I wanted to use Paypal's IPN service to verify payments for a recurring subscription charge for my website. How do you tie the IPN confirmations to a user in your site?
The IPN confirmation message has a name, email, paypal ID, recurring payment ID, but it seems to not give a unique identifier since I don't know where the paypal ID or recurring payment id comes from and it may not be trivial to uniquely match up the name/email that a user has on their paypal account (or entered there) with the name/email I have for them on my site (there may be many John Smith's and the person may choose to use a different email.)
1) When I send the initial payment request to Paypal, I can attach a unique UUID in the URL I ask them to send back to me, so if I save that unique ID for that user I can match that payment confirmation to the user who initiated it. Am I making that harder than it is? Is there an easier way?
2) Also, for a recurring/subscription charge, does paypal always use the URL I specified with the initial payment initiation? Does anyone have practical experience using the recurring Paypal payments with IPN's, does it reuse that unique URL? Or do I have to associate the Paypal ID's with the user after the first recurring payment is received?
Attaching unique data to the payment request is pretty much the accepted way to do it.
I don't have any experience with recurring charges.
I recently also set up some reoccurring payments with Paypal.
I actually wanted people to register as members after paying for the subscription, if they wanted to. As having to sign up as a member could add some friction to the sale process. So I don't send any user info along with the Subscribe button.
What my IPN script does is generate a unique activation code tied to the Paypal subscriptionID in the Activations table, then it sends this code to whoever paid for the subscription, with instructions on how to activate.
At the point of activation, you need to register or login. At this point the userID is added to the relevant row in the Activations table.
When the EndOfTerm IPN notification comes in the IPN script looks up the userID from the Activations table based on the SubscriberID given in the IPN. Then I can do whatever I need to do to that user to disable their subscription.
At all time the URL of the IPN script remains the same.
1) You can send an 'item_number' parameter with the initial subscription setup, which will get passed back to you. I'd suggest embedding an identification token in it.
2) If you mean the 'return' parameter, no, that's for sending the user to at the conclusion of the subscription setup. The renewal is automatic and doesn't 'ping' that page.
1) You want to be using the item_number parameter. Set this in your HTML form shown to the customer, and it will be returned to you by the paypal IPN, so you can put a database row ID in here, and use it to match up to the right person later.
Related
I am building a payment system where a user can make a payment against an orderId
I want to make sure that only one payment gets through (gets captured)
The payment flow is like this:
1- User clicks on Paypal button
2- a Transaction PENDING_PAYMENT gets created for the user with orderId
3- User pays in Paypal
4- Paypal sends webhook and marks the payment as AUTHORIZED
5- The system CAPTURES the payment
as you see, the user can open multiple Paypal pages and pay all of them at the same time, there's no way for me to prevent this, but I want to be able to CAPTURE only one of these payments. (so I can automatically refund the rest of the payments)
I really appreciate any help, Thank you in advance.
When you set up the PayPal transaction for approval, pass a unique invoice_id to PayPal that has never before been used for a successful payment on that PayPal account. This could be your orderId, perhaps with some additional prefix added if desired. (For instance if you had multiple storefronts on the same PayPal account that might use the same order numbers, a prefix of 3 letters and a dash indicating the store name is a typical choice)
By default, PayPal accounts prevent (block) any subsequent payments for an invoice_id that was previously used for a successful payment on that account -- precisely to prevent accidental payments for the same thing, as is your use case.
A listener on my website 'listens' for successful purchases made via Paypal. Data retrieved by the listener includes a post variable that I can set before initiating the purchase. This is possible with Paypal's IPN(Instant Payment Notification). I am trying to get the IPN to recognize the users account on my website upon purchase. Every account on my website has a unique user ID number.
I have tried passing the accounts unique ID through Paypal's "Custom" variable so the IPN can listen for that. Though I think this is a bad idea because then people can purchase things for another account if they passed their unique ID. Though this is a guaranteed purchase handler, hackers can take advantage of this with social engineering.
I see that some people instead pass the session_id with php, but this isn't safe because the listener would have no way of recognizing the user's website account if the session_id were to disappear. I also see that people will pass a cookie tied to the user's unique account. I don't think this is a good idea because the cookie could be cleared.
It is to my impression that I can not send a refund or cancel a purchase if the user's account could not be identified(Without doing it manually). What checkout flow should I do?
I would create a local invoice record in your system, and this invoice would get a customer ID associated with it.
Then you can use the INVOICE parameter to pass the invoice ID to PayPal, and that would come back in IPN where you can then lookup the customer ID based on that invoice ID.
I am selling my software on line, and using PayPal for payment processing. Every time someone buys my software, I get notified by PayPal, at which point I take the purchaser's name and encrypt it onto a unique password with which they can unlock the software. I e-mail this password to the user.
I'd like to automate this step, so that every time PayPal processes the payment, the user name is used to create an unique password, and the email is sent directly to the user. Is that possible from PayPal's side?
You have many options. For example:
PayPal - Instant Payment Notification. Basically, everytime one of
your clients buys your software PayPal will notify you using the url
you set in your button for IPN. Please check the documentation
HERE
Express Checkout. DOCUMENTATION
Is there a way in PayPal Classic API (PayPal Payments Standard with the BuyNow button form) where I can turn off the sending of the customer receipt email?
See, there's a bug currently on the PayPal website where it won't let you add another primary account. So, this means the CEO's name and primary email account are going out on every customer receipt. I called PayPal tech support and they said it was down for now, but after 3 days of reattempting to add a replacement primary account, the bug still is there. So, I thought I'd go another route -- not sending the receipt at all. Is that possible?
Unfortunately there is not a way you can turn of the email notifications that go out to the buyer.
I currently have a simple Paypal button on my website where people enter some information which is saved into a database, and the button then takes them to paypal to pay £20 to join. The problem is there is no link between the website and paypal, so I have to manually cross check who has joined on the website against Paypal each time.
I've looked into Paypal IPN which looks ideal, but I can't work out how to match the transactions up.
i.e. IPN sends me a txn_id, but I don't have that at my end. I need a way to send a generate & save a unique ID per transaction, that goes to Paypal with the user, and Paypal then sends back to me via IPN.
I'm quite lost in Paypals shoddy docs, so any help from SO would help!
(Off topic rant: why to Paypal have so many domains: paypal.com, paypal-business.com, x.com, paypal-marketing.com,... Can they not spell phishing?!)
Pass YOUR id (like the DB row id) to Paypal with custom variable, you can cross reference it using the custom variable from IPN.
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_IPNandPDTVariables