Some time ago I developed a custom shopping cart for a simple website which sell mainly digital goods. I integrated ExpressCheckout on it, and after the DoExpressCheckout operation, if the response contains ACK equal to Success or SuccessWithWarning (just as the sample code at that time says) then I immediately set access to the content for the user.
I see this is a great mistake, since yesterday a transaction did not appear at the owner's account, but appears in the site since user had access. After contacting PayPal we checked this particular transaction was denied. To late, since access was already granted to the user.
So what should I do? Is it because of the SucessWithWarning not reviewed, or never I should grant access to a user just by finishing DoExpressCheckout? Shall I use IPN to receive information about the transaction to only after grant the user access to the content?
Yes, you'll want to use IPN for post-transaction processing, and you'll only want to grant access once the payment status is completed.
In the case of an e-check you'll get an IPN with a status of pending, and then you'll get another IPN with updated status once that e-check clears (or fails).
Of course, this happens in real-time so you can automate the process accordingly based on the data sent.
Related
With PayPal billing, with Auto Return and PDT enabled, when a user is returned to one's Return URL after a successful charge event, several parameters are appended by PayPal to the URL (e.g. "tx" for transaction id), which can then be used to identify the user.
However, if the user has just joined subscription with a free trial, no such information is appended and so the user is not identifiable at that point in time.
Since IPN is asynchronous, the IPN notification may arrive too late so one cannot rely on this.
Is there any way of identifying a user via the Return URL after they have entered a subscription with a free trial?
Similar Que: Implementation of free trial period with PayPal doesn't return any custom parameter
"If you are using PDT, then nothing will be sent back as no payment is taking place. Information will only be sent back if you are making a payment. I would recommend using IPN. Both the rm variable and PDT are dependent on the buyer returning back to your site. If the buyer does not return, such as their browser window unexpectedly crashes and closes, or they simply shut it no information will be sent back and it will be lost. This is why the rm variable and PDT are used more for creating dynamic receipts. IPN is more used for updating your system as it does not rely on the buyer returning back to your site. "
"Also with IPN you can resend the data to your system if you need to, and you can also view your IPN history from within your account. IPN usually takes place right after the payment is completed."
I have created and submitted a Paypal application ( using the classic API). The application is in a conditionally approved state. Paypal reached out and asked additional questions which I responded back with details. The application does not use the Paypal API to make payments. It only reads transactions related data and shows useful reports and insights for users. The API permissions requested are
1.Obtain transaction specific information.
2.Obtain your paypal account balance
3.Search your transaction specific information.
4.Search your transactions for items that match specific criteria and display the results
I was able to get a live app id and also have the API username, password and API signature. However since our app uses Paypal oauth, the permissions part doesn't work . My guess is this is because the app is conditionally approved. Is this the right assumption? Also what is the typical timeline for an app to get approved? My Paypal account from which I created and submitted the app is a verified account. I have sent messages from within my developer portal to support but I haven't heard anything back.
So far we have been working with a sandbox account. The live application I created is in a different account than the sandbox account. I am not sure if this is an issue.Would be great if someone who has been through the process can confirm.
Unfortunately there is not really a "typical" time frame for app approvals as too many factors go into the approval process. The best thing would be to call in to PayPal to inquire on the status.
Is there a way or an extension out there that allows a Magento order to get a different status automatically once a payment has been captured?
The reason why we're looking for this is because we connect to ShipStation (www.shipstation.com) for shipping and eCC Webgility (www.webgility.com) to post orders to our accounting software. We need a more automated way for those orders that get pulled in for us to know whether the order has had funds captured or not. The only way for us to do this now is manually change the order status since Magento's default method keeps the order in "processing" regardless of it being invoiced or not.
You'll be able to do all of that with an Instant Payment Notification (IPN) solution.
For any transaction that ever hits your PayPal account, whether it's a payment, a refund, a cleared or failed pending payment, disputes, etc. their server will POST the transaction data to a listener script on your server.
Within this script you can use that data to update your database, generate custom email notifications, hit 3rd party web service API's, etc. all automatically, in real-time.
I've setup a PayPal site which uses IPN and I was having trouble getting PayPal to send the GET variables to the return URL that I had specified. It was sending the user's browser to the return URL, but nothing was being passed via GET or POST.
I changed one setting in the PayPal business account: "Payment Data Transfer (optional)" to On which generated an "Identity Token" on the PayPal website.
I also got an automated email from PayPal saying:
---------- Forwarded message ----------
From: service#paypal.com <service#paypal.com>
Subject: Payment Data Transfer (PDT) Has Been Enabled
This email is to inform you that you have successfully enabled Payment Data Transfer.
PDT's primary function is to display payment transaction details to buyers when they are redirected back to your site upon payment completion. However, there are cases, such as with pending transactions, where you won't receive notification of all transactions. For this reason, PayPal strongly recommends that you also enable Instant Payment Notification (IPN).
