I read that I need to send a confirmation to paypal with the fields in the same order plus the cmd=_notify-validate field. I know that for certains event the fields will be different, but for example for a notification of paid using paypal buttons, will the params will always be in the same order?
Due some limitations I can't get the whole POST fields array (I can only get them by explicitely calling the key) so an option is to set each field in the confirmation request to paypal.
Whether it's always the same order is irrelevant. You're supposed to send them back in the same order they arrived in, whatever that was.
BUT I don't believe that observing the same order in the validation request is necessary, and in some languages, e.g. Java, it isn't even possible, as the order isn't preserved. I've been running IPN for several years without observing this constraint, and I've only ever had one validation failure, from Turkey, which remains unexplained but could have been say a character set issue.
Note that PayPal provide sample code for Java somewhere which therefore doesn't observe the constraint either. One assumes it was tested and passed a review ...
Related
Alright, I got my Paypal shopping cart set up and working, now I'd like to be able to add discount coupons.
I know I can simply implement the 'discount_amount_cart' variable in my form, but I'm still a little lost when it comes to handling the deactivation of a coupon code.
Let's say A activates the code. Now in my database it will be marked as 'reserved', meaning no one else can use it. Once A completes his transaction, the IPN will mark the code as 'used' and it becomes useless.
But what if A decides to activate the code, but never actually buys anything on my website?
I'm using the $_SESSION variable to save my shopping cart, so once the user returns to my website, the code might still be shown as activated for him. When exactly would I mark it back as 'not reserved & not used' in my database?
I could do this based on time, but this doesn't really feel safe either. Let's say the user puts everything into his basket, goes to Paypal, waits for an hour and then decides to finish his checkout. The discount would still be activated, but in the meantime, it could've already been 'unreserved' in the database and used by another person!?
How would I go about this?
Thanks in advance!
IMHO, this has little to do with PayPal and more about your business rules. If your coupon is single use (globally), then you will be faced with the same issue regardless of any payment flow.
Simply putting it in "cart" and/or any event where a user "activates" said coupon, then just navigating elsewhere in your site, doesn't do anything, [whatever], creates that lag
it could be Paypal, Amazon, your own gateway - it really doesn't matter...but there will be a lag between activation and payment (beyond your control)
I think it's just best to be explicit with your customers and handle it appropriately technically (based on what that explicit messaging is).
You'll see some implementation of "timed purchase" at ticketing sites (e.g. buying a ticket to a game, movie, etc.) - they will have a "timer" for the user to do something (otherwise, the "reservation" is lost).
Hth...
Put an expiry date on coupon use - such as must be used within 10 days of activation. It gives the user urgency to use the coupon and gives you a timeframe to invalidate it.
As all we know there is a custom param that allow us to retrieve custom data when an ipn notification come from paypal.
But also, I am using a couple of params in the notify_url, and those params sometimes get lost, and when paypal send to me the ipn notification, it comes without one of those params. The strange thing is that one of the param come correctly.
So, first question is: Can I use custom params in the notify_url like:
notify_url = "www.mydomain.com/paypal/ipn/?param1=one¶m2=two"
I suppose that I can do it, because it fails 1 in 20 times on my application, so I do not know if it is because it is not supported by some browsers or something like that, or maybe it is a bad habit I should quit.
And sometimes paypal send the ipn notification to:
notify_url = "www.mydomain.com/paypal/ipn/?param1=one"
Without the second param...
And if I can do it, do you have any clue about what it is happening here...
Thanks!
I always avoid sending data to IPN as URL parameters. There are various reasons it may not come through, which means there's no guarantee it'll work correctly every single time.
Instead, use the CUSTOM parameter like you said. If you need to pass more than a single value you can send it as an NVP string just like you would on your URL. Then just parse those values back out of the CUSTOM value within your IPN script.
Alternatively, you could save all of the data you're going to need in your database and then send the record ID in the CUSTOM parameter over to PayPal. Or you could use the INVNUM parameter if that makes sense for you.
Then in your IPN script you pull that data back out of the database based on that record ID. This way you're always sure you'll have it available and won't have to worry about losing URL params along the way.
I'm using the callback API to prevent someone selecting a non-UK shipping address. I've supplied a callback url, I've set CALLBACKVERSION to 61.0.
