I have a Business Site and am using Sandbox to try to get PDT to work.
I set up return URL in selling preferences and turned PDT ON - but my Sandbox buyers do not get returned to the site.
There are warnings that if you do not format the return url properly then it will not work, but I cannot find any instruction as to what that format is. I am not sure if I specify the page I want to return to or just the root address which PayPal will something to.
I want to use it with an https, but I have also tried and failed with a different http site that I have.
Can you suggest what I might have forgotten to do?
It would be great if you could help me get started on this fairly fundamental point!
We have multiple sites that uses PayPal standard with PDT and IPN callbacks, when I switch this to sandbox mode things don't work but works outside of the sandbox. Try connecting to the live urls and see if that works, you can always refund payments if they go through.
In the posting url you can specify &return=XXX where XXX is the url encoded url back to your site
[This will override the setting within PayPal which is handy if you have multiple sites using the same PayPal account]
You can also specify the IPN (which should also be implemented) using ¬ify_url=
I got an auto-return to work in the sandbox!
Not quite sure what I did BUT it might have been that I set up PDT and IPN in the sandbox site, instead of just in the live site.
thanks for replies. I am not out of the woods yet, but I now live in hope.
Related
I tried finding an answer here but can not.
I've been using this code to process PayPal IPN for over a decade! Now, as of July 2018 it no longer works!
https://github.com/paypal/ipn-code-samples/blob/master/asp/paypal_ipn.asp
The only thing I know that is different recently is that PayPal required my domain to use TLS 1.2. I asked my hosting company to make sure that it now uses that, and they made some change to make sure. Ever since then, the listener I have set up does not process the IPN correctly. The code always falls into this IF:
if (objHttp.status <> 200 ) then
And never falls into this ELSEIF the way it used to when it was working fine:
elseif (objHttp.responseText = "VERIFIED") then
I'm not even sure how to troubleshoot this at this point. Is it something about the TLS 1.2? How can I make sure my hosting company set that up correctly?
Does my listener have to be located at an HTTPS url on my site? (Right now it is on HTTP).
Thanks.
In February, I got an email notice from Paypal that IPN would no longer validate successfully via an HTTP callback, and would further require HTTPS/SSL to validate. Update your script to connect this way, and it will probably fix it.
This PHP example should give a reasonable example.
Line 142:
" $fp = fsockopen("ssl://www.paypal.com",443,$err_num,$err_str,30);"
I had similar issues previously when connecting to Paypal on port 80.
I'm using ASP.Net Membership Provider for logging into the premium content of this web site. The content isn't downloads, it's web pages of information and discounts, etc. That part is done. We want them to also have a PayPal Subscription annual payment to see the premium content. I would like ASP Membership and PayPal Subscription to work together as much as possible, but for the minimum I am thinking they will have to create a MemberId before they pay. Then I will send that MemberId to PayPal to associate the two.
I think I can do that like this:
Set "Auto Return" on in the interface so that it will redirect to return URL when payment is made.
Set "return URL" query string to MemberId. This requires not using the precompiled "Saved" buttons. I'll have to set it in Code Behind with Name Value Pairs, "NVP" to PayPal. I was hoping to just paste the stupid button.
But then, there were those "Advanced Variables" in the Button maker. Problem was they are compiled into the Saved button, so I can't change them for each person. But maybe that one parameter could be separate from the compiled parameters? Is this better than hacking the return URL? Are "Advanced Variables" good for anything?
All the details about the transaction will be POSTed to the return URL if I put in the right code, which might be rm=2. (Right?) Then I can record it.
This process is said to be unreliable, though, and PayPal recommends using a secondary system that they have, "IPN". PayPal sends the transaction details to me. I send them back http 200 code. Then I send it back to them in the same order I got it. Then they send me http 200. Then we all know it's good. This sounds like a few hours research to me, but if you've already done it once, it sounds like copy and paste. I hate reinventing the wheel. Is there a .Net sample of this IPN handshake/dance?
Also, if I do the IPN thing, maybe I don't need Auto Return. Maybe I add MemberId to "notify" URL instead of "return" URL. Then PayPal can handle the confirmation page, email, etc. Is that better?
Assuming we get the Subscription paid for and recorded with the MemberId, at least once per user session, after they log in, I have to check if they have paid their PayPal subscription and if it's up to date. "GetRecurringPaymentsProfileDetails" does this, but it is an API operation. That makes sense, but I was hoping to avoid learning their REST API. (Is there a "NVP" version?)
REST API OAUTH tokens expire every few minutes, but the only way it tells to get one is by using "Bash" to "cURL" some Linux commands. Again, this seems like the kind of thing that would only ever have to be written once. Does this already exist as a sample code somewhere?
(I don't want to use the API to do the Subscribe, because I don't want the Credit Card numbers to ever go to our site. Too much liability. That's why I wanted PayPal.)
