I am trying IPN callback, using servlet. The code I am using is provided by paypal for verifying the ipn data. But every time i getting a INVALID response.
Here is the code:
Enumeration en = req.getParameterNames();
String str = "cmd=_notify-validate";
while (en.hasMoreElements()) {
String paramName = (String) en.nextElement();
String paramValue = req.getParameter(paramName);
//str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue,"UTF-8"); // for UTF-8 i set the encode format in my account as UTF-8
//str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue,"ISO-8859-1");// for ISO-8859-1 i set the encode format in my account as ISO-8859-1
str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue); //default as provided by paypal
}
URL u = new URL("http://www.sandbox.paypal.com/cgi-bin/webscr");
URLConnection uc = u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
PrintWriter pw = new PrintWriter(uc.getOutputStream());
pw.println(str);
pw.close();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String res = in.readLine();
in.close();
if (res.equals("VERIFIED") || !res.equals("VERIFIED")) {
//Update database...
} else if (res.equals("INVALID")) {
//INVALID
}
I have checked all three possibilities provided by paypal in case paypal return INVALID as follow:
1) Missing Parameters - As I am send all the parameters no issue of missing parameters
2) Invalid URL. - I am using sandbox so URL is : http://www.sandbox.paypal.com/cgi-bin/webscr
3) Character encoding. - Tried with character encoding same as paypal account setting parameter encoding.
the request I am sending back to paypal using following parameters:
cmd=_notify-validate&last_name=User&test_ipn=1&address_name=Test+User&txn_type=web_accept&receiver_email=sellr1_1252495907_biz%40gmail.com&residence_country=US&address_city=San+Jose&payment_gross=&payment_date=01%3A55%3A04+Sep+26%2C+2009+PDT&address_zip=95131&payment_status=Completed&address_street=1+Main+St&first_name=Test&payer_email=buyer1_1252495751_per%40gmail.com&protection_eligibility=Eligible&payer_id=BXBKS22JQCUWL&verify_sign=AOMkeg7ofCL7FJfioyWA19uCxD4XAgZirsjiGh8cUy1fd2YAqBwOkkst&payment_type=instant&business=sellr1_1252495907_biz%40gmail.com&address_country_code=US&mc_fee=0.64&address_status=confirmed&transaction_subject=True+Up&quantity=1¬ify_version=2.8&mc_currency=EUR&custom=&address_state=CA&payment_fee=&handling_amount=0.00&payer_status=verified&shipping=0.00&item_name=True+Up&tax=0.00&username=hannonj&charset=windows-1252&item_number=567&mc_gross=10.00&txn_id=7F456350BS7942738&receiver_id=MASSU6BSR9SC2&address_country=United+States
Please , can any one direct me to proper direction? I am not getting what is wrong the code or the URL or anything else. I tried all the possibilities. Please help me.
An “INVALID” message is due to the following reasons:
Check that your are posting your response to the correct URL, which is https://www.sandbox.paypal.com/cgi-bin/webscr or https://www.paypal.com/cgi-bin/webscr, depending on whether you are testing in the Sandbox or you are live, respectively.
Verify that your response to the test IPN message contains exactly the same variables and values as the test message and that they are in the same order as in the test message. Finally, verify that the original variables are preceded by a cmd=_notify-validate variable.
Ensure that you are encoding your response string and are using the same character encoding as used by the test IPN message. (for example, I can see that he is using letters with umlaut and other symbols like “/”, etc).
With regard to the last point, the merchant can try to change the encoding language in use in his PayPal account, following the steps below:
Login on you PayPal account
Click on Profile
Click on “My Selling Preferences” tab
Click on “PayPal Button Language Encoding” (at the end of the page)
Click on "Other Options"
Select from the drop down menu: UTF-8
Choose the same charset also for the second option, which is related to IPN
Click “Save”
If the issue persists, we recommend to review the script in use, PayPal has some IPN code samples available at: https://github.com/paypal/ipn-code-samples
For additional information I include the link: https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNTesting/#id091GFE00WY4
I'm pretty sure the URL to send to is just "www.sandbox.paypal.com", see chapter 4 of Sandbox User Guide, and well, this is what I put for my own code (incidentally, for live, it is also just "www.paypal.com", for their sample code)
Thank you guys for your reply.
ohhh I solved it at last.
