I am using PayPal's IPN service to confirm payment. My listener is checking the payment_status variable hoping to find "Completed". I don't want to do anything in my database unless the payment comes back "Completed". My question is, what if it does not come back with that status? Will PayPal continue to communicate with my listener until it is complete? For example, the status could come back as "Processed", which appears to be a step before "Completed". Below is a link to a document with all of the variables:
https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/ipnguide.pdf
On page 10:
Because IPN messages can be sent at various stages in a transaction’s progress, make sure
that the transaction’s payment status is “completed” before enabling shipment of
merchandise or allowing the download of digital media.
So yes, I think PayPal will always give you an IPN with Completed status.
Related
We have a production game that uses PayPal as one of the methods of payment. In some cases, we're never receiving webhook notifications.
Here's the sequence that's occurring. Sometimes we get the webhook from this sequence, and other times we don't. On the server, we're using the Java API. All of this is the behavior with the production (NOT SANDBOX) PayPal servers.
After the user selects a product, it calls our server, which creates the Payment object via Payment.create(). At that point the state is 'created' and we redirect the user to the approval_url returned in the links.
The user approves the payment and is sent back to our server. We fetch the payment via Payment.get(), which is successful and has a state of 'created'.
We execute the payment using a PaymentExecution. This returns the payment with an updated state of "approved".
We then wait for a WebHook to inform us that the payment was completed. On occasion, this webhook is never sent, leaving the purchase incomplete. Checking the PayPal console, no webhook event exists for the payment, even though the payment is showing up as completed.
The questions here are:
Is this the correct sequence? Or is something missing?
Shouldn't the payment be "approved" when the user is returned from PayPal rather than still "created"?
Shouldn't the payment be either "completed" or "in_progress" after a successful execute?
What is the correct way to handle the case where the webhook never arrives? Keep polling the payment until the state updates?
I do not see any problem with your sequence. You can also refer to the steps here as an example - https://developer.paypal.com/docs/integration/web/accept-paypal-payment/
Regarding Webhooks, you mentioned sometimes you get Webhooks and only some times you do not. Can you please provide a correlation or debug id for the calls where you don't see any Webhook? We will trouble shoot and get back?
I'm using paypal adaptive payments to make transaction via paypal. Although few of transactions are taking more than 6 hours too receive IPN.
I've gone through forum posts and their documentation, I came through - https://developer.paypal.com/webapps/developer/docs/classic/products/instant-payment-notification/
"Because IPN is not a real-time service, your checkout flow should not wait for the IPN message before it is allowed to complete. If the checkout flow is dependent on receiving an IPN message, processing can be delayed by system load or other reasons. You should configure your checkout flow to handle a possible delay."
The callback is taking more than 6 hours is way too much. any suggestions ?
I've built several custom carts. On average, I see the PayPal IPN come back within 2 minutes at the longest, and usually recurring payments take longer than single payments because they send two IPN messages, not just one, on the initial setup. I usually take the 'custom' property and put a unique identifier that I have permanently cookied. So, even though I may see an initial IPN come in on a recurring payment, I wait for the one that says that txn_type is subscr_payment and also that payment_status is Completed. You can't really trust a subscription payment as being paid unless you see that second message. And if it's a single payment, then I look for txn_type to be web_accept and payment_status to Completed.
The way I handle things is to redirect the customer to PayPal to purchase using the form button technique. The customer pays and then gets redirected (thanks to the form hidden vars I created initially) back to my own custom cart URL that I specify. I call that URL the payment-confirmation script. I display a message with a progress bar to please wait while their payment is being confirmed with PayPal. I hold them there 10 seconds and then redirect to the receipt. It is on the receipt where I check the database to see if my IPN script has already processed this order. If not, then I redirect them back to the payment-confirmation script again for another 10 second progress bar delay. My receipt uses a session cookie to ensure I never send them into a loop more than one time to the payment-confirmation script. So, the customer waits another 10 seconds and then comes back to the receipt page, where I test again, reading my permanent cookie on the 'custom' property that I saved, versus the 'custom' property that comes in from the IPN that I use as the order key in the database. Usually within the first or second 10 second delay, the IPN has come in and I can proceed. However, if the IPN has still not come in, then I redirect to a friendly error message saying that their payment cannot be confirmed and to call our call center to remedy the issue. Our call center techs then see the delay problem in PayPal, back the other transaction out, and sell to the customer over the phone manually, instead.
