Payflow Pro gateway guide

Spreedly integrates to Payflow Pro via Paypal’s XMLPay 2.0 API.

Adding a Payflow Pro gateway

To add a Payflow Pro gateway you just need to supply a login, partner, and password. The login in this case is your Payflow Pro vendor attribute. The partner value is usually Paypal.

curl https://core.spreedly.com/v1/gateways.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<gateway>
        <gateway_type>payflow_pro</gateway_type>
        <login>Your vendor value</login>
        <partner>Paypal</partner>
        <password>password</password>
      </gateway>'
<gateway>
  <token>Rvy6bOyoWVHuQjixFnrjhdn3IHL</token>
  <gateway_type>payflow_pro</gateway_type>
  <name>Payflow Pro</name>
  <description nil="true"/>
  <merchant_profile_key nil="true"/>
  <sub_merchant_key nil="true"/>
  <login>Your vendor value</login>
  <partner>Paypal</partner>
  <user nil="true"/>
  <characteristics>
    <supports_purchase type="boolean">true</supports_purchase>
    <supports_authorize type="boolean">true</supports_authorize>
    <supports_capture type="boolean">true</supports_capture>
    <supports_credit type="boolean">true</supports_credit>
    <supports_general_credit type="boolean">false</supports_general_credit>
    <supports_void type="boolean">true</supports_void>
    <supports_adjust type="boolean">false</supports_adjust>
    <supports_verify type="boolean">true</supports_verify>
    <supports_reference_purchase type="boolean">true</supports_reference_purchase>
    <supports_purchase_via_preauthorization type="boolean">false</supports_purchase_via_preauthorization>
    <supports_offsite_purchase type="boolean">false</supports_offsite_purchase>
    <supports_offsite_authorize type="boolean">false</supports_offsite_authorize>
    <supports_3dsecure_purchase type="boolean">false</supports_3dsecure_purchase>
    <supports_3dsecure_authorize type="boolean">false</supports_3dsecure_authorize>
    <supports_3dsecure_2_mpi_purchase type="boolean">true</supports_3dsecure_2_mpi_purchase>
    <supports_3dsecure_2_mpi_authorize type="boolean">true</supports_3dsecure_2_mpi_authorize>
    <supports_store type="boolean">false</supports_store>
    <supports_remove type="boolean">false</supports_remove>
    <supports_fraud_review type="boolean">true</supports_fraud_review>
    <supports_network_tokenization type="boolean">false</supports_network_tokenization>
    <supports_populate_mit_fields type="boolean">false</supports_populate_mit_fields>
    <supports_reference_authorization type="boolean">true</supports_reference_authorization>
  </characteristics>
  <credentials>
    <credential>
      <name>login</name>
      <value>Your vendor value</value>
    </credential>
    <credential>
      <name>partner</name>
      <value>Paypal</value>
    </credential>
    <credential>
      <name>user</name>
      <value nil="true"/>
    </credential>
  </credentials>
  <gateway_settings>
  </gateway_settings>
  <gateway_specific_fields>
    <gateway_specific_field>comment1</gateway_specific_field>
    <gateway_specific_field>comment2</gateway_specific_field>
    <gateway_specific_field>order_desc</gateway_specific_field>
    <gateway_specific_field>level_two_fields</gateway_specific_field>
    <gateway_specific_field>level_three_fields</gateway_specific_field>
    <gateway_specific_field>capture_complete</gateway_specific_field>
    <gateway_specific_field>merch_descr</gateway_specific_field>
  </gateway_specific_fields>
  <payment_methods>
    <payment_method>credit_card</payment_method>
    <payment_method>bank_account</payment_method>
    <payment_method>third_party_token</payment_method>
  </payment_methods>
  <state>retained</state>
  <redacted type="boolean">false</redacted>
  <sandbox type="boolean">false</sandbox>
  <mode>default</mode>
  <created_at type="dateTime">2022-03-16T18:06:44Z</created_at>
  <updated_at type="dateTime">2022-03-16T18:06:44Z</updated_at>
</gateway>

You can also specify a user field. Some customers may need to specify this value:

