Express Checkout Mark (ECM)

  The following content assumes you have obtained the necessary PCI certification to process and submit sensitive cardholder data in the request to our Webservices API.
If you are unsure, please contact our Support Team for assistance.

PayPal is an international e-commerce business allowing payments and money transfers to be made online.

Express Checkout Mark (ECM): PayPal is shown as an additional method of payment on your existing checkout, alongside credit/debit cards.

  Supported customer countries   No restrictions on customer countries.
  Supported currencies   AUD, CAD, EUR, GBP, JPY, USD
  Refunds

  Full and partial refunds permitted.

  Chargebacks

  Disputes are managed by PayPal.

  Benefits of implementing ECM

  • Allows you to integrate PayPal into your existing checkout solution.
  • The address the customer submits on your website is final and cannot be changed on PayPal’s website.

 

Process overview

What will the customer see?

  • During the checkout process, your website presents PayPal as a payment method.
  • The customer selects their preferred delivery address on your checkout page and opts to pay using PayPal.
  • The customer is redirected to PayPal, where they sign in using their PayPal credentials (they can register with PayPal if they do not already have an account).
  • The customer reviews their order and agrees to the payment on PayPal’s website.
  • The customer is redirected to your website, where a confirmation is displayed (e.g. “Payment successful”).

wsapi-ecm-01.png

How does it work behind the scenes?

The ECM payment flow can be split into three main parts, as shown below:

 

1. Initiate the customer

wsapi-ecm-02.png



2. Redirect to PayPal

wsapi-ecm-03.png



3. Processing the authorisation

  Only continue if customer's browser is successfully redirected back to the returnurl.

wsapi-ecm-04.png

 

1. Initiate the customer

  Displaying PayPal on your checkout

The official PayPal acceptance mark must be presented with equal prominence and close proximity to other payment types on your details page. No payment type should be selected by default.

wsapi-ecm-05.png

You can download the latest official PayPal acceptance mark images from this URL:
https://www.paypal.com/uk/webapps/mpp/logo-center
Upon selecting PayPal, card payment fields must be disabled or hidden from view.

When the customer chooses to pay with PayPal, your system will need to perform an ORDER request and interpret the response returned.

 

ORDER request example

Python PHP cURL Raw JSON Raw XML
#!/usr/bin/python
import securetrading

stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

order = {
"currencyiso3a": "GBP",
"requesttypedescription": "ORDER",
"accounttypedescription": "ECOM",
"sitereference": "test_site12345",
"baseamount": "2001",
"paymenttypedescription": "PAYPAL",
"returnurl": "https://yourwebsite.com",
"cancelurl": "https://yourwebsite.com",
"paypallocale": "GB",
"paypaladdressoverride": "1",
"paypalemail": "billing@email.com"
}

strequest = securetrading.Request()
strequest.update(order)
stresponse = st.process(strequest) #stresponse contains the transaction response

Replace <DOMAIN> with a supported domain. Click here for a full list.

 

Field specification

  Field Format Description
table-required.png accounttypedescription
XPath: /operation/accounttypedescription
Alpha (20) Only “ECOM” (e-commerce) is supported.
table-required.png baseamount
XPath: /billing/amount
Numeric (11) The amount of the transaction in base units, with no commas or decimal points, so €10 is submitted as 1000. This value must be greater than zero. (Max length may vary depending on your acquiring bank – Contact your bank for further info)
table-required.png cancelurl
XPath: /merchant/cancelurl
URL (2048) The URL that the customer will be returned to if they cancel the authorisation on their PayPal account.
table-required.png currencyiso3a
XPath: /billing/amount/@currencycode
Alpha (3)

The currency that the transaction will be processed in (in ISO3A format).

For a list of currency codes supported by PayPal, refer to the list found at the top of this page.

table-conditional.png customerprefixname
XPath: /customer/name/prefix
Alphanumeric including symbols (25)

The prefix of the customer’s billing name (e.g. Mr, Miss, Dr).

