How can the notify_url guarantee the request is the 3tr payment ?
We know in a Payment such as use PayPal, if the PayPal payment success, it will request the notify_url we given, but the notify_url we implement in the backend.
But I have a question, how can we ensure the request user is the 3tr payment(such as PayPal), not a simulated user cracker?
Related
In CreateRecurringPaymentsProfile API Operation (NVP) no options for set IPN URL
How to track subscription?
NVP API CreateRecurringPaymentsProfile operation Support NOTIFYURL field?
On PayPal provide some information
https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNSetup/#id089EG030E5Z
You can't configure IPN Url in CreateRecurringPaymentsProfile operation, you have to configure it in the business account you use.
In the account configuration there is an IPN section.
I'm working on implementation of PayPal recurring payments, but I have some doubts.
The steps to create a recurring payment profile are:
Call SetExpressCheckout (with L_BILLINGTYPE0=RecurringPayments)
Get the TOKEN
Call CreateRecurringPaymentsProfile with the token and the billing frequency
Receive the response with the ID of the active profile.
If I set the notify URL (PAYMENTREQUEST_0_NOTIFYURL) in SetExpressCheckout does PayPal IPN notify about recurring payment?
According to https://www.paypal-community.com/t5/Merchant-services-Archive/Recurring-payments-IPN/td-p/350104?profile.language=en CreateRecurringPaymentsProfile does not accept the notify URL but SetExpressCheckout does!
The SEC call does indeed set your IPN. Remember, you're setting up everything with PayPal to process a payment (setting the stage, so to speak). So it makes sense that it, and it alone, would accept the IPN callback (I wouldn't want conflicting IPN URLs in the various calls afterwards)
I would still specify an IPN URL in your account just to be safe, but yes, if you provide an IPN callback you will get notifications sent to that callback.
I'm trying to integrate PayPal Classic API NVP to our website but I'm having issues with the SetExpressCheckout API call.
I'm using the useraction=commit parameter for the payer to confirm the sale directly at PayPal.
My issue is after "Pay now" is clicked, PayPal redirects to the URL I send as RETURNURL but I don't see the transaction on the sandbox account or by using TransactionSearch.
These are the parameters I send for checkout:
METHOD=SetExpressCheckout
EMAIL=payerEmail
SOLUTIONTYPE=Sole
RETURNURL=myReturnUrl
CANCELURL=myCancelUrl
PAYMENTREQUEST_0_AMT=30.00
PAYMENTREQUEST_0_ITEMAMT=30.00
PAYMENTREQUEST_0_CURRENCYCODE=USD
PAYMENTREQUEST_0_CUSTOM=myCustomId
PAYMENTREQUEST_0_PAYMENTACTION=Sale
L_PAYMENTREQUEST_0_QTY0=1
L_PAYMENTREQUEST_0_AMT0=30.00
L_PAYMENTREQUEST_0_NAME0=myProduct
After payment, PayPal redirects to
myReturnUrl?token={Token}&PayerID={PayerId}
It's normal. The transaction is set, but you need to complete it using the DoExpressCheckoutPayment api operation.
More information and an example here: https://devtools-paypal.com/guide/expresscheckout/dotnet?success=true&token=EC-7BD474648D4932937&PayerID=WNW7LMW2UXQJG
I want to send money to affiliates on my site using PayPal's adaptive payments API.
According to this guide the API caller and sender are assumed to be different, so once a call is made to the adaptive payments API, the caller must redirect the seller to authorize the transaction.
In my case the caller and sender are the same; how do I just send money out of my paypal account to an email with an API call, either with adaptive payments or some other simpler way?
We call this scenario as "implicit payment" when the API Caller and Sender are the same. Just make sure you use the same account for API Credentials (sent as HTTP headers) and also set as receiver in the Pay API call. In such cases, since the sender and API Caller are the same, no further authorizations are required on paypal.com. So you will receive Payment status as "completed" as opposed to "Created".
I am using PayPal with NVP API (using PHP) for express checkout. I am creating an invoice record in the database before redirecting the user to Paypal. In case the user doesn't return to my site after processing, I am using IPN to confirm the purchase and then update the invoice record that the payment is confirmed. I am still in the sandbox mode and trying to figure out how I will tie the transaction started with NVP to the confirmation I get with IPN.
I need to verify if the "PAYMENTREQUEST_n_INVNUM" sent in the NVP will come back as "invoice" in the IPN post.
It appears I cannot actually test this until I am live since the Sandbox IPN does not seem to be active with NVP initiated sandbox transactions - is this correct?
Thanks for your help.
You can test this in Sandbox. But if you're using "PayPal NVP", I assume you're using PayPal Express Checkout and calling the SetExpressCheckout and DoExpressCheckoutPayment API's.
If that's the case, you don't really need IPN, because a transaction will only be completed as soon as you call DoExpressCheckoutPayment.
In other words, buyers will always be redirected to the RETURNURL you specified in SetExpressCheckout, and the transaction is completed (or not) when you call DoExpressCheckoutPayment on this return page.
To get the invoice number, you could call GetExpressCheckoutDetails and supply the TOKEN you retrieved earlier (it's also appended to the GET of the RETURNURL).
Finally, check PAYMENTSTATUS=Completed in the DoExpressCheckoutPayment API response to see whether the transaction has completed or not.
Thank you Robert for the clarity on the process - especially useraction=commit.
I finally realized that I could turn on IPN in the Sandbox for my test seller and test NVP with IPN together. I was able to verify that PAYMENTREQUEST_0_INVNUM matches the 'INVOICE' parameter in the IPN POST.
I will use the custom field to pass customer email from my system in case they use a different email to log into paypal with, therefore allowing me to have email/invoice number pair for confirmation.