I have a site where my users can create invoices. I would like to offer my users the ability to have their invoices paid by their clients via PayPal. Each user on my site has their own paypal account.
I would like to use PDT so that the status of the invoice is updated to paid immediately after a payment is made via paypal. However, it would appear that this is not possible, because PDT requires that Auto Return is enabled (https://www.paypal.com/pdt) in the paypal account. Given that I don't have control of all my clients' paypal accounts (and I can't ask all of them to enable Auto Return), this doesn't seem to be feasible.
However, looking further into Standard Payments (https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_formbasics), I can create a form variable called return (see Setting The Return URL on Individual Transactions). Does this mean that PDT data will be returned when using this method?
What you want is Instant Payment Notification (IPN). It is very similar to PDT except that it will be triggered regardless of whether Auto Return is enabled and whether or not the user actually makes it back to the site (which isn't guaranteed even with Auto-Return enabled).
The IPN system will POST transaction data to a listener on your web server in real-time. This can be used to update your own database, send email notifications, hit 3rd party web services, or anything else you'd like to automate.
IPN happens "behind the scenes". It's server-to-server communication, so it's not something that you'll see happening in the browser. It will do exactly what you're wanting, though.
Related
Question:
How can I have a visitor to my site pay to a 3rd party PayPal account (one I do not have access to) and have PayPal return the visitor to my site, confirming that the payment was a success (while requiring no special setup or confidential information from the 3rd party account)?
Details:
My company provides a service to clients of other organizations, however, we collect payment directly from those organizations (and not from their clients). In our particular case, if the organization's client opts to use our service, they will pay the organization they are part of (and not us) - the entirety of their payment goes to the 3rd party organization (the value of the payment may vary, but it will always be billed as a single item). The only information we need from this transaction is: the ID of the client (a value from our database), and some type of verifiable confirmation (ideally, a dollar value paid).
The flow is as follows:
Our site
redirect to 3rd party PayPal
return to our site with confirmation
Authorize transaction and enable service
e.g. thank you page with Next button
payment needs to be authorized before going to next page
We would like to implement this in such a way that the 3rd party organization does not need to set up anything additional in their PayPal account, and does not need to share confidential information with us (ideally, they should only need to share their PayPal email address).
Currently, we are exploring using the following:
Buy Now button
Set the notify_url field on the form
Setup an IPN listener on our server that will process (and verify) the transaction
The problems are two fold:
We have been unable to confirm that this implementation would not require the 3rd party
organization to setup anything in their PayPal account (e.g. they
don't need to setup IPN, since we are using a per transaction URL
and they don't need to share their API key).
IPN is asynchronous - so we will not receive the notification as part of the transaction flow (which complicates things, but if no better option exists, we
can make it work). Is there any synchronous approach that would
notify us of a successful transaction without requiring additional
credentials (e.g. PDT requires an identity token so does not appear
to be an option for us).
If there are any better ways to approach this problem, suggestions would be appreciated.
You can use Parallel or Chained Payments to send money to multiple recipients, be able to control where the buyer is taken to after completing the payment, and you would get an API response back right away telling you if the payment completed or not. Using the Permission Services API calls you can set up your account as a third party to the receivers so they wouldn't have to make the changes themselves.
You mentioned that you're looking into using Buy Now buttons through Payments Standard. That would work for if you're looking for a quick and simple way of setting it up. Define the receiver as the business value and the money would be sent to them.
By default, IPN is set to "off" in an account which means an IPN post will still be sent out if you define it with the "notify_url" variable. You may need them to enable IPN within their account if they've previously disabled the service. If the receiver already has an IPN URL set in their account it would be overwritten by the "notify_url" value you provide.
I have finished designing a program, and am ready to create a commerce system. Ideally, I would like to use Paypal to handle all the transactions for me, how ever I want this to be done on my own website, and have the information securely sent over to Paypal. I understand how to do this entire process, how ever I do not understand where I would add code to have my server generate a serial code and store it alongside customer information in a database.
The Paypal API isn't very helpful, so I am wondering if there is a variable passed back to the merchant website by PayPal, via a POST or similar, that can be checked to verify that a payment was accepted, and then react depending upon that status.
I understand that I can have it send the user back to the merchant website, but I would like it to generate a page along the lines of...
Thank you for your purchase (NAME)! A copy of your serial for (LICENSE_COUNT) licenses has been sent to your e-mail at (EMAIL).
And then have a script run to automatically generate the serial, send it to the user, and save it in a database.