To learn more about enabling and setting up IPN:
https://www.paypal.com/us/cgi-bin/?cmd=p/xcl/rec/ipn-intro-outside
To learn more about Payment Data Transfer, including setup instructions and a complete list of variables:
https://www.paypal.com/us/cgi-bin/?cmd=p/xcl/rec/pdt-intro-outside
Sincerely,
PayPal
Clicking on the second link and clicking on "Technical Overview" (https://www.paypal.com/us/cgi-bin/webscr?cmd=p/xcl/rec/pdt-techview-outside) shows:
Your POST should be sent to
https://www.paypal.com/cgi-bin/webscr.
You must post the transaction token
using the variable "tx" and the value
of the transaction token previously
received (e.g.
"tx=transaction_token"), and the
special identity token using the
variable at and the value of your PDT
identity token (e.g.
"at=identity_token"). You will also
need to append a variable named "cmd"
with the value "_notify-synch", for
example "cmd=_notify-synch", to the
POST string.
However, I am NOT passing the Identity Token at all, yet everything is working fine!
(a) Is this a problem?
(b) Why is it working if the documentation implies that it shouldn't?
(c) Is this a consequence of specifying an outdated API version (58.0)? What is the value I should be using?
In my opinion the identity token should be a required param since it is the only way Paypal can verify that the request you're making is valid. Otherwise, other people can simply guess a transaction id (even though it is not intended for their accounts) and get details for that transaction from Paypal.
I'm guessing this is a bug you're experiencing. Are you testing in the Paypal sandbox or in a live environment?
Realizing that the OP probably no longer needs an answer after 9 years, but others still might:
The POST of the transaction ID and identity token is purely for the purpose of verifying that the original transaction notification (relayed via the GET method to the merchant's Return URL) actually came from PayPal.
It is as if to say to PayPal, "My website just got this supposed confirmation that a customer paid. Here is the transaction ID and my seller ID again. Is this a legitimate match?"
In fact, at https://developer.paypal.com/docs/api-basics/notifications/payment-data-transfer/, when talking about setting up for testing, it only talks about getting your script ready to receive, parse and display the GET data. It doesn't mention the POSTing back to PayPal (though that is mentioned elsewhere). So, yes, the PDT function should work without doing the POST back to PayPal afterward and waiting for that response of SUCCESS or FAIL, but...
Anyone who knew what they were doing could go to a seller's URL and append a query string with the right combination of variables to fake the same kind of GET request that the PayPal PDT system would initially send, whether or not the transaction ID were a real one.
For my membership site, I've got the IPN handler done. My question is one of site "flow".
Here's how it goes:
User -> Landing -> SignUp -> Verify -> PayPal -> ThankYou
So here's the problem (which could just all be in my head). Let's say you've signed up and verified your account. Then you click the "Subscribe!" link and are sent to paypal - where you complete payment and get sent to the "Thank You" page.
What if the IPN doesn't arrive back to my site quickly? The subscribe link will still be there, and users may click it again thinking they've not subscribed (even though they have, it's just taking time).
If I combat this by updating their profile to say... "Activating..." when they click the "Subscribe" link, and they don't complete the PayPal process... it could be forever saying "Activating...".
Just curious, as this is my first time integrating PayPal:
How do you handle the state between the time the user clicks the subscribe link and it takes for the IPN process to complete?
Have you ever had any issues with IPN's not arriving quickly?
Your question suggests that the connection to the remote server is asynchronous (ajax)?
It's probably easier to write it in a synchronous manner, so the IPN is guaranteed to return. If it doesn't, it means that:
a) The user closed the browser after being redirected to the remote server;
b) The remote server did not respond.
Good payment gateways will redirect the user back to your site if they click maybe the "Cancel" button, but a return is never guaranteed, so you need to handle it correctly.
I would have a separate table to log the transactions for a given user; that is:
one user, many transactions
Some payment gateways allow you to define as callback to your server when a transaction is completed. That is, the connection is initiated by the gateway -- it does not run the browser, as the user can close the tab/window -- where it does a post to your callback URL, and then you update the status of the transaction.
I'm not sure if PayPal does allow for such things, but so far, I've never had issues with PayPal because I've always written it in a synchronous manner.
Of course, if asynchronous is required, then your ajax function has to have a timeout/error handler -- I recommend jQuery, of course.
I've never had any issue with IPN not arriving quickly, but then again I have never really had a huge website with a lot of users. I also didn't make any significant changes to a user account until I received the IPN.
I made a paid registration for one of my websites using the paypal API. A user would fill out their username, password, etc. and I would pass the variables to the paypal API. The data wouldn't be acted on until I did receive the IPN.
You could always associate a timestamp with a pending payment if you feel the status "Activating..." is important within a user profile. A pending payment could timeout after 10 minutes.