At least one of the customer name fields must be submitted if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customerfirstname
XPath: /customer/name/first
Alphanumeric including symbols (127)

The customer’s billing first name.

At least one of the customer name fields must be submitted if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customermiddlename
XPath: /customer/name/middle
Alphanumeric including symbols (127)

The customer’s billing middle name(s).

At least one of the customer name fields must be submitted if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customerlastname
XPath: /customer/name/last
Alphanumeric including symbols (127)

The customer’s billing last name.

At least one of the customer name fields must be submitted if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customersuffixname
XPath: /customer/name/suffix
Alphanumeric including symbols (25)

The customer’s suffix name (e.g. Bsc).

At least one of the customer name fields must be submitted if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

table-conditional.png customerpremise
XPath: /customer/premise
Alphanumeric including symbols (25)

The customer’s house name or number.

These customer address fields are required if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customertown
XPath: /customer/town
Alphanumeric including symbols (127)

The customer’s town.

These customer address fields are required if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

customercountryiso2a
XPath: /customer/country
Alpha (2)

The customer’s country. This will need to be in ISO2A format. Click here for a full list of country codes.

These customer address fields are required if paypaladdressoverride is set to "1". Otherwise, these fields are optional.

table-optional.png customerstreet
XPath: /customer/street
Alphanumeric including symbols (127) The customer’s street name.
table-conditional.png customercounty
XPath: /customer/county
Alphanumeric including symbols (127)

The customer’s county. For US addresses, the state would be entered in this field. Valid formats:

  • Preferred: Two character state code, e.g. “NY”.
  • Full state name, e.g. “New York”.

Required if customercountryiso2a is one of the following: AR, BR, CA, CN, ID, IN, IT, JP, MX, TH, US

table-optional.png customerpostcode
XPath: /customer/postcode
Alphanumeric (25) The customer’s postcode or ZIP code.

This must be a valid postcode/ZIP code for the customercountryiso2a submitted.

table-optional.png orderreference
XPath: /merchant/orderreference
Alphanumeric including symbols (25)

 

Recommended length 25 characters or less (exact length dependent on acquiring bank). Failure to adhere to this requirement may result in the text being truncated in the transaction.

Your unique order reference that can be stored on Trust Payments and PayPal’s system (this is your PayPal invoice ID).

When submitted, please ensure that the order reference is unique to each order.

table-required.png paymenttypedescription
XPath: /billing/payment/@type
Alpha (20) This value must be submitted as “PAYPAL”.
table-required.png paypaladdressoverride
XPath: /billing/payment/paypaladdressoverride
Numeric (1) When using the ECM flow, the delivery address entered on your website is submitted to PayPal and cannot be modified by the customer on PayPal’s website. Please submit one of the following values:
  • 1 – Customer will use the delivery address entered on your website.
  • 2 – Customer will not be prompted to choose a delivery address on PayPal’s website (best suited to online services and downloads).
table-optional.png paypalemail
XPath: /billing/payment/paypalemail
Email (255) The email address that the customer will use to sign in to PayPal. Maximum of 64 characters allowed before the @ symbol.
table-optional.png paypallocale
XPath: /billing/payment/locale
Alpha (2) The language of the PayPal login page.

Click here for a list of PayPal locales.

table-required.png requesttypedescription
XPath: /@type
Alpha (20) The value in the request must be “ORDER”.
table-required.png returnurl
XPath: /merchant/returnurl
URL (2048) The URL that the customer will be returned to following a successful authorisation on their PayPal account.
table-required.png sitereference
XPath: /operation/sitereference
Alphanumeric & underscore (50) The site reference relates to your individual account which you received on setup. If you do not know your site reference, please contact our Support Team.

 

ORDER response example

Python PHP Raw JSON Raw XML
{
u 'requestreference': u 'A0bxh87wt',
u 'version': u '1.00',
u 'responses': [{
u 'transactionreference': u '72-32-20002',
u 'paymenttypedescription': u 'PAYPAL',
u 'settleduedate': u '2020-06-01',
u 'transactionstartedtimestamp': u '2020-06-01 15:35:40',
u 'errormessage': u 'Ok',
u 'accounttypedescription': u 'ECOM',
u 'errorcode': u '0',
u 'redirecturl': u 'https://webapp.securetrading.net/cgi-bin/webscr?token=72x32x20002&useraction=commit&cmd=_express-checkout&paypalemail=billing%40email.com',
u 'requesttypedescription': u 'ORDER',
u 'settlestatus': u '0',
u 'operatorname': u 'webservices@example.com',
u 'livestatus': u '0',
u 'paypaltoken': u '72x32x20002'
}]
}

 

Field specification

  Field Format Description
table-returned.png accounttypedescription
XPath: /operation/accounttypedescription
Alpha (20) The value returned is “ECOM”.
table-returned.png errorcode
XPath: /error/code
Numeric (1-5)

The error code should be used to determine if the request was successful or not.

  • If the error code is “0” then the transaction was successful.
  • If the error code is not “0” then the transaction was not successful.

Click here for a full list of errorcode and message values.

table-conditional.png errordata
XPath: /error/data
Alphanumeric (255)

Additional information to help troubleshoot the error.

Only returned if there has been an error.

table-returned.png errormessage
XPath: /error/message
Alphanumeric (255) This is the corresponding message to the above code.

Click here for a full list of errorcode and message values.

table-returned.png livestatus
XPath: /live
Numeric (1)
  • 0 – Transaction processed using a test account.
  • 1 – Transaction processed using a live account.
table-returned.png operatorname
XPath: /merchant/operatorname
Alphanumeric (255) The value of this field contains the name of the user that processed the request.
table-returned.png paymenttypedescription
XPath: /billing/payment/@type
Alpha (20) The value returned is “PAYPAL”.
table-returned.png paypaltoken
XPath: /paypal/token
Alphanumeric (255) The token relates to the customer’s session within PayPal’s system. You should log this, as you can then use it in relation to any relevant queries you may have with PayPal.
table-returned.png redirecturl
XPath: /paypal/redirecturl
URL (255) Redirect the customer’s browser to this URL, to allow them to sign in to their PayPal account.
table-returned.png requesttypedescription
XPath: /@type
Alpha (20) The value returned is “ORDER”.
table-returned.png settleduedate
XPath: /settlement/settleduedate
Date YYYY-MM-DD The date on which the transaction will be settled.
table-returned.png settlestatus
XPath: /settlement/settlestatus
Numeric (3)
  • “0” indicates no issues have been raised so far that would prevent settlement from taking place.
  • “3” indicates the request was unsuccessful.
table-returned.png transactionreference
XPath: /transactionreference
Alphanumeric including
hyphens (25)
A unique reference for the request assigned by Trust Payments.
table-returned.png transactionstartedtimestamp
XPath: /timestamp
Date time YYYY-MM-DD hh:mm:ss The time the request was processed.

 

  Additional notes about ORDER requests

  • The customer name, customer premise, customer town and customer country are required when using PayPal address override option “1”.
  • When PayPal declines a transaction while the customer is on their servers, a message will be displayed on-screen. The customer may be prompted to try again or cancel the payment attempt.
  • You can configure your PayPal account to disable the check on duplicate invoice IDs (values submitted in the orderreference). Contact PayPal Support for further information.

 

2. Redirect to PayPal

After successfully submitting an ORDER request, your system will be returned a redirecturl in the response. Your system will need to redirect the customer’s browser to this URL, which is a page hosted by PayPal, in order to process the payment.

When testing, our simulated PayPal login page (as shown below) is shown in place of a real PayPal login page.

After logging in to their PayPal account, the customer has the option to continue with the transaction or to cancel. When testing, you can replicate this by using one of the e-mails below on our test PayPal login screen.

