We are planning to integrate PayPal Payflow Pro with our eCommerce solution in a way that offloads the vast majority of PCI Compliance/Scope onto the payment gateways. Typically this is done by iframe and that’s one of the items we are trying to confirm support for so we can follow existing integration patterns we have set.
We want our web store to work in the following way:
- On the Checkout page, 1.1 iFrame will collect card information 1.2 Shopper can decide to save the card OR use an existing saved card 1.3 After clicking on the Place Order button (which will be outside iFrame), the payments will be processed via the gateway and a response will be received by the application
Payflow offers an iframable implementation of its Hosted Checkout Pages, which it calls 'Layout C'. There's some documentation and screenshots here: https://developer.paypal.com/docs/payflow/integration-guide/configure-hosted-checkout/
However, Payflow is an older solution. If you don't have a particular need for that gateway, consider Advanced Credit & Debit Cards instead, documented here: https://developer.paypal.com/docs/business/checkout/advanced-card-payments/ -- with this, 3 fields are iframed: credit card number, expiration date, and card security code. The rest are a form controlled by your site.