Will this even work? I know PayPal has 18 ways to do everything and they all exclude each other, and I'm just getting the feeling that I'm creating a patchwork of unrelated ideas to fool myself into believing there's a light at the end of the tunnel. I've already been researching and experimenting for 10 hours or so. I really thought, going in, I'd just be pasting a stupid button.
If you want to just "copy the stupid button" then you'll have to stick to Payments Standard, and then you'll be limited with what you can do. For example, you won't be able to use GetRecurringPaymentsProfileDetails for a standard subscription.
Instead, you'll need to use Express Checkout and / or Payments Pro. There is indeed an NVP API available for these, and there is also a SOAP/XML version. Details on those can be found here: https://developer.paypal.com/docs/classic/api/
Specifically, for Express Checkout, you'll want SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckoutPayment, and CreateRecurringPaymentsProfile. Some of those calls are optional depending on how exactly you're configuring things with the checkout flow.
For Payments Pro you'll use either DoDirectPayment / CreateRecurringPaymentsProfile or PayFlow depending on what version they put you on.
In any case, IPN is definitely the way to go for post-transaction processing.
.NET IPN Sample - https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.asp
I don't know if this matters, but I'm in Sandbox mode, and the Return URL, I have set to:
http://mydomain.com/index.php?page=testing;sa=thankyou
But when I make a purchase, it sends me to:
http://mydomain.com/index.php?page=testing%3bsa%3dthankyou&tx=7T076948J4774772C&st=Completed&amt=100%2e00&cc=USD&cm=&item_number=
How do I make it go to http://mydomain.com/index.php?page=testing;sa=thankyou instead?
Also, I already have rm=2 in the variables, but it is still changing the URL. Haven't tested this in the actual live site yet, just the sandbox. But am concerned that this is going to happen in the live PayPal site also...
Do you have PDT enabled in the account receiving the payment? If you do, the return method to your site would always be a GET and that would override what you have set in your return URL.
I am using the PHP Toolkit for PayPal v0.51
I have setup Pay Pal sandbox accounts and done a test to the ipn.php that comes back as working ok.
I have set the config.inc.php to suit my settings
PHP Version 5.3.3-7+squeeze15 mysql and cURL installed all is working fine.
When using with IE
everything works fine, the transaction is returned to the success.php and in the ipn_success.php
I have it updating the database with the information posted back from Pay Pal.
When using Firefox
Everything works fine till I get to the part where it returns me back to the success.php
I get a Security Warning box open up with the below information within it.
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
If I click the warning straight away I get the information posted back and the database is updated.
If I leave this warning for a few seconds, I lose all the information that is posted back to the site for the database.
How can I stop this security warning from showing when using Firefox
The website is using http and not using https so Pay Pay is posting back to a non ssl site.
This is actually a known issue with FireFox that we are currently looking into. If you would like to be notified once the issue is resolved, you can open up a ticket with PayPal's Merchant Technical Support. PPXO-7400
After paypal updated their interface (sandbox.paypal.com for example is not working, now you have to go to developer.paypal.com) many of the things are not working: 2 of them are particularly frustrating and I was hoping someone here knew how to get around them:
Am I the only one whose sandbox customer test accounts are not able to make purchases? The transaction page says they are not available.
IPN validation is not letting me send a https request. When I do it says there is something wrong with the server name. Yesterday however before the update I could get verified status. If I dont put https, now my handler gives me an invalid responde status, code: 400. What does it mean?
To fix the HTTP 400 error, follow the instructions in https://www.x.com/content/bulletin-ipn-and-pdt-scripts-and-http-1-1 and update your code to pass "Host" information. Ideally, things should work with just the recommended changes from the above link. Apparently, thats not the case. Here is a fix from one of the PayPal MTS person - PalPAL sandbox IPN processor rejecting all messages?
Remove the "cmd=notify-validate" option from the validation URL. I tried this and it worked. Though it doesn't return the right string, atleast it doesnt break with the 400 error.
While we wait for a fix from Paypal, I wonder how a company like PayPal can cause such a huge blunder and not post anything on their status page - https://www.x.com/developers/paypal/documentation-tools/site-status/pp-cri. It just makes you think that even smaller companies can do a better job than companies like PayPal.
For the code:400 issue, you have to update the post to version 1.1. That information is located here.
https://www.x.com/content/bulletin-ipn-and-pdt-scripts-and-http-1-1 in this bulletin.
However, as I posted before the asp.net example uses a call, that does not exist, so I was only able to get mine partly working. After fixing this, the servers appear to be rejecting calls to https, or the cert they have installed is invalid.
Action Required before February 1, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” header in the IPN postback script. In addition to this bulletin, these merchants will be notified via a direct email.
Alright, seems to be fixed!
If you are having trouble logging in, like suggested above, clear cache and cookies and try again.
Regarding the error 400, seems to have been solved by paypal!