Any language is acceptable.
Are you working with Payments Standard or Express Checkout?
If you're using Payments Standard you would need to use PDT + Auto-Return to get data back to your page for display. That said, I wouldn't rely on it to deliver the necessary details to your user because they're not always guaranteed to make it back there even with Auto-Return enabled.
Instant Payment Notification (IPN) is recommend for this sort of thing. It will POST transaction data to a listener script you have on your server. This happens separate from the checkout system itself. You can automate tasks like updating your database, hitting 3rd party web services, sending email notifications, etc. from within this script. It also allows you to handle e-checks correctly (only delivery the e-goods when the payment clears.)
If you're using Express Checkout you can handle this within the checkout flow rather than using IPN if you want to because the user is always guaranteed to make it back to your site. That said, if you're accepting e-checks you'd still want to use IPN instead. If you've disabled e-checks then this would work just fine.
I have PayPal PDT (Payment Data Transfer) enabled on my PayPal account, and I have auto-return turned on, pointing to a "Complete_Paypal_Order" page on my site.
When a customer makes a purchase, and they pay using PayPal's site, they are sent to a page which will redirect them back to my site within 10 seconds. If the customer waits for the redirect, the GET request to my site contains the transaction id, just as it is supposed to.
If, however, the customer clicks the link on PayPal's redirect page that says "If you are not redirected within 10 seconds, click here," the transaction id is not passed to my site. Instead, the get request looks like: "http://.../Complete_Paypal_Order?merchant_return_link=click+here&form_charset=UTF-8", no matter what the customer ordered. This happens in both sandbox and live PayPal sites.
Has anyone run across this before, and if so, do you know of a solution?
Also, just to be clear, I am aware of some of the drawbacks of PDT, but suffice to say that, for various reasons, changing to IPN or API calls is not an option for the site at this time. So, please don't suggest "just use IPN" or "just use ExpressCheckout API calls."
Related questions (as yet unanswered):
Paypal PDT - unable to get transaction ID.
Paypal PDT AutoReturn
The payments we gather on our website are for online subscriptions and registrations for conferences. In both cases, we want to gather absolutely all information other than the payment information ourselves, and ideally pass some of it on to PayPal (so users don't have to fill in name, address, etc. twice).
I know there are solutions where the information is gathered by the server itself and then redirected to PayPal via a web services call but that's not an option, unfortunately. All secure payment information gathered has to happen off-server due to network policy.
In addition, not every form will need to be processed using PayPal. Some people will be paying via check, etc. so they shouldn't be sent to a payment page at all. Most solutions I've looked at have a "Pay with Paypal" button, so I assume a form post is necessary to go to the PayPal site, but ideally we'd want to get there via a 302 redirect. Is that at all possible? (I'm aware we could do something like a form that was auto-submitted by JavaScript but I'd prefer to not go down that route).
Whichever system we implemented would need to handle recurring (periodic) payments also.
Paypal has something called Payflow Pro. They bought it from VeriSign a few years ago.
You can use it to do a full integration with the paypal api. So that the user enters their payment details on your site, and your backend code submits the transaction to paypal's servers. Paypal will then give you a transaction id back. Keep the transaction ID, chuck everything else (like the card number) out the window.
We have several clients that use Payflow Pro. It's very good and easy to use api.
I'm not entirely sure I understand the full scope of your question, but I think I do. I've coded a number these conf. registrations (though I have not interfaced with PayPal...rather iTransact and Plug'NPay) and in my applications, I had to read through the API documentation for the system being used (PayPal in this case). Then I logged into the payment gateway and usually they have an html form generator. All this does, of course, is returns an html form with the fields labeled appropriate to their API (so the billing name and address carry over from your system to PayPal's and the user doesn't have to re-enter their information), shows you what hidden fields you'll need(like cutomer_id, etc) and the form POST path.
Then what I do is I have the user register, preview their order details on another page (where you can choose to drop their info into a DB or wait until AFTER their credit card is processed) and then upon confirmation, they go to PayPal, pay with either credit card OR check (the options always exist) and when they hit confirm, the passback URL you put into a hidden var somewhere, takes you to a custom Thank You page (and hopefully processing script to capture successful transactions) which can be hosted anywhere on your servers.
It's pretty simple, just a bit labor intensive at first as you try and figure out the new form variables specific to a payment gateway API.
Hope this helped!
I'm having some trouble choosing between PayPal's Instant Payment Notification (IPN) and Payment Data Transfer (PDT).
