Search code examples
phppayment-gateway2checkout

2Checkout Refund Issue

Using 2Checkout's supported library for PHP, I'm having trouble doing a refund in their sandbox via their API using the example they provided and my own credentials. What am I doing wrong? Note that I can do charges just fine in their sandbox, but not refunds.

<?php

error_reporting(E_ALL);
ini_set('display_errors','On');
header('Content-Type: text/plain');

require_once('lib/Twocheckout.php');

$sChargeID = '4093729353592'; // my order ID
Twocheckout::username('USER'); // my username
Twocheckout::password('PASSWORD'); // my password
Twocheckout::sandbox(true);

Twocheckout::verifySSL(false);

$charge = Twocheckout_Sale::refund(array(
    'sale_id' => $sChargeID,
    'comment' => 'Customer decided the item did not meet expectations and it was within their refund period.',
    'category' => 2 // did not like item
));

echo "\nRESPONSE = \n";
print_r($charge);
echo "\n";

When I dump out the CURL response, I see this:

{
   "errors" : [
      {
         "code" : "FORBIDDEN",
         "message" : "Access denied to API"
      }
   ]
}
Solution

  • There are a few things they don't make too clear with 2Checkout regarding API refunds:

    1. Their password reset email service on the sandbox does not work. I got an answer from their tech support about this.

    2. You have to go into the Sandbox (unless Live) dashboard, and then click Account > User Management. You'll see a tiny little note that says: "** Users cannot access both the API and Seller Area". You'll also notice that your own account doesn't have API Access and API Updating permissions. That means that you must create another account from that user management screen, and when you do, check off Admin API and API Update capability. Then, use that username and password, but use the same account ID as for your other account. Note that this new user can do refunds via the API, but can't login to the dashboard.

    Note that charges don't use the "admin API" -- they use a separate API that utilizes the API keys instead of the user/pass combo. It makes zero sense that I can use API keys for one API, but must use a restricted user/pass combo for the other.

    It's these kind of hoops that make 2Checkout less attractive than Stripe, but hey, very few services have fast onboarding and token-based payments like Stripe. 2Checkout is my "second best choice".