PayPal PayFlow iFrame not loading - User Authentication Failed

Asked by:
HubFans / n/a Points
2015-10-13 5:40 am EST
Website Troubleshooting
Hello community!

I have an eCommerce site that uses PayPal Advanced, meaning that a PayPal iFrame is embedded in our website. To get the iFrame to load, my code passes several fields to PayPal, then PayPal returns an appropriate result to enable to iFrame to be rendered.

PayPal was doing maintenance on Saturday, Oct. 10, 2015. Beginning quite early on this day, in lieu of the iFrame, customers were getting "User Authentication Failed" errors because the result was 1.

In talking with about 5 PayPal employees, I was told that the credentials I was passing were fine and the account was live, so everything should be working. I asked if this was a security issue and if some syntax/settings had changed during the scheduled maintenance (to all checkout systems), but the employees that helped me said no.

I made a new admin account to use for credentials, made it active, and used it instead in the code (guessing the old one perhaps was too old, as I had not updated my code since 2014). Neither use special characters; they are both alphanumeric only.

Any ideas as to different things to check or turn off/on? Anyone see flaws in my code?

class PayPalFlowProHelper
private static function getPayPalCheckoutURLs($url = 'checkout/')
$checkoutURL = "https://" . $_SERVER['HTTP_HOST'] . "/".$url;
return $checkoutURL;

public static function renderPayPalFlowCheckoutIFrame($totalAmount = 0)

$_SESSION['SECURETOKENID'] = uniqid('MySecTokenID-');
$paypalConfiguration = array(
"PARTNER" => "PayPal",
"VENDOR" => "xxxx",
"USER" => "xxxx",
"PWD" => "xxxx",
"TRXTYPE" => "S",
"AMT" => $totalAmount,
"SECURETOKENID" => $_SESSION['SECURETOKENID'], //Should be unique, never used before
"RETURNURL" => self::getPayPalCheckoutURLs("paypal-checkout-return/"),
"CANCELURL" => self::getPayPalCheckoutURLs("paypal-canceled-checkout/"),
"ERRORURL" => self::getPayPalCheckoutURLs("paypal-error-checkout/"),
"BILLTOFIRSTNAME" => $_POST['first_name'],
"BILLTOLASTNAME" => $_POST['last_name'],
"BILLTOSTREET" => $_POST['address1'],
"BILLTOCITY" => $_POST['city'],
"BILLTOSTATE" => $_POST['state'],
"BILLTOZIP" => $_POST['zip'],
"BILLTOCOUNTRY" => $_POST['country'],

"SHIPTOFIRSTNAME" => $_POST['first_name'],
"SHIPTOLASTNAME" => $_POST['last_name'],
"SHIPTOSTREET" => $_POST['address1'],
"SHIPTOCITY" => $_POST['city'],
"SHIPTOSTATE" => $_POST['state'],
"SHIPTOZIP" => $_POST['zip'],
"SHIPTOCOUNTRY" => $_POST['country'],

$paypalResponse = self::runPayFlowCall($paypalConfiguration);

if ($paypalResponse == FALSE || $paypalResponse['RESULT'] != 0) {
return false;
$secureToken = $paypalResponse['SECURETOKEN'];
$secureTokenID = $paypalResponse['SECURETOKENID'];

private static function displayPayFlowIFrame($secureToken,$secureTokenID){
global $environment;
$mode = 'LIVE';
if ($environment == "sandbox" || $environment == "pilot") {
$mode = 'TEST';
echo '<div style="margin: 0 auto 10px;width:492px; height:auto;background:#ffffff">';
// wrap iframe in a dashed wireframe for demo purposes
echo " <input type='hidden' name='siddu' value='" . self::getPayPalCheckoutURLs("advanced.php") . "'> ";
echo " <iframe src='$secureToken&SECURETOKENID=$secureTokenID&MODE=$mode' width='490' height='565' border='0' frameborder='0' scrolling='no' allowtransparency='false'>\n</iframe>";
private static function parsePayFlowString($str)
$workstr = $str;
$out = array();

while (strlen($workstr) > 0) {
$loc = strpos($workstr, '=');
if ($loc === FALSE) {
// Truncate the rest of the string, it's not valid
$workstr = "";

$substr = substr($workstr, 0, $loc);
$workstr = substr($workstr, $loc + 1); // "+1" because we need to get rid of the "="

if (preg_match('/^(\w+)\[(\d+)]$/', $substr, $matches)) {
// This one has a length tag with it. Read the number of characters
// specified by $matches[2].
$count = intval($matches[2]);

$out[$matches[1]] = substr($workstr, 0, $count);
$workstr = substr($workstr, $count + 1); // "+1" because we need to get rid of the "&"
} else {
// Read up to the next "&"
$count = strpos($workstr, '&');
if ($count === FALSE) { // No more "&"'s, read up to the end of the string
$out[$substr] = $workstr;
$workstr = "";
} else {
$out[$substr] = substr($workstr, 0, $count);
$workstr = substr($workstr, $count + 1); // "+1" because we need to get rid of the "&"

return $out;
// run_payflow_call: Runs a Payflow API call. $params is an associative array of
// Payflow API parameters. Returns FALSE on failure, or an associative array of response
// parameters on success.
private static function runPayFlowCall($params)
global $environment;

$paramList = array();
foreach ($params as $index => $value) {
$paramList[] = $index . "[" . strlen($value) . "]=" . $value;

$apiStr = implode("&", $paramList);

// Which endpoint will we be using?
if ($environment == "pilot" || $environment == "sandbox")
$endpoint = "";
else $endpoint = "";

// Initialize our cURL handle.
$curl = curl_init($endpoint);


// If you get connection errors, it may be necessary to uncomment
// the following two lines:
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $apiStr);

$result = curl_exec($curl);
if ($result === FALSE) {
echo curl_error($curl);
return FALSE;
} else return self::parsePayFlowString($result);

To ask this user for more information, please first login.

To submit an answer, please login.



17,314 Points
2015-10-14 6:22 pm EST

Sorry for the problem with Paypal Advanced iFrame not working properly. We unfortunately have limited exposure to this plugin. I have tried researching to see if I could find anything, but there's not much on the forums that help to identify the problem that you are having. I would definitely post in the PayPal forums or submit a ticket to their support to help you resolve the problem. I did check on our server to see if there any errors on the server that we could use to help identify the issue, but there is nothing that I can find.

Apologies that we can't provide more help in this issue. The code is third-party and you may either need to get a separate developer or the Paypal engineers to review this issue for you.

I hope this helps to answer your question, please let us know if you require any further assistance.

Arnel C.

To submit a comment on this answer, please first login.

Want to share this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.