Paypal integration

Posted by Anders Vindberg in Lunarmedia Blog on the 04 Oct. 2008 (48,945 views).

Here are some valuable information about integrating with Paypal found in the support forum (thanks to PayPal_HarryX):

There are several ways PayPal returns payment data to you after the payment is completed. You get to choose how you get the data back. But you have to use the correct technology for your choice. I see some confusion about the ways you receive and process data from PayPal. Often times the technology is mismatched with the settings you made and you get unexpected results. I hope this article will help clear things up.
 
Option 1: POST to Return Page
 
How does it work?
  1. After finishing the payment on PayPal, the customer clicks on a button.
  2. PayPal posts payment data to your URL in a HTML form.
  3. You post a form (format is described in the IPN section below) to PayPal. PayPal responds with a single word VERIFIED or INVALID.
  4. If you receive VERIFIED, you can be confident that the form you received came from PayPal and wasn't tampered with. Do whatever you need to do with the form data.
Settings:
  • specify a return url in the return variable in your html form. The return url must be an absolute url.Code:
    <input type="hidden" name="return" value="your_url_here">
     
  • set the rm variable to 2. Code:
    <input type="hidden" name="rm" value="2">

  • Auto Return = Disabled in account profile (if Auto Return = Enabled, you won't get any data)
  • PDT = Disabled in account profile
  • IPN = Disabled in account profile
I don't recommend this as a stand-alone solution because you can't guarantee that the customer will click on that button. Many customers simply close their browser or navigate away because they are done with their payment.
 
Option 2: Payment Data Transfer (PDT)
 
How does it work?
  1. After finishing the payment on PayPal, the customer is automatically redirected to your page.
  2. PayPal sends a GET request to your page. If your URL contains a query string, PayPal will append parameters to the URL. For example: Code:
    http://yoursite/yourpage?yourparam=yourvalue&tx=3KK900354R868601V&......
     
  3. You post a form to PayPal with cmd=_notify-synch, the tx token you received in the query string and the identity token in your account profile when you turned on PDT.Code:
    <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="POST">
      <input type="hidden" name="cmd" value="_notify-synch">
      <input type="hidden" name="tx" value="3KK900354R868601V">
      <input type="hidden" name="at" value="lpeb7DhJWXz5BU43tiarWlo42x5g-Nvv0oJCORuEVsmY9JiRuVUDW2jAHUI">
    </form>

      
  4. PayPal responds with a block of text with SUCCESS or FAIL on the top. If it's SUCCESS, name value pairs on separate lines follow the SUCCESS line.
  5. If the response has SUCCESS on the top, you read the rest of the lines from the response.

Settings:

  • specify an url for PDT in your account profile or in the return variable in your html form. The url must be an absolute url.Code:
    <input type="hidden" name="return" value="your_pdt_url_here">

  • Auto Return = Enabled in account profile
  • PDT = Enabled in account profile
  • IPN = Disabled in account profile

Sample script: http://paypaltech.com/PDTGen/

More info: https://www.paypal.com/IntegrationCenter/ic_pdt.html

This approach is better than Option 1 but there still may be breakage from the auto redirect after the payment is done. For example the customer could close the browser or navigate away before redirect is completed. If the redirect breaks, you won't know about the payment. It is possible for the customer to refresh the page. So if you are inserting records to a database, you must check for duplicates. Don't count on the PDT url being called only once. Use PDT if you must know immediately whether the payment went through, while the customer is still on your site, for example for providing immediate access to digital downloads. If you are shipping physical goods, you can wait for the IPN (see Option 3 below). Because PDT is a front end technology, you will only get data for the initial payment. You won't get data on eCheck clearance and other events. If you want to get notified programmatically about those events, you will still have to do IPN.
 
Option 3: Instant Payment Notification (IPN)
 
How does it work?
  1. After finishing the payment on PayPal, the customer is auto-redirected to your page ("return" variable)
  2. Customer returns to your page. PayPal does NOT send any payment data there.
  3. Separately in the background, you receive a form POST from PayPal at a different URL (notify_url variable).
  4. You post back a form with cmd=_notify-validate and all fields you received from PayPal. PayPal responds with a single word VERIFIED or INVALID
  5. If you receive VERIFIED, you can be confident that the form you received came from PayPal and wasn't tampered with. Do whatever you need to do with the form fields.
Settings:
  • Specify an auto return url in your profile or in the return variable in your html form. The url must be an absolute url. This is just a generic page with no PayPal processing logic. Display something like "Thank you and your order will be processed shortly." Code:
    <input type="hidden" name="return" value="your_return_url_here">

  • Specify an IPN url in your profile or in the notify_url variable in your html form. This is where you process payment data from PayPal. The IPN url must be an absolute url. It must also allow anonymous access from outside of your network. If you must open your firewall to a specific host, please note the Sandbox sends IPNs from ipn.sandbox.paypal.com. PayPal live site sends IPNs from notify.paypal.com. Code:
    <input type="hidden" name="notify_url" value="your_ipn_url_here">
     
  • Auto Return = Enabled in account profile
  • PDT = Disabled in account profile
  • IPN = Enabled in account profile

Sample script: http://paypaltech.com/SG2/

Test your IPN listener: http://paypaltech.com/Stephen/test/ipntest3.htm

More info: https://www.paypal.com/IntegrationCenter/ic_ipn.html

I recommend this approach over the 2 options above because there is less chance for breakage. It's independent of the customer's action. If the customer closes the browser or navigates away, you will still receive notifications from PayPal at your notify_url. IPN also has built-in retry mechanism. If there's a problem reaching your notify_url, PayPal will re-try for several days. With either of the 2 options above, you only have one shot at getting the payment data.
 
Option 4: PDT + IPN
 
This is a belt and suspenders strategy. You use PDT to get most of your data but use IPN as a backup to catch the redirect breakage and for receiving other event notifications. For each IPN you receive, you will first check to see if you already got it from PDT.
 

Settings:

  • Specify a return url in your account profile or in the return variable in your html form. The script there processes the GET request from PayPal as described under PDT above.Code:
    <input type="hidden" name="return" value="your_pdt_url_here">

  • Also specify an IPN url in your profile or in the notify_url variable in your html form. This script processes the POST data from PayPal as descirbed under IPN above. Note the data you received may have already been processed by PDT. Code:
    <input type="hidden" name="notify_url" value="your_ipn_url_here">
     
  • Auto Return = Enabled in account profile
  • PDT = Enabled in account profile
  • IPN = Enabled in account profile
I also recommend this approach if you are able to deal with the duplicates coming from different channels. You get the best of both worlds.
 
Where are the Profile settings for all these?
  • Auto Return and default return URL are in Profile -> Website Payment Preferences
  • PDT and your Identity Token (at variable) are in Profile -> Website Payment Preferences
  • IPN and the default notify_url are in Profile -> Instant Payment Notification Preferences

I welcome your questions, comments and corrections however please do not post questions or problems specific to your scripts. You should be able to resolve most of the problems by double checking what you have against the approaches outlined above. If not, please create a separate thread for your specific problem. Thank you.

Message Edited by PayPal_HarryX on 08-12-2006 08:05 PM
 

↓ Add Comment

Recent topics

This is the Lunarmedia Blog weblog.

↓ Add Comment

Comments (0)