In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form
I have done some scouring but cannot find a definitive answer for this!
I get "VERIFIED" and "Pending" so i can put my orders from "placed" to "in-progress" but need the complete / failed so i can then transfer to "paid" and "cancelled".
Anyone have anything definitive on this, or is it a waiting game until test payments are complete (not using sandbox).
If the payment has a “Pending” status, you receive another IPN when the payment clears, fails, or is denied.
Also, here are some good things to check once you receive Payment_staus=completed
Check that the "txn_id" is not a duplicate to prevent a fraudster
from using reusing an old, completed transaction
Validate that the "receiver_email" is an email address registered in
your PayPal account, to prevent the payment from being sent to a
fraudster's account
Check other transaction details such as the item number and price to
confirm that the price has not been changed
You get another IPN (not a 'resend'), same txn_id, with payment_status='Completed'.
I cant find anny clear documentations about this.
If you use paypal express checkout, when a payment is pending what happens next?
Does paypal sends you by IPN an update if the states changes, do you have options?
Let say you do an DoExpressCheckoutPayment (with NVP)
and you get this:
&PAYMENTSTATUS=Pending
&PENDINGREASON= ECHECK //The payment is pending because it was made by an eCheck that has not yet cleared.
&REASONCODE=None
So you've made the payment and you want to wait until its cleared? What should you do next.
Update Some (external documentation) I found only sugest you could use (IPN?) to handle pending payments.
"If the Do Express Checkout Payment PENDINGREASON response is a value
other than none or completed , the payment is pending. Typically,
this means the customer has paid with aneCheck. In such a case, funds
are not guaranteed, and you should not ship or deliver items or
services until the payment has successfully completed. NOTE:
PayPal recommends that you block eChecks as a payment method if you
are unable tohandle pending state payments.To find out the status of a
pending payment, you can:
Submit an Inquiry transaction.
Check the status using PayPal Manager. See PayPal Manager online help
for details."
The paypal sandbox seems to have the option to check IPN messages for the express checkout type. The only correlation (if its ment to be used this way) between the DoExpressCheckoutPayment and the IPN seems you can use the "custom" field to keep track of a pending status. The txn_id (ipn) isn't given in DoExpressCheckoutPayment (nvp). Does any one have any experience with this?
The transaction ID is most certainly given in DoExpressCheckoutPayment, even if the PAYMENTSTATUS=Pending. A pending payment is still a transaction.
So yes, you would be notified via IPN when the transaction is completed. This typically takes a few working days.
Once it has completed, you can correlate the transaction from DoExpressCheckoutPayment to the IPN you will have received via the txn_id in the IPN.
Note: If you want to test a 'Pending' payment in the PayPal Sandbox, simply go to https://developer.paypal.com/ > Test account and click on 'Payment review' for the seller account you're testing with.
Once payment review is enabled on that seller account, any transactions it receives will be in a 'Pending' state.
Simply disable payment review to release the tranasctions afterwards.
I thought i'd add my two pence worth of thoughts to this.
I was getting a pending return status using Express Checkout via the dotNet SDK, according to the doc's and examples I should have been getting an 'approved' status.
I couldn't figure out why but it turned out to be because I was passing through a new currency, in our case 'GBP'. I had to log in as the facilitator sandbox account and decide what to do with the new currency.. convert it or setup a new balance in the currency. Once I did this, and set it as the default action, the pending return status no longer occurred.
hope that helps someone!
One thing not noted here and I haven't found anything else to confirm.. is that Paypal Express API doesn't support passing in the NOTIFYURL with the code. So you have to use the hardcoded IPN url set in your paypal account. This of course causes issues because you need a common callback file that can redirect to the individual payment options.
For example, if you are using Paypal Express AND Paypal Advanced.. Neither of those properly support a notifyurl passed in using the code. Paypal Advanced claims to, but it doesn't seem to work. So there needs to be a common IPN callback file that handles the redirection to each.
Unless someone else can confirm a working notify url for Express Checkout variable that can be passed in the code?