Exactly as the title says... Can I rely on payer_email always being present in an IPN message when receiving money?
Yes you should be receiving it for incoming transactions . You can check for detailed information here https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/#id091EB070DUI .
Related
Sorry new to all this so hopefully not stupid questions
If you use the "subscr_payment" & "subscr_failed" IPN variables what values do you get sent?
If a user starts a transaction but then cancels does an IPN get sent?
Thanks
John
https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/
This tells you what data you receive with Instant Payment Notifications. Search for subscr_payment and subscr_failed to find what you get with them. There is also a description of what each data holds.
In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form
First of all sorry about my english,
I have a small problem with the IPN PayPal notification system. After a payment is done on my website, Paypal send to me a IPN message in order to confirm the transaction. In my website I need to do some stuff, including setting a variable which indicates the order can be send. But in the case two payments with the same amount are done at the same moment, how can I distinguish them? The user's mail is not enough because the mail I have can be diferent of the paypal user's mail...
Any Idea?
Ok, I think using the custom filed I can achieve that.
The transaction is identified by the txn_id field. In the case of a Reversal or Cancel_reversal, the original transaction it refers to is given by the parent_txn_id field.
I don't see what 'with the same amount' has to do with it.
At the end of the IPN docs it says the following:
Important: After you have authenticated an IPN message (that is, received a VERIFIED response from PayPal), you must perform these important checks before you can assume that the IPN is both legitimate and has not already been processed:
1.Check that the payment_status is Completed.
2.If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure the IPN message is not a duplicate.
3.Check that the receiver_email is an email address registered in your PayPal account.
4.Check that the price (carried in mc_gross) and the currency (carried in mc_currency) are correct for the item (carried in item_name or item_number).
What are you supposed to do if one of these checks fails? Are we supposed to call a PayPal API somehow to 'reject' the transaction'?
Most shops would mark an order / transaction that fails these checks as "Possible Fraud" or something along these lines.
The order status should raise awareness with the employee working the orders - a closer look should show which check has failed and further actions can be initiated.
This may range from refunding the transactions to contacting PayPal for possible fraud attempts. In any case, the order should be checked and not just treated as any other "Completed" order.
Sample scenario:
You're using unencrypted Website Payments Standard, HTML Forms to receive payments.
A fraudulent buyer finds out and starts modifying the price of an item through editing the submitted form
You receive the order as PAID and don't check the value of the order within your shop against the transaction
An employee doesn't spot this and an item worth 200$ is sent out for a payment of 0.01$
what if someone pays in Germany with ELV (charge) and the payment is pending.
Does PayPal send an IPN for pending or only for completed?
What types of IPN messages are there?
Hope you can help me!
Cheers
have a look at this link under 'Payment_status' (Ctrl-F to find it helps).
IPN integration guide/IPNvariables
To be honest not sure what a German ELV is but I believe an IPN is sent when the payment status is any of the listed payment_status (or atleast I have seen 'Pending', Completed, 'Refunded', 'Processed', 'Reversed' IPN's) so I can say you should get an IPN sent when it's 'Pending' as you ask about. You have turned on IPN sending to a handler file on your server, etc.? If so you should be able to store logfiles and read them and look for a line like:
payment_status : Completed
hope thats helped.
T