Basically, users buy a one-off product on my site, pay on PayPal, and return to my site. I understand how IPN works but I'm now seeing that I might be able to trigger the various actions that take place after a successful purchase more easily with PDT, as the data gets returned there and then (as opposed to needing a separate listener).
However, PayPal's PDT documentation contains this cryptic line: "PDT is not meant to be used with credit card or Express Checkout transactions." ... but I can't find anything further whatsoever on the topic.
Are credit cards REALLY not meant to be used with PDT? I would like more than a sentence.
Does that mean that a user must have/create a PayPal account to pay?
Does it mean that if I want to allow users to pay with their PayPal accounts AND/OR with credit cards directly, I must implement IPN?
Could anyone who's gone through this kindly shed some light?
The APIs for PDT and IPN are similar. The main difference is when you receive the notification. For that reason I would recommend implementing both.
With PDT you get the notification instantly and can do any additional processing required and show the user a confirmation page.
With IPN you are guaranteed to be notified that the payment was received even if the user's computer explodes before it can send you the PDT.
Implement both and get the best of both worlds. But if you're only doing one, IPN is the reliable one.
One catch: if you implement both then there's a chance your payments could be processed twice. Take care to ensure that doesn't happen. The application I wrote handles the PDT and IPN almost identically (the backend part is the same) and that code acquires a per-web-user lock in the database, so that if the same user tries to submit the exact same payment multiple times it can only be processed once. Once processed the result of that process is re-used for any subsequent attempts to process it.
Edit
One more thing: IPN carries more information than PDT. There are lots of different messages that you can receive from IPN, such as chargeback notification, etc, and thus you really should implement it.
PayPal's PDT system sends order confirmations to merchant sites that use PayPal Payments Standard and lets them authenticate this information. Such sites can then display this data locally in an "order confirmation" page.
When to Use PDT?
IPN provides the same capabilities described above. So, when should you choose PDT instead of IPN?
With PDT, your site is notified immediately when a customer completes payment. With IPN, however, there is a material lag between the time a customer completes payment and the time your site receives notification of this event.
So, use PDT if your site includes a feature that requires immediate payment notification.
For example, consider a digital music store. With PDT, this store can let customers download their purchases right away since PDT sends order confirmations immediately. With IPN, such immediate order fulfillment is not possible.
Advantages of IPN
PDT has a a major weakness: it sends order confirmations once and only once. As a result, when PDT sends a confirmation, your site must be running; otherwise, it will never receive the message.
With IPN, in contrast, delivery of order confirmations is virtually guaranteed since IPN resends a confirmation until your site acknowledges receipt. For this reason, PayPal recommends that you implement IPN rather than PDT.
Another advantage of IPN is that it sends many types of notifications, while PDT sends just order confirmations. So, using IPN, your site can receive, for example, chargeback notifications as well as order confirmations.
Note: If your site must be notified of payments immediately, you can implement both IPN and PDT. However, if you do, your site will receive two order confirmations for each sale. As a result, you must be careful to take action (say, ship a product) on just one copy of a given confirmation message.
Documentation Here
Re 1. PDT is meant to use with Auto Return for Website Payments feature. Auto Return redirects to PDT site after paying money to seller. Unfortunately it's not possible to use that feature along with PayPal Account Optional - used to enable Credit Card payment. Here is note from PayPal: 'If you have turned on Auto Return and have chosen to turn on PayPal Account Optional for new users, a new user will not be automatically directed back to your website, but will be given the option to return.'. User will have an option to go back to your site(PDT step) or stay on PayPal site. To sum it up when paying by Credit Card user can skip PDT step if user will not click 'return to store link'.
Re 2. It is up to you what paying options do you want to allow. If you want to allow paying without a PayPal Account you can enable Account Optional. If you want to allow only users with PayPal accounts disable that feature. There might be more options.
Re 3. In your case you need to trigger action after successful purchase. Recommended way would be to implement IPN. PDT doesn't work for all cases and doesn't guarantee message delivery. Here is link to doc covering that topic PDT vs IPN.
This is an old question, but my simple answer would be - Why not use both PDT and IPN? They will work fine for card transactions.
PDT can provide the immediate transaction status to your website, where you can quickly check the payment success or failure status and provide the user with appropriate message.
Meanwhile, you can await the full verification from IPN in the background. Once received, you can use this to further update your DB and process the order.
You can follow this step-by-step guide which I found to be very clear and helpful - and it's still valid in 2018.
https://www.codexworld.com/paypal-standard-payment-gateway-integration-php/