I've recently wrote my IPN listener script to manage purchases for my website. Whenever a user submits a payment, there is a custom hidden field with their USER ID as the value. I know that to identify if the message is a REFUND, it'll have the post parameters:
reason_code = refund
Now my question is, when PayPal notifies my IPN listener of the refunded item, will it still send the exact same post data (including my custom field so I can manage the user accordingly due to thei) that was sent when they purchased the item?
I hope I made my message clear and that it's not too confusing.
Thank you.
Yes, when you issue a refund you will receive the same custom variable back in the refund that you passed over when you charged the buyer. It will have the same value that you set. I also just tested this to make sure there were no issues with this feature, and it is working as it should.
Related
Our customers sends their requests for our products via email. Their requests are saved in our database and after we check their requests, we want to send them an email which contains the paypal payment link. To execute this, I am using BMCreateButton method of ButtonManager API of Paypal.
https://developer.paypal.com/docs/classic/api/button-manager/BMCreateButton_API_Operation_NVP/
This method returns EMAILLINK parameter and I am using this parameter in the email to redirect to user to paypal payment page. This method also returns HOSTEDBUTTONID and I am saving this parameter and EMAILLINK parameter to the database to make a relation between the email link(hostedbuttonid) and the user request.
For the payment notifications, I think my only choice is IPN of Paypal. I developed a page to handle the IPN messages from paypal and it works fine but the problem arises when I want to relate between the payment information with the email link that was sent to the customer. I mean I want to know for which request this payment was made. IPN message does not return any information about the HOSTEDBUTTONID. It returns btn_id(different than the HOSTEDBUTTONID), txn_id and ipn_track_id but none of them is useful to relate the customer request( or email sent) with the payment.
Do you have any suggestion about my issue? Or do you think I should use another way for sending the payment email to the user instead of BMCreateButton method of ButtonManager API.
In the BMCreateButton call, where you're setting up the standard PayPal variables for the button, add the CUSTOM parameter. Within that you can pass any value you want (up to 256 char.) and then that same value will come back in the IPN so you can relate it accordingly.
If you have a specific Order ID you could use the INVOICE field instead, and that would come back in IPN as well.
In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form
I recently converted from basic Paypal payments to Chained Payments...and I have a few questions if you guys would be so kind to help out.
First, when I setup a PayRequest, I also create an order record in the database. Previously with my basic Paypal implementation, I passed that OrderId in the custom field as part of the form post to Paypal. I would then get that OrderId back in the IPN handler and use it to mark the order as paid or whatever based on the response from Paypal IPN.
Now I am wondering what is a good unique value for my locally created order? Should I use the paykey to look up the order on the IPN callback? Or should I just set the trackingId property of the PayRequest to be the order id and pick up in the IPN callback Request object?
Secondly, there is a returnUrl and ipnNotificationUrl for the PayRequest. Should the returnUrl process the IPN callback or does the ipnNotificationUrl only should do that?
The reason why I ask is because the return url must be able to show the buyer the status of their payment and the transaction info, the same data that I get in the IPN callback.
Thanks for the input guys, once I get these two minor details ironed out, I'll be good to go!
I would add your record ID into the tracking ID parameter of the Pay request like you mentioned. That way you'll get it back in your IPN similar to what you're doing with the custom parameter now.
The IPN notification URL is what you want to set in order to trigger IPNs for the Pay request. You do not want to use the same URL for return because then the script would actually run twice.
Is there a way to update the variable data that was sent to paypal?
Given this scenario, a customer purchases an item with code A, then code B is introduced that now logs users id and other information. But all customers who purchased using code A will not be correctly identified by code B.
I can see the IPN message detail in the IPN history, but I just wished I could type into that box and manually update/correct a few of the variables.
Is there a way to do this, or a way around this?
You can update the customer's recurring payment profile using another API. I don't know what the point of amending, at PayPal, an IPN message that has already been sent to you is, but you can't do it, and you don't want to do it. You would be lying to yoursef about what they have sent you, and perpetrating a fraud against PayPal as well. All you have to do is adjust what happened at your end.
I'm implementing a simple Buy Now button and I'm using IPN (not PDT) to verify the transaction.
A thing that bugs me is that I don't understand how come only after I set the notify_url field to the button I also get the transaction variables to the success URL, as GET params. It would seem normal to be the other way around.
Since the user could or could not choose to "return to the merchant's website" there's not way I should rely on that data. It does however seem to be identical to the one sent to the notify URL.
Some clarification would help. Thanks!
I know what you mean, after the user has finished paying and chooses to return to the sellers website (button in paypal page) they are redirected to your thankyou page.
I don't think it used to do this back in 2009 but now paypal will issue the redirect with all sorts of parameters in the url query string.
I'm just ignoring this information and relying on the backend IPN post which is verifiable by paypal
In my previous experience with IPN, I defined the location of the notify URL in the control panel. Once the payment is processed, PayPal sends a POST notification to this URL independent of any user behavior.
In any case, even if you define the notify_url parameter in the button, I believe PayPal will still send the payment notification seperate from the user behavior - they spawn a new process to send the data. As to why they are using a GET rather than a POST, that is odd behavior. However, in your IPN script you should still have logic that verifies the call with PayPal before you continue processing.