirecturl> in the XML Response. Your system will need to redirect the customer to this

URL, which is a page hosted by PayPal, in order to process the payment. When testing, the Secure Trading’s simulated PayPal login page (as shown below) is shown in place of a real PayPal login page. After logging in to their PayPal account, the customer has the option to continue with the transaction or to cancel. When testing, you can replicate this by using one of the e-mails below on our test PayPal login screen.

Email address Scenario Result

[email protected] The user performs a successful transaction.

The user is redirected to the URL specified in the ReturnURL specified in your ORDER XML Request.

[email protected] The user opts to cancel the transaction.

The user is then redirected to the URL specified in the CancelURL tags of your ORDER XML Request.

Please note that you must wait for the customer to return from the PayPal login page to the ReturnURL hosted on your servers before processing an authorisation.



3.6 Retrieve order details from PayPal

If customer is

redirected to

ReturnURL

If customer is

redirected to

CancelURL

Present your customer with

alternative payment methods

so they can try again.

Follow the instructions

outlined in this section

of the document.

3.6.1 Summary

Submit ORDERDETAILS XML Request to STPP. This is used to retrieve the billing and delivery details for the transaction.

Interpret ORDERDETAILS XML Response from STPP.

You can use this information to calculate your delivery fee, append this to the transaction amount, and display this information to the customer. See section 3.6.3.4.

3.6.2 ORDERDETAILS XML Request

This section describes the XML Request that needs to be sent in order to process an ORDERDETAILS XML Request.

alias

request type =

“ORDERDETAILS”operation


sitereference


request type=

”ORDERDETAILS” Y

operation Y

parent

transaction

reference

an 25 Y

The transaction reference of the preceding ORDER XML Request. This will come from the redirect from PayPal.

site

reference an 50 Y


3.6.2.1 ORDERDETAILS XML Request Example

The following is an example of an ORDERDETAILS XML Request to be submitted to Secure Trading. <?xml version="1.0" encoding="utf-8"?>



<request type="ORDERDETAILS">

<operation>



</operation>

</request>

</requestblock>



3.6.3 ORDERDETAILS XML Response

The ORDERDETAILS XML Response is returned following a successful request. The response returned is similar to that of a standard e-commerce authorisation response, with some minor differences that we’ll cover below, along with any other important fields that need to be checked. Fields that are not explained here can be found in the XML Specification.

3.6.3.1 <error>


error Y


3.6.3.2 <paypal>

The ORDERDETAILS XML Response includes a new tag called <paypal>:

response type =

“ORDERDETAILS”paypal addressstatus

payerstatus

payerid


paypal Y

addressstatus an 25 Y The status of the address with PayPal. Either “Confirmed” or “Unconfirmed”.

payerstatus an 25 Y The status of the payer with PayPal. Either “verified” or “unverified”.

payerid an 255 Y Unique PayPal customer account number.

The fields returned in the <paypal> tag are defined by PayPal. These are correct

at time of writing, but may be subject to change.

http://www.securetrading.com/files/documentation/STPP-XML-Specification.pdf




3.6.3.3 ORDERDETAILS XML Response Example

The following is an example of an ORDERDETAILS XML Response returned by Secure Trading. Fields of specific importance to PayPal transactions have been highlighted in bold.

Please note that the billing and customer details may be different to those submitted in the initial ORDER XML Request. This can occur when the customer uses different details when logged into PayPal’s servers (address override “0”).

<?xml version='1.0' encoding='utf-8'?>



<response type="ORDERDETAILS">

<merchant>




</merchant>

<customer>

<town>PAYPAL City</town>

<county>MI</county>

<street>MORE STREET</street>

<name>

<last>PayPalShipToName</last>

</name>

<premise>1 PayPalStreet</premise>

<country>US</country>

</customer>


<billing>

<name>

<last>PAYPALLastName</last>

</name>




</billing>


<paypal>

<addressstatus>Confirmed</addressstatus>

<payerstatus>verified</payerstatus>

<payerid>4d22e2606apid</payerid>

</paypal>

<settlement>



</settlement>

<live>1</live>

<error>


<code>0</code>

</error>

<operation>



</operation>

</response>

</responseblock>



3.6.3.4 Interpreting the ORDERDETAILS XML Response

You must use the information returned in the ORDERDETAILS XML Response to display a page to the customer on your website that summarises the order. The customer can use this page to review their order and confirm they would like to proceed, in which case your system would submit an AUTH XML Request to Secure Trading as described in section 3.7.

Best practices

• The customer should be able to complete the purchase in two or fewer steps after being redirected to your website from PayPal’s checkout pages.

• The customer must not be required to manually enter additional information on the review page that is available via the PayPal APIs.

