We are building a new website for a take-away service and are integrating with PayPal Express (Using the NVP API). As orders are dispatched the same evening eCheck payments have been disabled.
The process we're going to follow is as below:
User places order with PayPal and when using DoExpressCheckoutPayment the action used is Authorization
The takeaway confirms the order and a DoCapture request is made setting the complete type to COMPLETE
It is my understanding that at this point, so long as the response status indicates it has COMPLETED that the funds are guaranteed. In fact, apart from very rare scenarios, it should usually be guaranteed at the point of Authorization.
Therefore I do not see the requirement for the IPN? There are no further notifications to be received with a given transaction. I could see the benefit it we were taking eChecks but when that's disabled does it offer anything?
IPN is an optional "messaging service". Your checkout/purchase flow doesn't have any "dependency" (shouldn't as PayPal puts it).
IPN is an asynchronous message service, meaning that IPNs are not synchronized with actions on your website...
...
The IPN message service is not a real-time service. As a result, your listener may not receive an IPN message for many seconds after an event occurs. As a result, your checkout flow should not depend upon receiving an IPN message to complete. If it does, your checkout flow will be slow during periods of heavy system load and complicated, since it must handle retries.
It's been some time for me, but you are correct about IPN being very helpful if/when you support eCheck - re: notified when Paypal has cleared the check/funds (if memory serves, 1 - 3 business/banking days).
Hth...
Related
We have a production game that uses PayPal as one of the methods of payment. In some cases, we're never receiving webhook notifications.
Here's the sequence that's occurring. Sometimes we get the webhook from this sequence, and other times we don't. On the server, we're using the Java API. All of this is the behavior with the production (NOT SANDBOX) PayPal servers.
After the user selects a product, it calls our server, which creates the Payment object via Payment.create(). At that point the state is 'created' and we redirect the user to the approval_url returned in the links.
The user approves the payment and is sent back to our server. We fetch the payment via Payment.get(), which is successful and has a state of 'created'.
We execute the payment using a PaymentExecution. This returns the payment with an updated state of "approved".
We then wait for a WebHook to inform us that the payment was completed. On occasion, this webhook is never sent, leaving the purchase incomplete. Checking the PayPal console, no webhook event exists for the payment, even though the payment is showing up as completed.
The questions here are:
Is this the correct sequence? Or is something missing?
Shouldn't the payment be "approved" when the user is returned from PayPal rather than still "created"?
Shouldn't the payment be either "completed" or "in_progress" after a successful execute?
What is the correct way to handle the case where the webhook never arrives? Keep polling the payment until the state updates?
I do not see any problem with your sequence. You can also refer to the steps here as an example - https://developer.paypal.com/docs/integration/web/accept-paypal-payment/
Regarding Webhooks, you mentioned sometimes you get Webhooks and only some times you do not. Can you please provide a correlation or debug id for the calls where you don't see any Webhook? We will trouble shoot and get back?
My question is very simple and no related to any kind of troubleshooting its just to get the information about the IPN
Lets say:
I have a system Paypal integrated activated IPN and working fine
someone tried to Price Jack a product and changed the price from 200$ to 2$
My IPN detected that and informed me about that issue (through mail as i set in my IPN).
My question is will paypal still process that payment and accept that 2$ and redirect user to my success page? or it will stop the processing the payment?
Ofcourse I have the proper handling of that and will not update the database
but question is will those 2 dollar will get processed in my paypal?
if yes is there any way to stop paypal from processing?
Note that there're multiple ways to protect your payment button code (price and other details) and also a very rare chance that an HTTPS payment request got "price-jacked" by a man-in-the-middle attack or malicious fraud activity, but still a valid question to be clarified.
In this case, the $2 will be processed just as a normal transaction to PayPal, and the asynchronous IPN will only be triggered by the event of payment completion. That's when your website backend will reconciliate and detect the "price-jack" by IPN callbacks, after the payment processing but not before.
Eventually, the transaction (of $2) that has taken place would be in sccope of fraud activity & dispute issue, and to be reported and handled by PayPal customer service
I am applying PayPal Direct Payment on my website. My question is how much time is needed from when a Direct Payment is committed until I receive IPN message that the payment is Completed or for example Denied, Failed or something else?
