The redirect URL is going to need to look something like this:
https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-1NK66318YB717835M
or
https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-1NK66318YB717835M&useraction=commit
I don't think you need all the escaping. Here what mine looks like:
if result['ACK'][0]=='Success':
token = result['TOKEN'][0]
url =
'https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&useraction=commit&token='
redirect('%s%s' % (url, token))
Yes, SUBJECT is optional. It specifies the email address of the seller's
account. I like to include it to be explicit.
INVNUM is also optional and you need to be careful with it because in most
cases PayPal enforces uniqueness on this value in your PayPal account.
