Menu
I am not sure it is neccessary if I am using PayPal express checkout for recurring payment, do I need https/ssl for my website to connect to PayPal? I am using Ruby on Rails and there is a gem called "paypal-express". It is working well without ssl in sandbox environment. Any suggestion? Thank you.
860
PayPal has updated its services to require TLS 1.2 or higher for all HTTPS connections. TLS versions 1.0 and 1.1, as well as SSL versions 1.0, 2.0 and 3.0, are older protocols with known vulnerabilities that have been deprecated. In addition, PayPal also requires HTTP/1.1 for all connections.
PayPal Express is very similar to PayPal Standard with one major difference: the checkout flow. PayPal Express avoids the IPN issues that arise with PayPal Standard. Customers will be directed to PayPal from your site, but they don't complete checkout at PayPal.
If by 'https/ssl' you mean whether your site itself needs to support SSL traffic over HTTP (and thus have a valid SSL certificate): no, it doesn't.
You do however need to be able to establish an SSL connection. Specifically, to PayPal's API endpoint.
This means you need to allow outbound SSL traffic via your firewall (if you have any) and your environment needs to support this.
Ensure you have a valid copy of the root certs (I usually suggest http://curl.haxx.se/ca/cacert.pem) to valid the SSL certificates against.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