Actually in notify URL I also added a username parameter. Paypal want the parameter values for IPN same as it return to the servlet.(You can get it as req.getParameterNames()). As I have username parameter extra, which is not known to paypal. Paypal was returning INVALID.
Remember paypal's sandbox has completely different credentials. You must have development account and be logged into development panel to use sandbox.
If you're testing Paypal IPN over SSL, you will have to use ssl://www.sandbox.paypal.com on the port 443
I ran into multiple problems layered on top of each other before I could get Paypal IPN working - it kept returning INVALID but was not specific about which part I was getting wrong, unfortunately.
Things I got wrong:
Sandbox - if you use the Sandbox you need to use the entire Sandbox environment. It requires creating a new, separate account on the Paypal Sandbox website. The Sandbox API credentials it sets up under your regular account are not enough. You then use that separate Paypal account to file fake transactions on the Paypal Sandbox website, and watch them come across IPN on the Sandbox endpoint. The need for this second account is not obvious or clear at all in setting up API access. Also, switching between Sandbox and Live requires more than switching the URL, you need to switch the credentials. So a simple compile flag alternating a string isn't going to cut it.
Live - if you use the Live environment a number of things will get in your way. For us, it took a long time for Paypal to open up "Business" access to us. It wouldn't provide us anything over the API until that was enabled. When we initially applied we were flatly denied with no explanation or timeline to resolve it. A month later ish of taking payments (with no API to keep us up to date with those payments) it seemed to just magically start working.
Code example - the code example provided by Paypal is outdated, and has some clear issues. Here's an example that uses modern TPL/async:
// Send the verification back to Paypal in the format Paypal requested
var verif = (HttpWebRequest)WebRequest.Create(ipnVerifyUrl);
verif.Method = "POST";
verif.ContentType = "application/x-www-form-urlencoded";
var param = req.BinaryRead(req.TotalBytes);
var sRequest = Encoding.ASCII.GetString(param);
sRequest = "cmd=_notify-validate&" + sRequest;
verif.ContentLength = sRequest.Length;
using (var streamOut = new StreamWriter(verif.GetRequestStream(), Encoding.ASCII))
{
await streamOut.WriteAsync(sRequest);
}
// Send it
using (var re = await verif.GetResponseAsync())
{
var s = await HttpWebRequestAsync.GetFullResponseStringAsync((HttpWebResponse)re);
// Log the response (s)
}
Besides this code actually working (This is exactly what we have in Production, with some of our logging library calls stripped out), this code won't freeze a thread while waiting on network.
The awaits allow the thread to step away while the network does its thing, both in writing the verification request to Paypal, and in receiving the response back, both of which could be a long time.
Related
Currently I use NopCommerce 3.60 and use FB External Login.
Problem:
After I login in Nop by FB External Button and it returns to URL mydomain.com/login#_=__ with red message (Email is required) and it does not login user in.
Screenshot: http://postimg.org/image/wvgu6wvud/
What I was try:
Reinstall Nop from scratch and has below setting
In advance setting and option I has:
Externalauthenticationsettings.requireemailvalidation False
Auto register enabled: Checked.
Registration method: Email Validation
I try to debug source code in file name FacebookProviderAuthorizer.cs in Nop.Plugin.ExternalAuth.Facebook folder and also does not get email value too.http://postimg.org/image/qwmphn9tn/
Have anyone suggest me what to do next for this problem please.
Fixed. You can see changeset 5bb6815e30ee
I am not familiar with Nop, but it is possible to register at Facebook without an email. This is why most libraries for fb-oauth checking against eMail and if there is no email, they create an user-id#facebook.com eMail address.
Maybe your Nop library of fb-oauth is out dated?
So please check if there is such a function - if not, you might got your problem.
Somehow FB doesn't include email in oauth. You can use this method to get email and supply that email to register.
//as part of the uri for the webrequest, include all the fields you want to use
var request = WebRequest.Create("https://graph.facebook.com/me?fields=email,name&access_token=" + Uri.EscapeDataString(authorization.AccessToken));
using (var response = request.GetResponse())
{
using (var responseStream = response.GetResponseStream())
{
System.IO.StreamReader streamReader = new System.IO.StreamReader(responseStream, true);
string MyStr = streamReader.ReadToEnd();
JObject userInfo = JObject.Parse(MyStr);
//now you can access elements via:
// (string)userInfo["name"], userInfo["email"], userInfo["id"], etc.
