This help page provides some tips for testing various aspects of your setup:
If your scripts test fine with Free Checkout, they should work just as well with live sales going through PayPal, so any problems in that case would be with your PayPal integration (rather than your scripts):
The sample PHP we provided for the handshake is just a sample to convey how the hash is derived; it's presumed that you or a developer you'd hire would be skilled enough at programming to devise the best way to actually implement it, and in whatever programming language is required.
If you're not comfortable having login credentials in the script itself, you could just hard-code the final hash result into your script, but then you'd need to regenerate and replace that hash every time you'd change your E-junkie login email or password, vs. just updating those credentials in the script.
In any case, when properly set up on your server, it should not be possible for anyone to read the raw script itself unless they were logged into your hosting server as you, or as the server's root sysadmin, so if someone hacked into either of those accounts you'd have far bigger troubles at hand.
Instead of the handshake, you could just use .htaccess to restrict access to the subdirectory your script is running in, so only inbound connections from our domain would be accepted:
If you'd like some assistance with this, we can recommend the competent, E-junkie-experienced developers listed in our directory here: