PayPal Website Payments Pro

From WHMCS Documentation

(Redirected from PayPal Payments Pro)

Supported Features

Type One Time Recurring Refunds 3D Secure
Credit Card Yes Yes Yes Yes


To activate the module, begin by going to Configuration () > System Settings > Payment Gateways or, prior to WHMCS 8.0, Setup > Payments > Payment Gateways. Choose "PayPal Website Payments Pro" from the available list of gateways to activate. Complete the first 3 fields using the details provided by PayPal (API Username, API Password, and API Signature) and click Save Changes to start accepting payments.

3D Secure

The next 3 fields in the configuration are: Processor ID, Merchant ID & Transaction PW. These are used by the 3D Secure process. PayPal Pro Accounts are usually enrolled for this by default these days and if you have been enrolled, PayPal will have provided you with the details for it.

If they haven't or you don't want to use the 3D Secure feature, then simply leaving these fields blank in WHMCS will disable the 3D Secure process, and mean it is not used during the checkout process on your site.

API Details

PayPal API Step 2

Once activated, you then need to enter your details for the Payflow Pro API. These can be found as described below.

PayPal API Step 2
  1. Login to PayPal
  2. Select your name/company at the top right
  3. On the dropdown menu select "Account settings"
  4. On the left, scroll down and select "Website payments"
  5. Select "Update" next to "API Access"
  6. Under "NVP/SOAP API integration (classic)" select "Manage API credentials"
  7. Copy the API credentials

Reference Payments

This feature helps reduce your PCI compliance liability. Instead of storing card details in the WHMCS database the ID of the last transaction is used to make repeat charges. The limitation with remote card number storage is that changing payment gateway would require clients to re-enter their card details.

Contrary to what you might think, you should not tick the setting to "Disable Credit Card Storage" in Configuration () > System Settings > General Settings > Security or, prior to WHMCS 8.0, Setup > General Settings > Security. This will disable entry by a client.

Supported Features

Type One Time Recurring Refunds 3D Secure
Token Yes Yes Yes No
Remote Update Card Remote Delete Card
No No


PayPal applies a time limit on how long you can repeat against a transaction, so 24 months after the original payment you will see a Referenced transaction or order is too old error. The solution is for a client to login and submit payment manually which will generate a new transaction that further repeats can be made against. Any time a client pays manually via the client area, that will be stored as the most recent transaction for any further repeats to be made against. The standard "Credit Card Payment Declined" email template will send to a client when the capture fails due to the expired reference transaction.

Declined Payments

If you experience an error whilst processing payments navigate to Billing > Gateway Log and the full response from PayPal is displayed in the debug field. Refer to the L_ERRORCODE0 value, and the following two values will then briefly explain the error.

A common error response is: L_SHORTMESSAGE0 => Security error This indicates that the API Details you've entered in the Setup > Payment Gateways config area are invalid and need to be double checked.

More detailed descriptions of the errors and instructions for correcting them can be found at

Server Modules
cPanel/WHM - DirectAdmin - Plesk - Helm 3 - Helm 4 - Ensim - InterWorx - WebsitePanel - Cloudmin - VePortal
Lxadmin - Virtualmin Pro - XPanel - HyperVM - FluidVM - SolusVM - Cloudmin - WHMSonic - VPS.Net
CentovaCast - SCPanel - MediaCP - GameCP - TCAdmin - Reseller Central - Auto Release - Heart Internet

Registrar Modules
Enom - ResellerClub - Nominet - OpenSRS - ResellOne - OnlineNIC - PlanetDomain - Affordable Domains
TPP Wholesale - TPPInternet - Stargate - Namecheap - NetEarthOne - Bizcn - InternetBS - GMO Internet
12Register - Registercom - DotDNS - WebNIC - Dot.TK - HexoNet - Realtime Register - Registereu
RRPProxy - ResellerCamp - TransIP - Heart Internet - IPMirror - NetRegistry - OVH - VentraIP Wholesale
Email - 101Domain

Fraud Modules
MaxMind - VariLogiX FraudCall - Telesign

Gateway Modules
2CheckOut - AsiaPay - Echeck - - CIM - Bank Transfer
BluePay - BluePay Echeck - BluePay Remote - Boleto - CashU - CC Avenue - ChronoPay
Direct Debit - EMatters - E-Path - eProcessingNetwork
eWAY Tokens - F2B - Finansbank - GarantiBank - Gate2Shop - LinkPoint
Inpay - IP.Pay - Kuveytturk - Modulo Moip - Mail In Payment
Merchant Partners - Merchant Warrior - IDEALMollie - Moneris - Moneris Vault
Skrill 1-Tap - SlimPay - NaviGate - NETbilling - Netregistry Pay - NoChex
Offline Credit Card - Optimal Payments - PagSeguro - Payflow Pro - Pay Junction
Paymate AU and NZ - Payment Express - PayPal - PayPal Express Checkout - PayPal Payments Pro (SecPay) - Payson - Planet Authorize - SagePay - ProtX VSP Form - PSIGate
Quantum Gateway - Quantum Vault - SagePay - SagePay Tokens - SecPay - SecurePay - SecurePay AU
Secure Trading - TrustCommerce - USA ePay - WorldPay - WorldPay Invisible