}
}
So this is what i did so far and it doesn't work, i will appreciate any help on the matter:
my goal is to post back any webhook event that occur in my paypal sandbox account.
So i have 2 accounts,
one that belongs to the receiver of the money, call it "facilitator",
one that belong to the "buyer",
Now in my account,there is a Sandbox webhooks configuration, so i entered the following:
https://csdieuqkzo.localtunnel.me
goes without saying that this comes from localtunnel.me.
So in my project, i do a simple sale using the api... this is the full create sale process:
$payer = new Payer();
$payer->setPayment_method('paypal');
//dd($payer);
$item = new Item();
$item->setQuantity('1');
$item->setName('benny');
$item->setPrice('7.41');
$item->setCurrency('USD');
$item->setSku('blah');
// //var_dump($item);
$items = new ItemList();
$items->addItem($item);
//var_dump($items);
$amountDetails = new Details();
$amountDetails->setSubtotal('7.41');
$amountDetails->setTax('0.03');
$amountDetails->setShipping('0.03');
$amount = new Amount();
$amount->setCurrency('USD');
$amount->setTotal('7.47');
$amount->setDetails($amountDetails);
$transaction = new Transaction();
$transaction->setAmount($amount);
$transaction->setDescription('This is the payment transaction description.');
$transaction->setItemList($items);
// echo '<pre>';
// print_r($transaction);
$RedirectUrls = new RedirectUrls();
$RedirectUrls ->setReturnUrl('https://csdieuqkzo.localtunnel.me/#/pricing');
$RedirectUrls ->setCancelUrl('https://csdieuqkzo.localtunnel.me/#/');
$payment = new Payment();
$payment->setIntent('sale');
$payment->setPayer($payer);
$payment->setTransactions(array($transaction));
$payment->setRedirectUrls($RedirectUrls);
// echo '<pre>';
// print_r($payment);
// dd();
$response = $payment->create($this->apiContext)->toarray();
Session::put('pay_id',$response['id']);
return Response::json($response);
After this there is a redirect to paypal, approval and when it comes back to my site, it excute with the following:
$payerId = Input::get('payerId');
$payment = Payment::get(Session::get('pay_id'), $this->apiContext);
//return $payerId;
$paymentExecution = new PaymentExecution();
$paymentExecution->setPayer_id($payerId);
$approval = $payment->execute($paymentExecution, $this->apiContext)->toarray();
return Response::json($approval);
Then an object is coming in saying the state of this transaction is approved, super, but i don't see any post to the webhook url i defined earlier...Now how did i test it?
I wrote a simple script to the post method of my root (in laravel):
Route::post('/',function(){
$myfile = fopen("bennyfile.txt", "a") or die("Unable to open file!");
$txt = "\nouterequested";
fwrite($myfile, $txt);
fclose($myfile);
});
Means whenever a post request is coming to the following url (in my case, a post to the root of:https://csdieuqkzo.localtunnel.me
I just want to add a line, that's it...but it doesn't update anything!...
for example if i do a post request from postman to the same place, all is good, but when a sale is approved, or any other action, nothing is happening.
Why?
This is a paypal document which helps you understand how webhooks works.
https://developer.paypal.com/docs/integration/direct/rest-webhooks-overview/
webhooks is http call back mechanism, ideally, you will need a valid url as your webhooks endpoint to test the webhooks notification message posted by PayPal. If you did sale using paypal wallet, you should get PayPal's webhooks notification message in JSON format at your endpoint. webhooks doesn't support direct credit card case yet.
If you want to test your listener script on local, you can use postman tool to post the sample message to your local url and test.
Using "localhost" isn't going to work because when PayPal's servers hits that address they're just hitting themselves. You need to setup DNS to point a domain to a virtual server on your local machine instead so that you can use a fully qualified domain name instead of localhost.
I am currently testing credit card payments using the PayPal payments pro Rest API.
I keep getting the following error:
Exception in HttpConnection Execute: Invalid HTTP response The remote server returned an error: (400) Bad Request. --->
I created and activated my PayPal test account and as following:
Credit card
Credit card number:
ccnumber here
Credit card type:
Visa
Expiration date:
3/2019
When I enter the above information in my payment form and submit I keep getting the 400 bad request error.
I have gotton this to work before with the PayPAl joe shopper account but lost the test cc number.