When I go into the sandbox and choose an address I know the callback page is being called as I've added code to email me the values submitted to it and the value returned to PayPal. For anything with a SHIPTOCOUNTRY that isn't GB the response is
METHOD=CallbackResponse&NO_SHIPPING_OPTION_DETAILS=1
I've also tried setting a fuller response in case it doesn't like some required field to be missing
METHOD=CallbackResponse&CURRENCYCODE=GBP&L_SHIPPINGOPTIONNAME0=Standard&L_SHIPPINGALABEL0=Standard&L_SHIPPINGAMOUNT0=2.95&L_SHIPPINGOPTIONISDEFAULT0=true&L_SHIPPINGOPTIONNAME1=Express&L_SHIPPINGALABEL1=Express&L_SHIPPINGAMOUNT1=5.95&L_SHIPPINGOPTIONISDEFAULT1=false&NO_SHIPPING_OPTION_DETAILS=1
But it's still allowing non-UK addresses and just using the shipping options set during the initial set up request.
Any suggestions on where I'm going wrong?
After opening a ticket as suggested by PayPal_Patrick the problem was that I was adding the callbackversion in the wrong place. The full response to reject a shipping address on callback is:
METHOD=CallbackResponse&NO_SHIPPING_OPTION_DETAILS=1&CALLBACKVERSION=61
There are different transaction ID's for Buyer and Seller accounts.
I think this might be an issue caused by the country associated with the buyer account being used. I'm going to reach out to the product team for Express Checkout and see if it is intended functionality or not - I don't believe it would be.
If you want to stay updated on the issue I would recommend creating a ticket to PayPal.com/mts, give me the ticket number, I'll grab it and keep you involved.
My notification script is launched twice first is VERIFIED and second INVALID.
I've tried different ipn validation scripts and always get it twice.
I'm using sandbox maybe seller account settings are not right? I've set IPN on with notify url and auto return. Also in form there is return and notify_url set
I remember in the documentation it states that duplicates are possible -- that's just the nature of the internet. That's why it gives you a unique transaction ID. You're supposed to use that to prevent bad things from happening if you get notified twice.
A better question might be: why does it say Verified and then Invalid? Or is that ok?
EDIT
The docs say "PayPal sends a single word back, which is either VERIFIED if the message originated with PayPal or INVALID if there is any discrepancy with what was originally sent". I'm going to guess that YOUR code accidentally sends the "echo" back to PayPak twice and one of them is malformed. Maybe they're both identical but PayPal responds with INVALID if it gets it twice. But no matter, for a particular transaction Id, once you get VERIFIED, you're good. Simply ignore all subsequent responses.
EDIT 2
The return url is simply used by PayPal to redirect the user back to your site. Use this page to thank them for their purchase and inform them they will be notified once processing is complete. You can even set this to an empty string if you don't want this feature. When Payment is actually complete (or some problem was identified), PayPal will invoke the script referenced by the notify url. This is where you make sure everything looks right, handle duplicate notifications, update your database, send an email to the user saying their payment was processed, etc.
before inserting or updating your mysql query Check if the returned Transaction id '$_POST['txn_id']' already exists in your db table, if it doesnt exists so insert it with other $_POST data, because paypal calls the notify url many times.
From PayPal's documentation:
"PayPal returns related variables for each kind of IPN message. Not all variables are returned for each type of transaction."
I was initially planning to create a table in the database with the message fields but now after I read this it doesn't seem like a good a idea anymore (esp. that I see a lot of fields in their IPN documentation).
I have a few ideas (e.g. using tabs and new lines character separate fields and values. Or, saving the the whole thing in XML in the database) but just wondering how you handle logging IPN messages?
What I do is save it to a database table with columns for information that is important to me along with a "raw" column. I take the form parameters collection and serialize it like a query string and push it in. That way all of the original information is available if I should need it but my database schema remains simple and reflects the information that is important to me.
I'd agree with the previous comment. IPN messages can be quite variable, and can be about 40-50 fields per submission. Just pull the few fields you need for your application (amount, customer info, etc) and drop the rest into an XML or TEXT field just in case you need it later.
I faced the same challenges when I integrate PayPal adaptive Payment. The fastest way I did is to store the IPN details (when PayPal calls the IPN handler that I did) to static variable so that the values can be shown regardless of browsers I used.