Email address Scenario Result
auth@auth.com The customer performs a successful transaction. The customer’s browser is redirected to the URL specified in the returnurl that was submitted in the ORDER request.
cancel@cancel.com The customer opts to cancel the transaction. The customer’s browser is redirected to the URL specified in the cancelurl that was submitted in the ORDER request.

  You must wait for the customer to return from the PayPal login page to the returnurl hosted on your servers before processing an authorisation.

wsapi-ecm-06.png

 

3. Processing the authorisations

  If the customer is redirected to the cancelurl:

Present your customer with alternative payment methods so they can try again.

  If the customer is redirected to the returnurl:

Follow the instructions below.

 

ORDERDETAILS AUTH request example

This example demonstrates how to process an ORDERDETAILS followed by an AUTH request. Notice how the structure of the request is similar to that of a standard AUTH request, except “ORDERDETAILS” is included in the requesttypedescriptions field before “AUTH”.

Python PHP cURL Raw JSON Raw XML
#!/usr/bin/python
import securetrading

stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

orderdetailsauth = {
"requesttypedescriptions": ["ORDERDETAILS","AUTH"],
"sitereference": "test_site12345",
"parenttransactionreference": "72-32-20002",
"paymenttypedescription": "PAYPAL",
"paypaladdressoverride": "1"
}

strequest = securetrading.Request()
strequest.update(orderdetailsauth)
stresponse = st.process(strequest) #stresponse contains the transaction response

Replace <DOMAIN> with a supported domain. Click here for a full list.

 

Field specification

  Field Format Description
table-required.png parenttransactionreference
XPath: /operation/parenttransactionreference
Alphanumeric
& hyphens (25)
Submit the transactionreference returned in the preceding ORDER response.
table-required.png paymenttypedescription
XPath: /billing/payment/@type
Alpha (20) This value must be submitted as “PAYPAL”.
table-required.png paypaladdressoverride
XPath: /billing/payment/paypaladdressoverride
Numeric (1) Must be the same value submitted in the ORDER request.
table-required.png

requesttypedescriptions
XPath: /@type

Note: The XML submission is comprised of two separate requests. We recommend using the example above to help structure this request.

List Submit “ORDERDETAILS” and “AUTH”, as shown in the request example above.
table-required.png sitereference
XPath: /operation/sitereference
Alphanumeric
& underscore (50)
The site reference relates to your individual account which you received on setup. If you do not know your site reference, please contact our Support Team.

 

ORDERDETAILS AUTH response example

Here is an example of a combined ORDERDETAILS then AUTH response. Notice how the response is divided into two parts; the first represents the “ORDERDETAILS” response and the second represents the “AUTH” response (as indicated by the values of the requesttypedescription fields).

Python PHP Raw JSON Raw XML
{
u 'requestreference': u 'A0dcb11e6',
u 'version': u '1.00',
u 'responses': [{
u 'transactionreference': u '72-32-20003',
u 'merchantname': u 'Test Merchant',
u 'billinglastname': u 'PAYPALLastName',
u 'transactionstartedtimestamp': u '2020-06-01 15:36:00',
u 'paypalpayerstatus': u 'verified',
u 'parenttransactionreference': u '72-32-20002',
u 'accounttypedescription': u 'ECOM',
u 'errorcode': u '0',
u 'settleduedate': u '2020-06-01',
u 'billingcountryiso2a': u 'GB',
u 'paypalpayerid': u 'e018408a43pid',
u 'paypaladdressstatus': u 'Confirmed',
u 'billingemail': u 'paypal.email@example.com',
u 'requesttypedescription': u 'ORDERDETAILS',
u 'errormessage': u 'Ok',
u 'billingfirstname': u 'Andru00e9',
u 'operatorname': u 'webservices@example.com',
u 'livestatus': u '0',
u 'settlestatus': u '0'
}, {
u 'transactionreference': u '72-32-20004',
u 'merchantname': u 'Test Merchant',
u 'paymenttypedescription': u 'PAYPAL',
u 'authcode': u '44782-D149613359266',
u 'transactionstartedtimestamp': u '2020-06-01 15:36:00',
u 'errormessage': u 'Ok',
u 'parenttransactionreference': u '72-32-20003',
u 'accounttypedescription': u 'ECOM',
u 'errorcode': u '0',
u 'settleduedate': u '2020-06-01',
u 'currencyiso3a': u 'GBP',
u 'baseamount': u '2001',
u 'acquirerresponsecode': u 'None',
u 'requesttypedescription': u 'AUTH',
u 'operatorname': u 'webservices@example.com',
u 'livestatus': u '0',
u 'settlestatus': u '0'
}]
}

