Payflow Pro: invalid transaction type due to multiple dots in X-VPS-Request-ID

First published on February 20, 2011

PayPal’s Payflow Pro is an online payment gateway for businesses to accept credit card transactions.

In our testing, we found that some transactions, although they were unique, were resulting in “Invalid transaction type” errors, which also returned a more specific “duplicate=1″ message.

One of the fields that you have to send Payflow Pro when processing a transaction is “X-VPS-Request-ID”, which is a 1- to 32-character unique ID for the transaction, stored for a minimum of 30 days. This is how Payflow Pro can help you prevent sending duplicate transactions. We had been using the timestamp concatenated with the customer’s e-mail address as the “X-VPS-Request-ID”. However, it turns out that Payflow Pro was only returning bogus duplicate transaction errors when the customers’ e-mail address had more than one period in it (such as “[email protected]”). We don’t know why Payflow Pro was failing on multiple dot characters, but our solution was to simply send an md5 hash of the timestamp + e-mail address, which is conveniently 32 alphanumeric characters. md5 collisions, although rare, do occur, so if you are in a similar situation you could also just manually strip out the periods or replace them with another character.