On the aforementioned review order page, the following information should be presented to the customer before completing the purchase:

PayPal as the selected payment method. Delivery address and email address from PayPal (found in the <customer> tag).

The total amount to be paid by the customer, including any additional delivery charges added to the initial transaction amount (if applicable). See below for further information on delivery charges.

About delivery charges

Once your system has received the ORDERDETAILS response, you should now be in possession of the customer’s delivery address (if you intend on shipping a physical product). At this point, you are permitted to append a delivery charge to the transaction cost.

Regardless of any delivery charges, you must present the total cost to the customer and they must agree to this final amount before the payment is processed.

We recommend separating the cost of the product(s) from the cost of delivery, so the customer can better understand how the amount was calculated.

Once the customer agrees to the payment, your system can process an AUTH request with this final amount submitted in the baseamount field (see section 3.7). This total amount, including any additional delivery charges, should not exceed the paypalmaxbaseamount value (if submitted in the ORDER request). The additional charge applied to cover the delivery costs is decided by you. Generally speaking, there are three approaches to calculating the delivery charge:

1. Free delivery – You opt not to add any additional fees to the cost of the product and your business will cover the cost of the delivery.

2. Fixed delivery price – You opt to add the same delivery charge to every order. This

works best when you ensure the aforementioned charge has the same value as the average delivery cost across all of your orders.

3. Charge the exact cost (using real-time rates) – Now you have the customer's

delivery address, and the size and weight of the delivery, you can contact your shipping partner and calculate the exact delivery cost and present this to the customer prior to completing the payment.



3.7 Performing the authorisation

If the customer agrees to proceed with the payment on your confirmation page, your system can submit an AUTH XML Request to Secure Trading to process the payment.

3.7.1 Summary

If the customer agrees with the final amount displayed, your system submits an AUTH XML Request to STPP. This is used to seek authorisation for the transaction from PayPal.

Interpret AUTH XML Response from STPP. This will contain information on whether or not the authorisation request was successful.



3.7.2 AUTH XML Request

This section describes the XML Request that needs to be sent in order to process an AUTH XML Request.

alias

request type = “AUTH” operation+

billing payment type = “PAYPAL” paypaladdressoverride


sitereference


request type=

”AUTH” Y

operation Y

parent

transaction

reference

an 25 Y The transaction reference of the preceding ORDERDETAILS XML Request.

site

reference an 50 Y


billing Y

payment type

= “PAYPAL” Y

paypal

address

override

n 1 Y Must be the same value submitted in the ORDER XML Request (see section 3.4.1.4).

settlement N

settlestatus n 3 N

You can opt to submit the following: ‘0’ - Pending settlement by Secure Trading (usually within 24hrs). ‘2’ - Suspend the transaction. Must be scheduled for settlement within 7 days from the authorisation or will be cancelled by Secure Trading. ’100’ - Immediately settles the transaction. (Automatically set to 0 if left blank)

Please note that you cannot perform tokenisation with PayPal.



3.7.2.1 AUTH XML Request Example

The following is an example of an AUTH XML Request to be submitted to Secure Trading. <?xml version="1.0" encoding="utf-8"?>



<request type="AUTH">

<operation>



</operation>

<billing>



</payment>

</billing>

</request>

</requestblock>

3.7.3 AUTH XML Response

The AUTH XML Response is returned following a successful request. The AUTH Response follows the same specification as a standard e-commerce authorisation response. Ensure your system checks the following field values to determine the state of the payment.


error Y

code n 5 Y

The error code should be used to determine if the request was successful or not.

If the error code is “0” then the transaction was successful.

If the error code is “70000” then the transaction was declined.

Full list of error codes: http://webapp.securetrading.net/errorcodes.html

settlement Y

settlestatus n 3 Y

‘0’ - Pending settlement by Secure Trading (usually within 24hrs). ‘2’ - Transaction suspended. Must be scheduled for settlement within 7 days from the authorisation or will be cancelled by Secure Trading. ‘3’ - Transaction cancelled. ’100’ - Transaction settled.





3.7.3.1 AUTH XML Response Example

The following is an example of an AUTH XML Response returned by Secure Trading: <?xml version='1.0' encoding='utf-8'?>



<response type="AUTH">

<merchant>




</merchant>



<acquirerresponsecode>None</acquirerresponsecode>

<operation>



</operation>

<settlement>



</settlement>

<billing>



</billing>

<authcode>83154-D140912749345</authcode>

<live>1</live>

<error>


<code>0</code>

</error>

</response>

</responseblock>



4 Settlement

PayPal performs additional checks on transactions before they are settled. If PayPal finds a problem with a particular transaction, they will not allow the funds for the transaction in question to be settled. In this case, the transaction would be suspended on Secure Trading’s systems, pending manual investigation by the merchant. If you wish to query a transaction suspended by PayPal, please contact our Support department (see section 8.2). If Secure Trading is unable to successfully perform settlement due to a problem on PayPal’s system, the transactions will be automatically re-scheduled to be settled in the next batch (typically the next day). Their settle statuses will be updated to ‘1 - Manual’ on Secure Trading’s records to indicate the transactions can be settled without further checks from Secure Trading.