curl https://core.spreedly.com/v1/gateways.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<gateway>
        <gateway_type>payflow_pro</gateway_type>
        <login>Your vendor value</login>
        <partner>Paypal</partner>
        <user>user</user>
        <password>password</password>
      </gateway>'
<gateway>
  <token>E0AbyQImSoqN2f1skSUWZTpMmp2</token>
  <gateway_type>payflow_pro</gateway_type>
  <name>Payflow Pro</name>
  <description nil="true"/>
  <login>Your vendor value</login>
  <partner>Paypal</partner>
  <user>user</user>
  <characteristics>
    <supports_purchase type="boolean">true</supports_purchase>
    <supports_authorize type="boolean">true</supports_authorize>
    <supports_capture type="boolean">true</supports_capture>
    <supports_credit type="boolean">true</supports_credit>
    <supports_general_credit type="boolean">false</supports_general_credit>
    <supports_void type="boolean">true</supports_void>
    <supports_verify type="boolean">true</supports_verify>
    <supports_reference_purchase type="boolean">true</supports_reference_purchase>
    <supports_purchase_via_preauthorization type="boolean">false</supports_purchase_via_preauthorization>
    <supports_offsite_purchase type="boolean">false</supports_offsite_purchase>
    <supports_offsite_authorize type="boolean">false</supports_offsite_authorize>
    <supports_3dsecure_purchase type="boolean">false</supports_3dsecure_purchase>
    <supports_3dsecure_authorize type="boolean">false</supports_3dsecure_authorize>
    <supports_store type="boolean">false</supports_store>
    <supports_remove type="boolean">false</supports_remove>
    <supports_fraud_review type="boolean">true</supports_fraud_review>
    <supports_disburse type="boolean">false</supports_disburse>
    <supports_reference_authorization type="boolean">true</supports_reference_authorization>
  </characteristics>
  <credentials>
    <credential>
      <name>login</name>
      <value>Your vendor value</value>
    </credential>
    <credential>
      <name>partner</name>
      <value>Paypal</value>
    </credential>
    <credential>
      <name>user</name>
      <value>user</value>
    </credential>
  </credentials>
  <gateway_specific_fields>
    <gateway_specific_field>comment1</gateway_specific_field>
    <gateway_specific_field>comment2</gateway_specific_field>
  </gateway_specific_fields>
  <payment_methods>
    <payment_method>credit_card</payment_method>
  </payment_methods>
  <state>retained</state>
  <redacted type="boolean">false</redacted>
  <created_at type="dateTime">2017-07-27T17:49:57Z</created_at>
  <updated_at type="dateTime">2017-07-27T17:49:57Z</updated_at>
</gateway>

To learn more about creating and managing gateways in our Marketplace, review the Gateway user guide. For gateways not included in the Marketplace, review the steps below.

Create a gateway

Visit your Connections area to review all gateways and add new ones. When creating your gateways, select the gateway name and authentication mode (if prompted) before completing required fields. Select ☑️Sandbox to create a gateway in Sandbox mode, for processing test card data and transactions in your Spreedly environment.

Enter your vendor value into the login field, along with your partner (usually PayPal) and password to create a new PayFlow Pro gateway. You can also include the user field if required for your PayFlow Pro account.

Third-party tokens

Payflow Pro supports payment using Third Party Tokens via a reference transaction. While it is recommended that you retain any payment method you expect to use again in the Spreedly vault, third party tokens might be useful if you have legacy payments with Payflow Pro that need to be referenced for additional transactions, but which do not represent payment methods stored in your Spreedly vault. In this case, you will need to use the PNREF field returned in the original transaction that you would like to reference. This field holds a Payflow Pro token that represents the credit card information from the original transaction. According to Payflow Pro documentation it may be possible to use this token for transacting up to 15 months after the original transaction.

To use the PNREF this way, you must first create a Third Party Token with Spreedly, passing the PNREF value as reference. The object returned by Spreedly contains both a token and a third_party_token field. You’ll see that the third_party_token value is the PNREF. The token value is a Spreedly token that represents the PNREF and may be passed as the payment method token in transactions with your Payflow Pro gateway. Please consult the Payflow Pro documentation on Reference Transactions for details and appropriate use cases of the PNREF token.

Payflow Pro does not support the direct vaulting of payment methods through an operation like store.

Stored credentials

For Payflow Pro, sending stored credential fields can be done using Spreedly’s first class support. Sending stored credential data is simple. For any Authorize or Purchase request, you need to include three fields which tell Spreedly a little bit more about the nature of the transaction:

  • stored_credential_initiator
  • stored_credential_reason_type
  • network_transaction_id

Gateway specific fields

When interacting with a Payflow Pro gateway to run transactions, here are the configured gateway specific fields you can specify.

comment1, comment2, order_desc, and merch_descr can be used to help tie reports to your orders/customers or to report on other information about the transaction.

capture_complete indicates whether a delayed capture transaction is the last capture you intend to make. Valid values are Y (default) or N. If Y is passed, any remaining amount of the original reauthorized transaction is automatically released.

curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<transaction>
        <payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
        <amount>100</amount>
        <currency_code>USD</currency_code>
        <gateway_specific_fields>
          <payflow_pro>
            <comment1>Airport Shuttle</comment1>
            <comment2>Another Comment</comment2>
            <order_desc>Order Description</order_desc>
            <capture_complete>Y</capture_complete>
            <merch_descr>Merchant Description</merch_descr>
          </payflow_pro>
        </gateway_specific_fields>
      </transaction>'
<transaction>
  <on_test_gateway type="boolean">true</on_test_gateway>
  <created_at type="dateTime">2021-07-07T19:39:07Z</created_at>
  <updated_at type="dateTime">2021-07-07T19:39:07Z</updated_at>
  <succeeded type="boolean">true</succeeded>
  <state>succeeded</state>
  <token>YT9fngxJXKdo4lCFOkeJgPceGgA</token>
  <transaction_type>Purchase</transaction_type>
  <order_id nil="true"/>
  <ip nil="true"/>
  <description nil="true"/>
  <email nil="true"/>
  <merchant_name_descriptor nil="true"/>
  <merchant_location_descriptor nil="true"/>
  <merchant_profile_key nil="true"/>
  <gateway_specific_fields>
    <payflow_pro>
      <comment1>Airport Shuttle</comment1>
      <comment2>Another Comment</comment2>
      <order_desc>Order Description</order_desc>
      <capture_complete>Y</capture_complete>
      <merch_descr>Merchant Description</merch_descr>
    </payflow_pro>
  </gateway_specific_fields>
  <gateway_specific_response_fields>
  </gateway_specific_response_fields>
  <gateway_transaction_id>53</gateway_transaction_id>
  <gateway_latency_ms type="integer">0</gateway_latency_ms>
  <stored_credential_initiator nil="true"/>
  <stored_credential_reason_type nil="true"/>
  <warning nil="true"/>
  <application_id nil="true"/>
  <amount type="integer">100</amount>
  <currency_code>USD</currency_code>
  <retain_on_success type="boolean">false</retain_on_success>
  <payment_method_added type="boolean">false</payment_method_added>
  <smart_routed type="boolean">false</smart_routed>
  <message key="messages.transaction_succeeded">Succeeded!</message>
  <gateway_token>T11bJAANtTWnxl36GYjKWvbNK0g</gateway_token>
  <gateway_type>test</gateway_type>
  <shipping_address>
    <name>Newfirst Newlast</name>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
  </shipping_address>
  <response>
    <success type="boolean">true</success>
    <message>Successful purchase</message>
    <avs_code nil="true"/>
    <avs_message nil="true"/>
    <cvv_code nil="true"/>
    <cvv_message nil="true"/>
    <pending type="boolean">false</pending>
    <result_unknown type="boolean">false</result_unknown>
    <error_code nil="true"/>
    <error_detail nil="true"/>
    <cancelled type="boolean">false</cancelled>
    <fraud_review nil="true"/>
    <created_at type="dateTime">2021-07-07T19:39:07Z</created_at>
    <updated_at type="dateTime">2021-07-07T19:39:07Z</updated_at>
  </response>
  <api_urls>
  </api_urls>
  <payment_method>
    <token>1rpKvP8zOUhj4Y9EDrIoIYQzzD5</token>
    <created_at type="dateTime">2017-06-26T17:04:38Z</created_at>
    <updated_at type="dateTime">2021-07-07T17:59:48Z</updated_at>
    <email>[email protected]</email>
    <data>
      <my_payment_method_identifier>448</my_payment_method_identifier>
      <extra_stuff>
        <some_other_things>Can be anything really</some_other_things>
      </extra_stuff>
    </data>
    <storage_state>retained</storage_state>
    <test type="boolean">true</test>
    <metadata>
      <key>string value</key>
    </metadata>
    <callback_url nil="true"/>
    <last_four_digits>1111</last_four_digits>
    <first_six_digits>411111</first_six_digits>
    <card_type>visa</card_type>
    <first_name>Newfirst</first_name>
    <last_name>Newlast</last_name>
    <month type="integer">3</month>
    <year type="integer">2032</year>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
    <company nil="true"/>
    <full_name>Newfirst Newlast</full_name>
    <eligible_for_card_updater type="boolean">true</eligible_for_card_updater>
    <shipping_address1 nil="true"/>
    <shipping_address2 nil="true"/>
    <shipping_city nil="true"/>
    <shipping_state nil="true"/>
    <shipping_zip nil="true"/>
    <shipping_country nil="true"/>
    <shipping_phone_number nil="true"/>
    <payment_method_type>credit_card</payment_method_type>
    <errors>
    </errors>
    <verification_value></verification_value>
    <number>XXXX-XXXX-XXXX-1111</number>
    <fingerprint>e3cef43464fc832f6e04f187df25af497994</fingerprint>
  </payment_method>
  <attempt_3dsecure type="boolean">false</attempt_3dsecure>
</transaction>

Gateway specific response fields

Responses from Payflow Pro gateway may contain the pp_ref field, which you can find in the gateway_specific_response_fields. For example, an authorize transaction could have something like this:

<transaction>
  <token>LgpTNGjsWQs9DwdxcbreUVz0R8p</token>
  <transaction_type>Authorization</transaction_type>
  <gateway_specific_response_fields>
    <payflow_pro>
      <pp_ref>123ABC</pp_ref>
    </payflow_pro>
  </gateway_specific_response_fields>
</transaction>

To request any gateway_specific_fields or gateway_specific_response_fields, please contact Support with your request and the gateway documentation for the fields of interest.