I am 100% sure I have authenticated with the oauth2 credentials
What is the likely cause of this error?:
I am entering a random payer first name and last name .
Does the name have to exsist?
What could be causing the error
If anything goes wrong in the data given, paypal api will return a 400 - Bad request error.
When I got the error(PHP SDK), I caught the exception and $ex->getData() returned a json which contains the details about the bad request, in my case the currency code I given was wrong.
try {
$payment->create($apiContext);
} catch (PayPal\Exception\PPConnectionException $ex) {
var_dump(json_decode($ex->getData()));
exit(1);
}
Like others here have said, there are several things that can cause the (HTTP 400 - Bad Request).
In my case it was due to using the same invoice number. For temporary testing I just used the ShoppingCartID that I generated with a guid. You could also use a Random number generator as well. Ultimately you will need to generate an invoice number to the clients specifications.
-Good luck
I just had the same problem (HTTP 400 - Bad Request). The cause is a REST API request with "errors". In my case I had two causes:
I passed amount details to an Amount object but the sum of subtotal, shipping an tax was not equal to the amount total.
I passed amount currency values including a fracture, but passed not exactly two decimals but only one. Obviously the REST API is a bit touchy and accepts only either no or two decimals.
I passed an item_list in the Transaction object but the sum of the prices in the Item object was not equal to the subtotal given in the amount details.
I don't know a way of finding the actual cause of the error (if there is one).
In your case it could be the name of the payer that you add. Try without.
Edit:
I just tried out: It is indeed the payer info. I passed a payer_info with first and lastname and got HTTP 400 (without everything worked). I assume that payer_info must not be set by us but is set by PayPal when returning a Payment object.
Payer payer = new Payer { payment_method = "paypal", payer_info = new PayerInfo {
first_name = "Zaphod", last_name = "Beeblebrox"} }; // => HTTP 400 - Bad Request
firstly find out what exactly what Your error is
payment = PayPal::SDK::REST::DataTypes::Payment.new(...)
payment.create
# got Response[400]: Bad Request here
payment.error
# got {"name"=>"VALIDATION_ERROR", "details"=>[{"field"=>"transactions", "issue"=>"
then find out what Your issue here to get more info
https://developer.paypal.com/webapps/developer/docs/api/#validation-issues
I had the same issue. In my case it was Credit Card issue which might be over used. So I have taken new Credit card Number from this site Testing Credit card and replaced with the old one.
Here is Credit Card Information that I used
credit_card = new CreditCard()
{
billing_address = new Address()
{
city = "Johnstown",
country_code = "US",
line1 = "52 N Main ST",
postal_code = "43210",
state = "OH"
},
cvv2 = "874",
expire_month = 11,
expire_year = 2018,
first_name = "Joe",
last_name = "Shopper",
number = "4024007185826731", //New Credit card Number, Only Card type should match other details does not matter
type = "visa"
}
Note: All the Credit Card mentioned in PayPal site are not working, giving same issue for me. If it working for you then it's good otherwise use new testing Credit Card Number. Hope this will help someone.
Thank you! Enjoy Coding!
I too got struck with this issue, there might be many other possible root cause for this failure but then in my case all my passing argument is correct, but then it failed in sandbox environment, I just changed Payment option from PayPal Balance to Visa then it started working.
I recently had a 400 bad request error as well. In my case, I was processing a refund using RefundRequest, and it appears that PayPal recently changed the constraints on the "reason" field (although it isn't documented that I can find) so my lengthy descriptions of what was being returned were no longer acceptable. I found the error only because I saw another field where PayPal was now requiring that it be only single-byte alphanumeric characters. What actually helped though, was shortening the data I was putting through as a reason to simply "Returned items".
Obviously this is an old thread, and I'm sure the original problem was solved long ago, but if using some of the above methods to determine more information about an error don't yield results I would suggest submitting a request with the bare minimum of information until you can get it to go through. Then, start adding additional fields/information back to see if you can identify which field contains the information causing the bad request. That would have worked for my issue, at least.
Understand your errors
PayPal returns detailed data on every exception (except 500 INTERNAL_SERVER_ERROR), explaining what was the exact error you are seeing. You can retrieve that as follows:
Update your exception handling to catch PayPalConnectionException and print $ex->getData() as shown below:
try {
$payment->create($apiContext);
} catch (PayPal\Exception\PayPalConnectionException $ex) {
echo $ex->getCode(); // Prints the Error Code
echo $ex->getData(); // Prints the detailed error message
die($ex);
} catch (Exception $ex) {
die($ex);
}
It is due to the wrong currency or amount you have given.
I faced the issue in React JS
I was doing this. in the createOrder method.
purchase_units: [{
amount: {
currency_code: 'PHP',
value: totalAmount
}
}],
that was the issue. If i gave any currency other than USD i will get the 400 Error. So i removed the currency_code from here
And I moved the currency declaration into my component declaration.
like this.
options={{
clientId: " Your_ID " ,
currency: "PHP"
}}
Here you can give any currency you want. This solves my 400 Error
If you use Paypal Sandbox for testing Driver and on first try with buggy code it shows the client a 400 Bad request error.
Reason:- Paypal sent JWT auth and it was stored in the client's local storage.
Suggestion:- Try to clear the client's local storage cache (You only need to clear the Paypal Token).
This works for me, I hope it works for you :)
I am using a paypal ipn script i found here
http://coderzone.org/library/PHP-PayPal-Instant-Payment-Notification-IPN_1099.htm
I am aware that I can send information to paypal and get a response. It states I can get the information back using $_POST . My query is how do I specify the UK currency?
Also wanted to clarify a minor point. Am I correct that this is how i can confirm it was a success.
if ($_POST['payment_status'] == 'completed')
// Received Payment!
// $_POST['custom'] is order id and has been paid for.
}
This might be a little late for you sorry, but just in case - I currently use "currencyCode" = > "AUD" and it is working in the sandbox.
There's a full list of the currency codes available at PayPal
For yours, I'm guessing it would be:
$p->add_field('currencyCode', 'GBP');
As for your question about the IPN itself, it looks like you're on the right track. It will depend on the data you're getting back and whether you're interested in the individual transactions (if using adaptive payments) or if you're reversing them all on error etc. The easiest way to determine what you'll need to do is to simply display or log all the post data so you can see how it's constructed.
You'll also need to set it up so that the script is accessible by PayPal. You'll then pass the full URL of this script to the "notify_url" parameter and send it off to PayPal. Once the payment has completed PayPal will send a bunch of information to your script so that you can process it.
Unfortunately I'm not from a PHP background so I can't give you the exact code you'll need. Also note that there are a lot of security issues that you'll want to look into before going to a production environment. Not sure if you already intend to do this with that validateIPN function, but you need to ensure that you can tell whether it comes from PayPal and not a malicious user. One way would be to pass a value using the custom attribute and have PayPal pass this back to you, however you'd be much better off using the API certificates etc.
If you haven't already, it may be worth checking out a few of the sample applications PayPal has done up, there seem to be quite a few PHP ones.
Let me know if you need anything else,
Use this, it works for me
$p->add_field('currency_code', 'GBP');
You need to use PayPal Adaptive Payments, IPN wouldn't help.
PayPal Adaptive Payments
Using PayPal PHP library then it could look like this:
// Create an instance, you'll make all the necessary requests through this
// object, if you digged through the code, you'll notice an AdaptivePaymentsProxy class
// wich has in it all of the classes corresponding to every object mentioned on the
// documentation of the API
$ap = new AdaptivePayments();
// Our request envelope
$requestEnvelope = new RequestEnvelope();
$requestEnvelope->detailLevel = 0;
$requestEnvelope->errorLanguage = 'en_GB';
// Our base amount, in other words the currency we want to convert to
// other currency type. It's very straighforward, just have a public
// prop. to hold de amount and the current code.
$baseAmountList = new CurrencyList();
$baseAmountList->currency = array( 'amount' => $this->amount, 'code' => 'GBP' );
// Our target currency type. Given that I'm from Mexico I would like to
// see it in mexican pesos. Again, just need to provide the code of the
// currency. On the docs you'll have access to the complete list of codes
$convertToCurrencyListUSD = new CurrencyCodeList();
$convertToCurrencyListUSD->currencyCode = 'USD';
// Now create a instance of the ConvertCurrencyRequest object, which is
// the one necessary to handle this request.
// This object takes as parameters the ones we previously created, which
// are our base currency, our target currency, and the req. envelop
$ccReq = new ConvertCurrencyRequest();
$ccReq->baseAmountList = $baseAmountList;
$ccReq->convertToCurrencyList = $convertToCurrencyListUSD;
$ccReq->requestEnvelope = $requestEnvelope;
// And finally we call the ConvertCurrency method on our AdaptivePayment object,
// and assign whatever result we get to our variable
$resultUSD = $ap->ConvertCurrency($ccReq);
$convertToCurrencyListUSD->currencyCode = 'EUR';
$resultEUR = $ap->ConvertCurrency($ccReq);
// Given that our result should be a ConvertCurrencyResponse object, we can
// look into its properties for further display/processing purposes
$resultingCurrencyListUSD = $resultUSD->estimatedAmountTable->currencyConversionList;
$resultingCurrencyListEUR = $resultEUR->estimatedAmountTable->currencyConversionList;
Are there any examples of using facebook credits on Google App Engine?
I found this blog post , but it's not complete
http://blog.suinova.com/2011/01/integrating-facebook-credits-api-into.html
I got the sample runwithfriends example working on the App Engine, tried to expand it with Credits, no luck so far.
Also searched for the FB developer forums, got nothing.
Any resources you can point me to?
What's not working:
1) When I click on the "pay with Facebook" button, I get an "Application Error" , without any error code.
-Checked the javascript console
-Checked the fb app settings
-Tried on local server and production server
2) The callback.py isn't complete, because i could not parse the signed request (no code available in py for me to learn from)
3) What I basically did was to add code from Suinova Designs (link above) to the existing Run With Friends app code. Didn't turn out as expected.
my code so far:
//payment_page.html
<html>
<table>
<tr><th>Name</th><th>Price</th><th> </th></tr>
<tr><td>Something to buy</td><td>10 FC</td><td><a href="" onclick="return buyit();">
<img src="http://www.facebook.com/connect/button.php?app_id=215638625132268&feature=payments&type=light_l" />
</a></td></tr>
</table>
// javascript
function buyit(){
FB.ui({
method:'pay',
purchase_type:'item',
order_info:{
item_id:'myitem',
title:'Something to buy',
price:2,
description:'Whatever',
image_url:'http://www.facebook.com/images/gifts/21.png',
product_url:'http://www.facebook.com/images/gifts/21.png'}
},
function(resp){
if(resp.order_id) window.top.location='http://apps.facebook.com/runwithfriends trial'; else alert(resp.error_message);
});
return false;
}
//callback.py
class FacebookPaymentRequest(webapp.RequestHandler):
def post(self):
signed_request = parse_signed_request(self.request.get('signed_request'),conf.FACEBOOK_APP_SECRET)
payload = signed_request['credits'] #credits:{buyer:int,order_id:int,order_info:{},receiver:int}
order_id = payload['order_id']
method = web.request.get('method')
return_data = {'method':method}
if method == 'payments_get_items':
order_info = payload['order_info'] #order_info:{item_id:'',title:'',description:'',price:0,image_url:'',product_url:''}
item = simplejson.loads(order_info) #needs to convert JSON string to dict
#check item,price,etc and reply
return_data['content'] = [item]
elif method == 'payments_status_update':
status = payload['status']
return_data['content'] = {'status':'settled','order_id':order_id}
if status == 'placed':
#just return settled status to Facebook, this may be called twice
order_details = simplejson.loads(payload['order_details'])
#check and log here
elif status == 'settled':
order_details = simplejson.loads(payload['order_details'])
#order_details:{order_id:0,buyer:0,app:0,receiver:0,amount:0,update_time:0,time_placed:0,data:'',items:[{}],status:'placed'}
buyer = order_details['buyer']
item = order_details['items'][0]
#now save this transaction into our database
else:
#may be refunded, canceled, log the activity here
return_data['content']['status'] = status
self.response.out.write(simplejson.dumps(return_data))
Your python code looks fairly normal so I would guess that you are simply having trouble with your authorization. Depending upon how you authorize (a process a fair amount more complicated that the credits system), you are likely being given a signed request that is only partially authorized... meaning you are authorized to access only certain parts of facebook, but generally not authorized to access the active/logged-in user (i.e. me).
You can verify this by determining if you signed_request is a full 80+ characters (as opposed to around 40). Generally I try to authenticate by deciphering the profile (signed_request), if that fails then I try to use a previously stored cookie, then if that fails I try to relogin the user. I determine failure by placing try/except around my calls to get a "me" object through the GraphAPI.