I have a paypal button on my site and I have a custom value that is returned from paypal to my site on completion of the transaction.
It works fine on desktops but for some reason it wont work on mobile devices like an android phone or an Ipad. the payment goes through but the value doesn't seem to be passed to my page.
thanks
Thank you for reaching out to me. We found there was an issue with the mobile flow not returning data when using RM=2. To retrieve the data you opted to switch to Payment Data Transfer (PDT) to collect the information.
We'll continue working on the issue of returning no Post data while using RM=2 in the mobile flow but at least we got your goal accomplished.
It looks like when payments are coming back through from mobile.paypal.com, any get parameters on the 'return' url are being unencoded first, so if there's a %2B in the url I pass to paypal, when it comes back, it's a + (meaning, you're decoding them on your side after the post, then encoding them, instead of simply encoding them). Same for %3D coming back as =, and I'd assume all sorts of other invalid stuff. This is not true if the 'return' comes from www.paypal.com. I'll report a bug, but I'm assuming others will want to know this information.
Chris
Update: I just got one of these malformed urls from www.paypal.com/ca/cgi-bin/webscr, so it's not just the mobile site...
Related
This is leading me into confusion only. After reading Paypal's documentation for Paypal IPN, I know how to get to the Simulator page and trigger an IPN test. Reading throughout PP's documentation, the page I am lead to is:
https://developer.paypal.com/developer/ipnSimulator/
Now, on my server side, I have used one of PP's Listenter example file in which I've implemented my own class to log everything I need into text files, and, I know that my IPN Listener is up, running and receiving requests from the IPN Simulator because I can see it all beeing logged.
Now the intriguing part is that, as I said before, i'm lead to the aforementioned page, which triggers an INVALID response from Paypal every single time I simulate a payment. Afters dozens of forums read, including SO, I have seen some people using https://developer.paypal.com/webapps/developer/applications/ipn_simulator instead of the former one.
If I use this latter URL, the simulation works without a hitch and I get the "VERIFIED" response, everytime. At this point, the question I cannot answer is "Why?". Why does this only works on the latter URL, and not on the URL that I am redirected to from within my paypal account, which is the one I think it was supposed to work from? And this constitutes by itself another problem. I cannot access this latter URL from anywhere within my paypal account, unless I manually enter it. You may question how did I get to this second URL. Well, I got it from other people's posts, otherwise I didn't even know it existed. So, right now I am completly lost and with this said,
Is there anyone that can explain me the difference from both URLs, and why is the second one not available inside my PP account?
If you can also explain me why the simulation works from the second URL only, that would be a bonus
NOTE: By the way, I've tried it and I know that in Live mode it works also, and I get the VERIFIED response.
I'm using ASP.Net Membership Provider for logging into the premium content of this web site. The content isn't downloads, it's web pages of information and discounts, etc. That part is done. We want them to also have a PayPal Subscription annual payment to see the premium content. I would like ASP Membership and PayPal Subscription to work together as much as possible, but for the minimum I am thinking they will have to create a MemberId before they pay. Then I will send that MemberId to PayPal to associate the two.
I think I can do that like this:
Set "Auto Return" on in the interface so that it will redirect to return URL when payment is made.
Set "return URL" query string to MemberId. This requires not using the precompiled "Saved" buttons. I'll have to set it in Code Behind with Name Value Pairs, "NVP" to PayPal. I was hoping to just paste the stupid button.
But then, there were those "Advanced Variables" in the Button maker. Problem was they are compiled into the Saved button, so I can't change them for each person. But maybe that one parameter could be separate from the compiled parameters? Is this better than hacking the return URL? Are "Advanced Variables" good for anything?
All the details about the transaction will be POSTed to the return URL if I put in the right code, which might be rm=2. (Right?) Then I can record it.
This process is said to be unreliable, though, and PayPal recommends using a secondary system that they have, "IPN". PayPal sends the transaction details to me. I send them back http 200 code. Then I send it back to them in the same order I got it. Then they send me http 200. Then we all know it's good. This sounds like a few hours research to me, but if you've already done it once, it sounds like copy and paste. I hate reinventing the wheel. Is there a .Net sample of this IPN handshake/dance?
Also, if I do the IPN thing, maybe I don't need Auto Return. Maybe I add MemberId to "notify" URL instead of "return" URL. Then PayPal can handle the confirmation page, email, etc. Is that better?
Assuming we get the Subscription paid for and recorded with the MemberId, at least once per user session, after they log in, I have to check if they have paid their PayPal subscription and if it's up to date. "GetRecurringPaymentsProfileDetails" does this, but it is an API operation. That makes sense, but I was hoping to avoid learning their REST API. (Is there a "NVP" version?)
REST API OAUTH tokens expire every few minutes, but the only way it tells to get one is by using "Bash" to "cURL" some Linux commands. Again, this seems like the kind of thing that would only ever have to be written once. Does this already exist as a sample code somewhere?
(I don't want to use the API to do the Subscribe, because I don't want the Credit Card numbers to ever go to our site. Too much liability. That's why I wanted PayPal.)
Will this even work? I know PayPal has 18 ways to do everything and they all exclude each other, and I'm just getting the feeling that I'm creating a patchwork of unrelated ideas to fool myself into believing there's a light at the end of the tunnel. I've already been researching and experimenting for 10 hours or so. I really thought, going in, I'd just be pasting a stupid button.
If you want to just "copy the stupid button" then you'll have to stick to Payments Standard, and then you'll be limited with what you can do. For example, you won't be able to use GetRecurringPaymentsProfileDetails for a standard subscription.
Instead, you'll need to use Express Checkout and / or Payments Pro. There is indeed an NVP API available for these, and there is also a SOAP/XML version. Details on those can be found here: https://developer.paypal.com/docs/classic/api/
Specifically, for Express Checkout, you'll want SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckoutPayment, and CreateRecurringPaymentsProfile. Some of those calls are optional depending on how exactly you're configuring things with the checkout flow.
For Payments Pro you'll use either DoDirectPayment / CreateRecurringPaymentsProfile or PayFlow depending on what version they put you on.
In any case, IPN is definitely the way to go for post-transaction processing.
.NET IPN Sample - https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.asp
I have a Business Site and am using Sandbox to try to get PDT to work.
I set up return URL in selling preferences and turned PDT ON - but my Sandbox buyers do not get returned to the site.
There are warnings that if you do not format the return url properly then it will not work, but I cannot find any instruction as to what that format is. I am not sure if I specify the page I want to return to or just the root address which PayPal will something to.
I want to use it with an https, but I have also tried and failed with a different http site that I have.
Can you suggest what I might have forgotten to do?
It would be great if you could help me get started on this fairly fundamental point!
We have multiple sites that uses PayPal standard with PDT and IPN callbacks, when I switch this to sandbox mode things don't work but works outside of the sandbox. Try connecting to the live urls and see if that works, you can always refund payments if they go through.
In the posting url you can specify &return=XXX where XXX is the url encoded url back to your site
[This will override the setting within PayPal which is handy if you have multiple sites using the same PayPal account]
You can also specify the IPN (which should also be implemented) using ¬ify_url=
I got an auto-return to work in the sandbox!
Not quite sure what I did BUT it might have been that I set up PDT and IPN in the sandbox site, instead of just in the live site.
thanks for replies. I am not out of the woods yet, but I now live in hope.
In PayPal Express Checkout, _express-checkout-mobile seems to auto-detect the browser and show the correct page at all times.
Are there scenarios where the mobile UI will be improperly displayed? Is there a reason to ever pass _express-checkout instead?
I've always used _express-checkout and it automatically detects which experience to use. I think if you use _express-checkout-mobile it will use the mobile experience regardless of the platform the user is on, but I haven't tested that specifically.
I've just tested it with _express_checkout, and on my mobile phone I am forwarded to the mobile payment design.
There does not seem to be a difference.
I am getting the response as below.
{"status":21002, "exception":"java.lang.NullPointerException"}
I am encoding the receipt using Base64 only.
I am testing it in sandbox.
What will be the problem? Can anyone help me?
hi all i got the solution
just send the receipt data after encoding into base 64 as json with key "receipt-data"
VIP Worth noting that 21002 is also the message you get back when trying to verify a transaction that was initiated via rooted iTunes hack software like the Urus app.
We verify all transactions server side, so are not device dependant, the only transactions that get the 21002 response are ALL not real payments.
an easy way to spot it to look at the transaction id returned Urus gives com.urus.iap.XXXXXXX (x being random numbers), other ones include returning the pack name as the completed transaction id, all very different to the id's you get from the various iTunes servers.
I can't recommend more that everyone verifies server-side in an environment you can control, test and prove, that cant be manipulated (unless your hacked). If this is not an option, then do not pay out on a 21002 response.
verifying in a java environment the json response for the 21002 will be:
json: {"status":21002,"exception":"java.lang.ClassCastException"}
We had the same problem - until we discovered that we didn't include the post body in the request and only sent an empty request.
The only option that work for me after 2 days of hitting my head against the wall:
Testing in the sandbox
Pay attention to this advice by apple
"Important Do not sign in with your test account in the Settings application."
Make sure on the test device you are signed out of the "test" apple store account before encoding to base 64.