Some important notes depending on how/why you are asking about "time":
IPN is an asynchronous message service, meaning that IPNs are not synchronized with actions on your website. Thus, listening for an IPN message does not increase the time required to complete a transaction on your website.
...
The IPN message service is not a real-time service. As a result, your listener may not receive an IPN message for many seconds after an event occurs. As a result, your checkout flow should not depend upon receiving an IPN message to complete. If it does, your checkout flow will be slow during periods of heavy system load and complicated, since it must handle retries.
REF: Introducing IPN
Hth...
That should be instantaneous and will certainly be no more than a couple of seconds. As soon as PayPal receives a Payment to your account it will send this Instant Payment Notification. I think the name says it all.
More information: https://developer.paypal.com/docs/classic/products/instant-payment-notification/
I have a SAAS web application that works through a subscription fee. If the subscription is valid everything works fine, otherwise the app goes in read-only mode until the customer renew the subscription. I've developed the payment flow with the PayPal API.
The problem is that PayPal Documentation says this:
"Although PayPal usually processes IPN messages immediately, IPN is not synchronized with actions on your website. Internet connectivity is not always 100% reliable and IPN messages can be lost or delayed. The IPN service automatically resends messages until the listener acknowledges them. The service resends messages for up to 4 days.
Because IPN is not a real-time service, your checkout flow should not wait for the IPN message before it is allowed to complete. If the checkout flow is dependent on receiving an IPN message, processing can be delayed by system load or other reasons. You should configure your checkout flow to handle a possible delay."
Unfortunately this is exactly my case: when customers renew the subscription I need to immediately activate the app so I placed all the logic right in the "notify callback" where I have to create the order, send a confirmation email, update some session variables... but I if there's a delay from PayPal IPN this is a problem!
In these days I did some test in Sandbox mode and in several cases I got an answer from IPN even 4 hours after the successful payment! This is unacceptable for my app!
Finally the question: what's the best solution for my case? It makes sense to move the application activation from "notify callback" to "success callback"? There may be problems?
Thanks
Don't use IPN for this; it's a poor fit & not designed to be inserted into synchronous user experience flows. It works fine as a way to initiate offline fulfillment, but can delay your customers if they are actively waiting for access.
You don't specify which PayPal product you are using, but each product should provide a way to immediately give you feedback that the payment has been completed. For example with Express Checkout or any API-based payment you can take action (activate/re-activate a subscription) when you receive the successful API response (the DoEC API in the case of Express Checkout).
With web-only/non-API products you can take action when the customer redirects to your return_url, using PDT to securely get information about the transaction if you need that (it can include an IPN-style key that you post back to PayPal to verify, exactly as you do with an IPN).
If you are concerned about the edge cases of someone closing their browser before it can redirect to you, or some other sort of dropped connection or programming error, you can also check & activate/fulfill upon receipt of an IPN to catch any fallout. So all customers that complete a normal payment flow are activated immediately; if they do something wonky (or your code breaks, or whatever) then the activation still happens, albeit potentially delayed by a few seconds or minutes.
Good morning, I'm working with DoExpressCheckout's Payment Status response for an InstantPaymentOnly Sale.
https://developer.paypal.com/docs/classic/api/merchant/DoExpressCheckoutPayment_API_Operation_NVP/
By PAYMENTINFO_n_PAYMENTSTATUS all possible responses are shown, Completed-Funds-Held is the latest addition.
I'm providing a service that expires and must be used by a certain time. If the payments final status is not known by the time the service must start, its looks like we're going to have to collect payment (again) in person and refund the online payment. Needless to say, that doesn't sound good.
Q. Could Completed-Funds-Held result in funds never being deposited to the main balance?
The documentation for that particular status lists two possible response codes that go along with Completed-Funds-Held: newsellerpaymenthold (not applicable in my case) and paymenthold which vaguely states "A hold is placed on the merchant's transaction for a reason not listed."
Basically is Completed-Funds-Held a "successful" transaction where the purchaser can receive his product without risk of the seller never receiving payment?
EDIT: Is Completed-Funds-Held a final status if the payment is successful? Or will a Completed IPN request come if and when the hold is settled?
Those payments will eventually become available. What you should do is setup an IPN solution so that you can automatically update your system when a payment hold is released. The same would be true for things like e-checks where the payment status is simply pending and then clears a few days later.