My issue is that PayPal is performing security checks on their end, but marking the order as pending. This means that I am getting an OK status from the notification response on SagePay, but am unable to hold the order from being sent to the warehouse which the client has requested.
The documentation I have taken a look at is https://www.sagepay.co.uk/file/25046/download-document/SERVER_Integration_and_Protocol_Guidelines_270815.pdf and I have attempted to speak with SagePay directly.
Please, could someone let me know whether they have ever integrated the PayPal IPN with the SagePay server integration before?
Thank you
Sage Pay doesn't support Paypal IPN. Sage Pay's Payment integration is a one shot thing - once the transaction is done, it's done - it exists in either an authorised or declined state, and is immune to any further changes.
Your best bet might be to implement IPN outside of Sage Pay. You could hold all Paypal orders by default, and then wait for notifications from PayPal to indicate they are cleared to ship.
Related
My question is very simple and no related to any kind of troubleshooting its just to get the information about the IPN
Lets say:
I have a system Paypal integrated activated IPN and working fine
someone tried to Price Jack a product and changed the price from 200$ to 2$
My IPN detected that and informed me about that issue (through mail as i set in my IPN).
My question is will paypal still process that payment and accept that 2$ and redirect user to my success page? or it will stop the processing the payment?
Ofcourse I have the proper handling of that and will not update the database
but question is will those 2 dollar will get processed in my paypal?
if yes is there any way to stop paypal from processing?
Note that there're multiple ways to protect your payment button code (price and other details) and also a very rare chance that an HTTPS payment request got "price-jacked" by a man-in-the-middle attack or malicious fraud activity, but still a valid question to be clarified.
In this case, the $2 will be processed just as a normal transaction to PayPal, and the asynchronous IPN will only be triggered by the event of payment completion. That's when your website backend will reconciliate and detect the "price-jack" by IPN callbacks, after the payment processing but not before.
Eventually, the transaction (of $2) that has taken place would be in sccope of fraud activity & dispute issue, and to be reported and handled by PayPal customer service
Hi I'm setting up paypal pro for a client. I need reference transactions to work as we would have to bill the customer each month and sometimes the amount may vary.
Credit card payment
The code flow has been tested with paypal sandbox and it completely works. But with the real account we get the following error.
"This transaction cannot be processed. Please contact PayPal Customer Service."
Paypal Account Payment/Express Checkout
It did not work with paypal sandbox too owing to reference transactions not being enabled. i'm facing a similar situation with the paypal pro account too. I get the error
"Merchant not enabled for reference transactions"
We sent a request to paypal asking them to enable reference transactions. They replied back assuring they did but I still get the same error. I even tried removing the current api signature and recreating a new one. But I still get the same error.
Has anyone faced a similar situation ?
Is there any sure way of verifying if reference transactions is enabled?
If it is not, is there a way to enable it other than going through paypal's customer service (it's appalling) ?
Yes it's easy.
Just try to make a payment with a billing agreement.
Just above the confirmation message on the PayPal website it will show:
Use PayPal for future payments to XXX Inc. Payments will be made with
your default payment method unless you select a preferred payment
method. To make changes, go to My money in your Profile, and update
the My preapproved payments section.
If you don't see that message they're not enabled (or your request is wrong). But of course you can check in the sandbox to make sure the request is correct.
I have downloaded sample code from paypal to allow me to use parallel payments via their sandbox accounts. When I run parallel.php, I get redirected to paypal's sandbox login page.
How am I supposed to know "server side" that the payment has been made successfully, so I can update my database records?
I believe you have to work with PayPals IPN system. This will basically send a confirmation to your server that tells you it has gone through.
https://www.paypal.com/ipn
Paypal lets you register a notification url which is part of the IPN (instant payment notification IIRC) system. So if someone pays by a delayed payment (such as a bank transfer) the transaction will update days later. You need to have an application (web page) on your server that can be called by Paypal with transaction details to update a payment.
You'll need to create an initial transaction record in your system when paypal redirects back to you so refer to their documentation for that. I'd also recommend looking at either OSCommerce or Zen cart for an idea of how they do it as they support the same kind of thing.
PayPal states:
Note: If you have turned on Auto
Return and have chosen to turn on
PayPal Account Optional for new users,
a new user will not be automatically
directed back to your website, but
will be given the option to return.
But if some of the customers don't get "Auto Returned", how do I handle them programmatically?
Paypal does not guarantee autoreturn especially when Paypal Account - optional setting is on.
The right way to handle the integration is with Instant Payment Notification (IPN) option. Using IPN Paypal will make POSTS to your page notifying you of payment events. The following link explains the IPN process pretty well.
To summarize, you will write code that will trap posts from Paypal and then make sure to update your billing data accordingly.
Also, IPN messages might be slightly delayed.
Create a script (cron or what) that does check for such payments at paypal perodically (e.g. every hour).
Is this what you mean?
https://www.paypal.com/cgi-bin/webscr?cmd=p/mer/express_return_summary-outside
If not, you may need to be a little more specific with your question. Like - are you using paypal pro? How are your customers checking out? etc. And now that I read the answer below mine, I wonder if you are even talking about the payment process and not something else.
Can we assume that the payment is completed for a transaction when the customer is auto returned to our site?
Paypal advices us to use their IPN system for other types of payment, like an e-check, but also tells us to tell the customer something along the lines of "Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at www.paypal.com/ca to view details of this transaction."
What are the downfalls of not using IPN, and just assuming the payment is completed when paypal auto-returns users to our site?
Thanks!
Relying solely on the return url is a pretty bad idea. It would be easy for a bad guy to skip payment and just visit your return url to complete the order.
There is a pretty comprehensive article about this here
No.
However, using the Auto Return option in your Paypal account in conjunction with Payment Data Transfer (Profile/My Selling Tools/Website preferences/Website Payment Preferences) will give you payment confirmation data in the URL you use for Auto Return, for example:
www.yourReturnURL.com?tx=9XV61416UY0043254&st=Completed&amt=9%2e00&cc=USD&cm= 9601&item_number=2
You need to verify this data (anyone could send a fake request) by sending the payment reference ("tx" parameter above) back to Paypal and waiting for a VERIFIED response.
This last step is identical as the one you take for the IPN (Instant Payment Notification) implementation.
With PDT you get the notification instantly. PDT has a a major weakness: it sends order confirmations once and only once. As a result, when PDT sends a confirmation, your site must be running; otherwise, it will never receive the message.
With IPN, in contrast, delivery of order confirmations is virtually guaranteed since IPN resends a confirmation until your site acknowledges receipt. For this reason, PayPal recommends that you implement IPN rather than PDT.
Note: If your site must be notified of payments immediately, you can implement both IPN and PDT.
More info here: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNPDTAnAlternativetoIPN/