![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
PayPal breaks their API
Jan. 21st, 2016 02:13 amStarting from 2016-01-20 our old unit tests for PayPal integration functionality do not work anymore.
PayPal changed how their sandbox API works.
----------
https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766
On January 19-20, 2016
The Sandbox endpoints will be upgraded to new SHA-256, 2048-bit certificates:
...
After June 17, 2016
The Production endpoints will be upgraded to new SHA-256, 2048-bit certificates:
----------
Here's the upgrade instructions from PayPal
===========
https://devblog.paypal.com/paypal-ssl-certificate-changes/
How to Update to Prevent Service Outage
To prepare for these changes, please use the checklist below to ensure everything has been upgraded completely:
Talk to the technical contact or 3rd party partner that you used to create the checkout.
Save the VeriSign G5 Root Trust Anchor in your keystore.
Upgrade your environment to support the SHA-256 signing algorithm.
Perform end-to-end testing of the integration against the Sandbox / Payflow Pilot environment (including Instant Payment Notifications (IPN), Payment Data Transfer (PDT), and Silent Posts).
===========
Why do I need to save certificates into my keystore in order to maintain PayPal integration?
Why cannot they use our standard SSL certificate that we already have installed on our web server?
Why PayPal gives no instructions about how to "Upgrade our environment to support the SHA-256"?
It looks like PayPal architects simply do not care about what their customers (developers) will have to go through in order to maintain their API.
Ironically, revenue from PayPal is less than 10% of our revenue, so maintaining all that complexity associated with PayPal API integration does not make sense.
Update:
Facebook discussion
PayPal changed how their sandbox API works.
----------
https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766
On January 19-20, 2016
The Sandbox endpoints will be upgraded to new SHA-256, 2048-bit certificates:
...
After June 17, 2016
The Production endpoints will be upgraded to new SHA-256, 2048-bit certificates:
----------
Here's the upgrade instructions from PayPal
===========
https://devblog.paypal.com/paypal-ssl-certificate-changes/
How to Update to Prevent Service Outage
To prepare for these changes, please use the checklist below to ensure everything has been upgraded completely:
Talk to the technical contact or 3rd party partner that you used to create the checkout.
Save the VeriSign G5 Root Trust Anchor in your keystore.
Upgrade your environment to support the SHA-256 signing algorithm.
Perform end-to-end testing of the integration against the Sandbox / Payflow Pilot environment (including Instant Payment Notifications (IPN), Payment Data Transfer (PDT), and Silent Posts).
===========
Why do I need to save certificates into my keystore in order to maintain PayPal integration?
Why cannot they use our standard SSL certificate that we already have installed on our web server?
Why PayPal gives no instructions about how to "Upgrade our environment to support the SHA-256"?
It looks like PayPal architects simply do not care about what their customers (developers) will have to go through in order to maintain their API.
Ironically, revenue from PayPal is less than 10% of our revenue, so maintaining all that complexity associated with PayPal API integration does not make sense.
Update:
Facebook discussion
