Handling PayPal IPNs received in unexpected time order - paypal

When a user placed an order, the IPN listener would receive a notification from PayPal with the payment_status='Completed'. Later, for some reasons, if we had to refund to the user, PayPal would send a notification to the listener with payment_status='Refunded' or payment_status='Reversed'.
Since the internet is not always reliable, is this possible for the IPN listener to receive these two IPNs in the wrong order? In other words, the IPN listener received the Refunded notification before the Completed notification.
If yes, what are the typical approaches to handle such case?

Related

PayPal IPN does not work for outgoing transactions (send money)

I have a business account (BA) with IPN configured. There are two cases:
Incoming transaction from anyone to BA, IPN works successfully
Outgoing transaction from BA to anyone, IPN does not work
I would like to configure IPN for the 2nd case, is it possible?
I need know in real time (on the fly) all transactions data sent to some endpoint to our server.
Instant Payment Notification (IPN) notifies of payments received.
The service does not notify of payments sent.

PayPal - Time needed from Direct Payment until receiving IPN message

I am applying PayPal Direct Payment on my website. My question is how much time is needed from when a Direct Payment is committed until I receive IPN message that the payment is Completed or for example Denied, Failed or something else?
Some important notes depending on how/why you are asking about "time":
IPN is an asynchronous message service, meaning that IPNs are not synchronized with actions on your website. Thus, listening for an IPN message does not increase the time required to complete a transaction on your website.
...
The IPN message service is not a real-time service. As a result, your listener may not receive an IPN message for many seconds after an event occurs. As a result, your checkout flow should not depend upon receiving an IPN message to complete. If it does, your checkout flow will be slow during periods of heavy system load and complicated, since it must handle retries.
REF: Introducing IPN
Hth...
That should be instantaneous and will certainly be no more than a couple of seconds. As soon as PayPal receives a Payment to your account it will send this Instant Payment Notification. I think the name says it all.
More information: https://developer.paypal.com/docs/classic/products/instant-payment-notification/

How to explicitly reject an IPN request

In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form

Paypal payment made but IPN not triggered due to down server on merchant website

Could anybody please tell me what happen if payment is made on PayPal but IPN is not triggered because server is down on merchant website.
How paypal will check and authorize the payment on merchant server?
IPN is an (optional) notification service, it isn't related to the transaction (aka "checkout flow", "payment flow") per se. It notifies the receiver (of the IPN message) of event(s) in transactions that occur at Paypal.
Instant Payment Notification
Instant Payment Notification (IPN) is a message service that automatically notifies merchants of events related to PayPal transactions. Merchants can use it to automate back-office and administrative functions, like automatically fulfilling orders and providing customers with order status.
...
Using IPN in your checkout flow
Although PayPal usually processes IPN messages immediately, IPN is not synchronized with actions on your website. Internet connectivity
is not always 100% reliable and IPN messages can be lost or delayed.
The IPN service automatically resends messages until the listener
acknowledges them. The service resends messages for up to 4 days.
Because IPN is not a real-time service, your checkout flow should not
wait for the IPN message before it is allowed to complete. If the
checkout flow is dependent on receiving an IPN message, processing can
be delayed by system load or other reasons. You should configure your
checkout flow to handle a possible delay.
Hth..

PayPal subscriptions and IPN

After a PayPal subscription is created for a user, does subscr_signup get sent before or after confirming the payment?
I am using django-paypal, which does not have built-in functionality to handle the subscr_payment IPN message.
This lead me to wonder whether or not I can use subscr_signup as an indicator that the subscription was successful.
Many thanks
Typically subscr_signup is sent after subscr_payment(3 sec apart), but the sequence is not guaranteed. PayPal recommendation is to rely on subscr_signup.
Read more here: http://www.mixedwaves.com/2010/11/paypal-subscriptions-ipn-demystified/