Secure Trading supports immediate settlement for PayPal transactions. Please refer to section 4.3 for further information.

4.1 Deferred Settlement

By suspending a transaction (setting the settle status to ‘2’), you can defer settlement for up to 7 days. This can be achieved by either:

Including a settle status of ‘2’ in the AUTH XML Request. Please refer to section 2.6.2.2 or 3.7 (ECM & ECS respectively) for information on how to include this field in the XML.

Performing a TRANSACTIONUPDATE XML Request on a previously authorised transaction, specifying a settle status of ‘2’. Please refer to the Transaction Update documentation.

4.2 Partial Settlement

You can opt to settle a lower amount than originally authorised. This can be achieved by performing a TRANSACTIONUPDATE XML Request on a previously authorised transaction and specifying a lower amount. Please refer to the Transaction Update documentation.

4.3 Immediate Settlement

By default, PayPal transactions will be settled automatically by Secure Trading (typically within 24hrs). However, you can opt to settle a PayPal transaction immediately. This is achieved by including a settle status of ‘100’ in the AUTH XML Request. Please refer to section 2.6.2.2 for information on how to include this field in the XML.

When opting to immediately settle a PayPal transaction (to settle status ‘100’), Secure Trading’s internal fraud checks will be bypassed (if enabled). However, PayPal’s fraud checks will always be processed.

http://www.securetrading.com/sites/default/files/downloads/xml/STPP%20Transaction%20Update.pdf




5 Notifications

Before you begin testing, we recommend that you contact our Support team and request that rules are enabled on your account, which submit URL notifications to your system in the following scenarios:

When a payment is authorised (see section 5.1). When funds have been settled into your account (see section 5.2).

5.1 Configuring the authorisation notification

We recommend including at least the following fields in URL notifications sent on authorisation:

Auth Code (authcode) Base Amount (baseamount) (e.g. £10.50 is “1050”)* Main Amount (mainamount) (e.g. £10.50 is “10.50”)* Billing Country (billingcountryiso2a) Currency (currencyiso3a) Error Code (errorcode) Live Status (livestatus) Order Reference (orderreference) Payment Type (paymenttypedescription) PayPal Email (paypalemail) PayPal Payer ID (paypalpayerid) Request Type (requesttypedescription) Settle Status (settlestatus) Site Reference (sitereference) Transaction Reference (transactionreference) Transaction Started Timestamp (transactionstartedtimestamp)

*Please choose your preferred format.

5.2 Configuring the settlement notification

We recommend including the following fields in URL notifications sent on settlement:

Settle Status (settlestatus) Site Reference (sitereference) Transaction Reference (transactionreference)

5.3 Check the notification

You will need to check the contents of each notification received and respond accordingly by following the processes outlined in section 5.5 “URL Notification action” in our Rule manager supplement. In particular, you will need to look at the updated settlestatus value:

On authorisation: If the settlestatus is “0”, “1” or “10”, the payment has been authorised and you are not required to take further action at this time. However, values of “2” or “3” indicate funds are not scheduled for settlement (suspended and cancelled, respectively).

On settlement: If the settlestatus has been updated to “100”, this indicates that the funds have been settled into your account. Alternatively, if this has been updated to “3”, this indicates there has been a problem and the payment was subsequently cancelled.

http://www.securetrading.com/files/documentation/MyST-Rule-Manager.pdf



6 Performing a refund

Secure Trading allows you to refund PayPal transactions processed on your sites.

To ensure our records remain in sync with PayPal, we strongly recommend that you only perform refunds through Secure Trading, as described below. Do not perform refunds directly using your PayPal admin portal.

Please take note of the following before implementing a solution for PayPal refunds:

Only settled transactions can be refunded

Only settled transactions (settle status ‘100’) can be refunded. If the transaction has not settled, you can opt to cancel the payment by updating the settle status to ‘3’.

Settle status ‘10’

Standard PayPal refunds are settled immediately (settle status ‘100’). However, under certain conditions defined by PayPal, refunds can be set to settle status ‘10’ (‘settling’), which is an intermediate step prior to settlement. If a PayPal refund on your account is in settle status ‘10’, it is recommended you query it with Secure Trading Support (section 8.2) in case further actions need to be completed to ensure settlement.

REFUND XML examples can be found on the next page.



