I have done some scouring but cannot find a definitive answer for this!
I get "VERIFIED" and "Pending" so i can put my orders from "placed" to "in-progress" but need the complete / failed so i can then transfer to "paid" and "cancelled".
Anyone have anything definitive on this, or is it a waiting game until test payments are complete (not using sandbox).
If the payment has a “Pending” status, you receive another IPN when the payment clears, fails, or is denied.
Also, here are some good things to check once you receive Payment_staus=completed
Check that the "txn_id" is not a duplicate to prevent a fraudster
from using reusing an old, completed transaction
Validate that the "receiver_email" is an email address registered in
your PayPal account, to prevent the payment from being sent to a
fraudster's account
Check other transaction details such as the item number and price to
confirm that the price has not been changed
You get another IPN (not a 'resend'), same txn_id, with payment_status='Completed'.
Related
In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form
At the end of the IPN docs it says the following:
Important: After you have authenticated an IPN message (that is, received a VERIFIED response from PayPal), you must perform these important checks before you can assume that the IPN is both legitimate and has not already been processed:
1.Check that the payment_status is Completed.
2.If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure the IPN message is not a duplicate.
3.Check that the receiver_email is an email address registered in your PayPal account.
4.Check that the price (carried in mc_gross) and the currency (carried in mc_currency) are correct for the item (carried in item_name or item_number).
What are you supposed to do if one of these checks fails? Are we supposed to call a PayPal API somehow to 'reject' the transaction'?
Most shops would mark an order / transaction that fails these checks as "Possible Fraud" or something along these lines.
The order status should raise awareness with the employee working the orders - a closer look should show which check has failed and further actions can be initiated.
This may range from refunding the transactions to contacting PayPal for possible fraud attempts. In any case, the order should be checked and not just treated as any other "Completed" order.
Sample scenario:
You're using unencrypted Website Payments Standard, HTML Forms to receive payments.
A fraudulent buyer finds out and starts modifying the price of an item through editing the submitted form
You receive the order as PAID and don't check the value of the order within your shop against the transaction
An employee doesn't spot this and an item worth 200$ is sent out for a payment of 0.01$
I am using PayPal's IPN service to confirm payment. My listener is checking the payment_status variable hoping to find "Completed". I don't want to do anything in my database unless the payment comes back "Completed". My question is, what if it does not come back with that status? Will PayPal continue to communicate with my listener until it is complete? For example, the status could come back as "Processed", which appears to be a step before "Completed". Below is a link to a document with all of the variables:
https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/ipnguide.pdf
On page 10:
Because IPN messages can be sent at various stages in a transaction’s progress, make sure
that the transaction’s payment status is “completed” before enabling shipment of
merchandise or allowing the download of digital media.
So yes, I think PayPal will always give you an IPN with Completed status.
I'm coding a PayPal Express Checkout setup for a client, and see both "Processed" and "Completed" in PayPal's list of possible PAYMENTSTATUS response codes. The PayPal DoExpressCheckoutPayment API Doc describes them this way:
Completed – The payment has been completed, and the funds have been added successfully to your account balance.
Processed – A payment has been accepted.
I'm wondering whether I should treat "Processed" in the same way I would treat a Completed payment, or instead if it should be handled like a Pending payment. (EG: Will it eventually change to either Completed or something else?)
Thanks in advance for any help!
The status "Processed" is used for MassPayments. When Masspayments are successful you will get a IPN post with a payment_status of Processed.
I'm having the same doubts, but after researching I found no clear information from Pay Pal side that explains it better the difference.
What I did is treat the Processed status as a pending status imagining that at some point should evolve to Complete.
I take it this way because what Pay Pal leaves clear is that you shouldn't ship until the payment is Complete.
I cant find anny clear documentations about this.
If you use paypal express checkout, when a payment is pending what happens next?
Does paypal sends you by IPN an update if the states changes, do you have options?
Let say you do an DoExpressCheckoutPayment (with NVP)
and you get this:
&PAYMENTSTATUS=Pending
&PENDINGREASON= ECHECK //The payment is pending because it was made by an eCheck that has not yet cleared.
&REASONCODE=None
So you've made the payment and you want to wait until its cleared? What should you do next.
Update Some (external documentation) I found only sugest you could use (IPN?) to handle pending payments.
"If the Do Express Checkout Payment PENDINGREASON response is a value
other than none or completed , the payment is pending. Typically,
this means the customer has paid with aneCheck. In such a case, funds
are not guaranteed, and you should not ship or deliver items or
services until the payment has successfully completed. NOTE:
PayPal recommends that you block eChecks as a payment method if you
are unable tohandle pending state payments.To find out the status of a
pending payment, you can:
Submit an Inquiry transaction.
Check the status using PayPal Manager. See PayPal Manager online help
for details."
The paypal sandbox seems to have the option to check IPN messages for the express checkout type. The only correlation (if its ment to be used this way) between the DoExpressCheckoutPayment and the IPN seems you can use the "custom" field to keep track of a pending status. The txn_id (ipn) isn't given in DoExpressCheckoutPayment (nvp). Does any one have any experience with this?
The transaction ID is most certainly given in DoExpressCheckoutPayment, even if the PAYMENTSTATUS=Pending. A pending payment is still a transaction.
So yes, you would be notified via IPN when the transaction is completed. This typically takes a few working days.
Once it has completed, you can correlate the transaction from DoExpressCheckoutPayment to the IPN you will have received via the txn_id in the IPN.
Note: If you want to test a 'Pending' payment in the PayPal Sandbox, simply go to https://developer.paypal.com/ > Test account and click on 'Payment review' for the seller account you're testing with.
Once payment review is enabled on that seller account, any transactions it receives will be in a 'Pending' state.
Simply disable payment review to release the tranasctions afterwards.
I thought i'd add my two pence worth of thoughts to this.
I was getting a pending return status using Express Checkout via the dotNet SDK, according to the doc's and examples I should have been getting an 'approved' status.
I couldn't figure out why but it turned out to be because I was passing through a new currency, in our case 'GBP'. I had to log in as the facilitator sandbox account and decide what to do with the new currency.. convert it or setup a new balance in the currency. Once I did this, and set it as the default action, the pending return status no longer occurred.
hope that helps someone!
One thing not noted here and I haven't found anything else to confirm.. is that Paypal Express API doesn't support passing in the NOTIFYURL with the code. So you have to use the hardcoded IPN url set in your paypal account. This of course causes issues because you need a common callback file that can redirect to the individual payment options.
For example, if you are using Paypal Express AND Paypal Advanced.. Neither of those properly support a notifyurl passed in using the code. Paypal Advanced claims to, but it doesn't seem to work. So there needs to be a common IPN callback file that handles the redirection to each.
Unless someone else can confirm a working notify url for Express Checkout variable that can be passed in the code?