 

Field specification

  Because many of the fields returned in this response are also found in a standard AUTH response, we have only listed the most important fields below, which are relevant when handling PayPal responses.
Click here for the full AUTH specification.

  Field Format Description
table-returned.png accounttypedescription
XPath: /operation/accounttypedescription
Alpha (20) The value returned is “ECOM”.
table-returned.png errorcode
XPath: /error/code
Numeric (1-5) The error code should be used to determine if the request was successful or not.
  • If the error code is “0” then the transaction was successful.
  • If the error code is not “0” then the transaction was not successful.

Remember to check the error response in both ORDERDETAILS and AUTH responses.

Click here for a full list of errorcode and message values.

table-conditional.png errordata
XPath: /error/data
Alphanumeric (255) Additional information to help troubleshoot the error.

Remember to check the error response in both ORDERDETAILS and AUTH responses.

Only returned if there has been an error.

table-returned.png errormessage
XPath: /error/message
Alphanumeric (255) This is the corresponding message to the above code.

Remember to check the error response in both ORDERDETAILS and AUTH responses.

Click here for a full list of errorcode and message values.

table-returned.png livestatus
XPath: /live
Numeric (1)
  • 0 – Transaction processed using a test account.
  • 1 – Transaction processed using a live account.
table-conditional.png merchantname
XPath: /merchant/merchantname
Alphanumeric (255) These are details associated with the account used to process the transaction.

To amend these fields, please contact our Support Team.

Depends on your account configuration.

table-returned.png operatorname
XPath: /merchant/operatorname
Alphanumeric (255) The value of this field contains the name of the user that processed the request.
table-returned.png parenttransactionreference
XPath: /operation/parenttransactionreference
Alphanumeric
& hyphens (25)
This field is returned in both sections of the response, referring to previous requests processed in the sequence.
table-returned.png
Only returned in AUTH response
paymenttypedescription
XPath: /billing/payment/@type
Alpha (20) The value returned is “PAYPAL”.
table-returned.png
Only returned in ORDERDETAILS response
paypaladdressstatus
XPath: /paypal/addressstatus
Alpha (25) The status of the address with PayPal. Either “Confirmed” or “Unconfirmed”.
table-returned.png
Only returned in ORDERDETAILS response
paypalpayerid
XPath: /paypal/payerid
Alphanumeric (255) Unique PayPal customer account number.
table-returned.png
Only returned in ORDERDETAILS response
paypalpayerstatus
XPath: /paypal/payerstatus
Alpha (25) The status of the payer with PayPal. Either “verified” or “unverified”.
table-returned.png requesttypedescription
XPath: /@type
Alpha (20) “ORDERDETAILS” and “AUTH” are returned in their respective responses.
table-returned.png settleduedate
XPath: /settlement/settleduedate
Date YYYY-MM-DD The date on which the transaction will be settled.
table-returned.png settlestatus
XPath: /settlement/settlestatus
Numeric (3) The value returned in the AUTH response is used to determine the transaction status. Click here for further information on the settlestatus field and the settlement process for PayPal.
table-returned.png transactionreference
XPath: /transactionreference
Alphanumeric including
hyphens (25)
Unique references for both requests, assigned by Trust Payments.
table-returned.png transactionstartedtimestamp
XPath: /timestamp
Date time YYYY-MM-DD hh:mm:ss The time each request was processed.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request