6.1 REFUND XML Request

The structure of the XML required in the request to STPP remains the same as a standard refund request, as outlined in the XML Specification document. The following is an example of a PayPal Refund XML Request to STPP. Please ensure you include the parent transaction reference element returned in the Authorisation XML Response of the transaction to be refunded (NOT from the ORDER or ORDERDETAILS responses). <requestblock version="3.67">


<request type="REFUND">

<merchant>

<orderreference>REFUND_PAYPAL</orderreference>

</merchant>

<operation>



</operation>

</request>

</requestblock>

6.2 REFUND XML Response

The following is an example of a PayPal Refund XML Response. When checking this response, ensure the error code (highlighted below in bold) is “0”, indicating the request was successful. <?xml version='1.0' encoding='utf-8'?>



<response type="REFUND">

<merchant>


<orderreference>REFUND_PAYPAL</orderreference>


</merchant>


<billing>



</billing>


<settlement>



</settlement>

<live>1</live>

<error>


<code>0</code>

</error>

<authcode>REFUND ACCEPTED</authcode>

<operation>



</operation>

</response>

</responseblock>




7 Testing

This section provides testing details for use during integration of PayPal through Secure Trading. Please use the XML examples outlined in this document to test different scenarios. You will need to substitute the amount submitted in the ORDER XML Request for those found in the following table, in order to generate the different responses that can be returned. You will also need to use the site reference of your test account.

Base amount XML Response <error> tags Scenario Tested

2011

<error>

<message>Decline</message>

<code>70000</code>

<data>10001</data>

<data>Internal error</data>

<data>Internal error</data>

<data>1</data>

</error>

If there was an internal error at PayPal when submitting your request.

2002

<error>

<message>Decline</message>

<code>70000</code>

<data>10537</data>

<data>Transaction

refused</data>

<data>Transaction

refused</data>

<data>1</data>

</error>

If the Order request was refused at PayPal.

2003 <error>


<code>0</code>

</error>

A successful authorisation, however is set as a cancellation later by PayPal, therefore our system cancels the transaction.

2001 A successful authorisation.

Please note that responses may vary when not using the amounts listed in the table, above.

Please refer to the following sections of the document for XML examples to be used when testing PayPal transactions with STPP:

Express Checkout Mark (ECM) XML Request XML Response

ORDER Page 11 Page 13

ORDERDETAILS / AUTH combined Page 16 Page 18

Express Checkout Shortcut (ECS) XML Request XML Response

ORDER Page 28 Page 30

ORDERDETAILS Page 32 Page 34

AUTH Page 38 Page 39

See p43 for an example of a REFUND XML Request and p43 for a REFUND XML Response.



8 Further Information and Support

This section provides useful information with regards to documentation and support for your Secure Trading solution.

8.1 PayPal Support

If you are experiencing problems when processing PayPal transactions, please ensure that you have first read and fully understood all relevant documentation provided by PayPal, and that your PayPal account is configured correctly. All of PayPal’s contact details and documentation can be found on their website, http://www.PayPal.com.

8.2 Secure Trading Support

If you have any further questions regarding your PayPal solution, please contact our support team using one of the following methods.

Method Details

Telephone +44 (0) 1248 672 050

Fax +44 (0) 1248 672 099

Email [email protected]

Website http://www.securetrading.com/support/support.html

8.3 Secure Trading Sales

If you do not have an account with Secure Trading, please contact our Sales team and they will inform you of the benefits of a Secure Trading account.

Method Details

Telephone 0800 028 9151

Telephone (Int’l) +44 (0) 1248 672 070

Fax +44 (0) 1248 672 079

Email [email protected]

Website http://www.securetrading.com

8.4 Useful Documents

The documents listed below should be read in conjunction with this document:

STAPI Setup Guide – This document outlines how to install the STAPI java client to process XML Requests and Responses through Secure Trading.

STPP Web Services User Guide – This document describes how to process XML Requests and Responses through Secure Trading’s Web Services solution.

STPP XML Specification – This document details how to perform XML Authorisations, Account Checks and Refunds through Secure Trading.

XML Reference Transaction Update – This document outlines how to perform a Transaction Update Request.

Any other document regarding the STPP system can be found on Secure Trading’s website (http://www.securetrading.com). Alternatively, please contact our support team as outlined above.

8.5 Frequently Asked Questions

Please visit the FAQ section on our website (http://www.securetrading.com/support/faq).

http://www.paypal.com/

mailto:[email protected]

http://www.securetrading.com/support/support.html

mailto:[email protected]

http://www.securetrading.com/

http://www.securetrading.com/sites/default/files/downloads/stapi/STPP%20STAPI%20User%20Guide.pdf

http://www.securetrading.com/sites/default/files/downloads/webservices/STPP%20Web%20Services%20User%20Guide.pdf



http://www.securetrading.com/

http://www.securetrading.com/support/faq