Tech Blogging‎ > ‎

Testing Paypal PayNow Button in Sandbox

posted Mar 24, 2015, 3:02 AM by Haris Hashim   [ updated Mar 29, 2015, 7:42 PM ]

PayPal Rocks


Today, while testing Paypal PayNow button, I discovered that even Paypal can screw up. !FacePalm! Half of my day down the drain. But after some googling and tips from stackoverflow, things got right back on track. Finger cross!

If Paypal, a big company handling lots of money can do this. I should cut my self some slack too. But in your case, dear reader, I am going to cut you some tips so that you wont stumble into similar  pitfall.

Rocking Multiple Paypal Website

I am going to list some and give some explanation. 
  1. The main website : or
    • Either of both are the main website where you can log in and do stuff with your PayPal account and funds. 
    • If you are Malaysian and accessing PayPal from Malaysia, you will get the .my domain.
  2. Paypal website for Developer
    • This website have lots of stuff for developer. It can be confusing. However when doing sandbox testing click "Dashboard" in the main menu at the top of the site. It will open a new page. Look for "Sandbox" on the left side meny and click "Account" just bellow it.
    • As for logging in. I usually perform sign in using the main website (i.e. and then open up the developer web site. The credential is carried over. No need to sign in twice. IMHO, this is a little bit safer against wrongly typed URL.
  3.  Paypal sandbox website : or (yup there is such thing as
    • This sandbox website are equivalent to the main website. Just that it is the sandbox environment for testing. For instant a buyer account can get $ 9999 money in whatever currency. Any transaction here will not impact the real account.
    • If you are testing Paypal sandbox, make sure everything is done under this sandbox website. It pays to do a quick glance on the browser URL box at each step. This is important.
In point 3, I mentioned buyer account. To do sandbox testing, business and buyer account need to be created using Developer website mentioned in point 2. In my case, two accounts were already there (1) [email protected] and (2) [email protected] 

The idea is that a facilitator account, which is a business account will create a BuyNow button and then embed this button somewhere. In my case, even a local html page will work. Clicking that button should open up PayPal sandbox site with order details. A buyer account, which is a personal account, can then sign in and proceed with payment in sandbox environment.

In short, the flow will be 
  1. Sign in to Paypal main website.
  2. Sign in to Paypal website for developer and create facilitator and buyer account. Or in my case use pre-created accounts.
  3. Sign in to PayPal sandbox website as facilitator and create the BuyNow button. Don't forget to sign out after, to avoid confusion between facilitator and buyer account.
  4. Embed the BuyNow button in a page somewhere and click on it.
  5. In the opened sandbox order detail page, sign in as buyer user and proceed to pay.
Sounds east right?

Pitfalls That Rock Me Instead

I forgot the exact step, but at least I remember these small and big rocks that PayPal throw in my general direction. Was very busy ducking those rocks to remember. Sigh!
  1.  Multiple websites opened at the same time in same browser means credential are mixed a lot. To avoid this, best to open main website and developer website in one browser (for instance Chrome) while opening sandbox website on another browser (for instance Firefox).
  2. This is where PayPal screwed up. Apparently there is bug in the sandbox environment. To create BuyNow button, facilitator need to sign in to the sandbox website and click "Merchant Services" on the top menu. This link is broken. Doing this on the same browser where I sign in as the real account (instead of a test account) cause me to create and test real BuyNow button. Take me few hours to realize that buyer account can not sign and credit card was rejected because of this (thanks a bunch PayPal). To avoid this pitfall, in addition to point 1 above, always make sure that sandbox is in the URL at every step of testing.
  3. Take note that if tips in point 1 is followed and clicking "Merchant Services" in point 2 above is performed, a white page with bunch of cryptic error is displayed. At least no harm is done, but still a show stopper. What works for me (based on this StackOverflow, first answer) is to open up "Merchant Services" link in the other browser with my real PayPal business account. Copy the URL, paste it in the browser with sandbox environment and the facilitator already signed in and change the main website URL to a sandbox URL. Phew!
  4. Phew (repeat for dramatic effect) and still does not work! So here is the big rock. Or at least for today and for some cosmic reason might be something that only applicable to me. I really have no idea why something like this happened. Change the URL from using HTTPS to HTTP. Mysteriously, you have to make sure the URL is not in the form of "www.sandbox" by removing "www". 
  5. Point 4 will only work if you accept a cert intended for "" because step 4 will browse to "" and the cert was not intended for it. This is scarry, I shouldn't be asked to do this inview of all HTTPS security loophole news recently.
Avoiding and getting around above pitfalls allow me to create that much needed BuyNow button. The rest of testing still present some challenge for me. Perhaps they are story for another days. However, good to know that at least I am able to test purchase using BuyNow button using with buyer user signed in. Alternative to that is to buy using credit card information of buyer user without signing in.

In Conclusion

I guess, pitfalls above just highlight how hard to make good bug free software/system nowadays. Knowing that even PayPal have bugs. But my guess and to end this blog in a more positive tone.

To err is human, to forgive is DEVELOPER.

Comments & Feedbacks

The gadget spec URL could not be found