You have finally decided IPN is the solution to your website application. You don’t want to pay someone else to do it. It can’t be that hard, can it? Where can you get some practical advice from people who have been there, done that. This article will answer these questions and help you decide if you are able to write that code. If you find it too complicated there are a few commercial products out there that will handle everything for you so don’t lose heart if you find yourself stuck.
Instant Payment Notification is better known as PayPal IPN and is PayPal’s interface for handling real time confirmation of purchases. A typical use for IPN is where you want a customer to pay for a software download.
PayPal provide 3 different types of account. Personal, Premier and Business. You will need Premier or Business to use IPN.
PayPal IPN messages are not synchronized with actions on your website. You detect IPN messages from PayPal with a piece of code known as a listener.
You specify the URL of your listener in your PayPal account’s profile but you can override this for specific transactions when you setup a button or API operation. You can also temporarily turn off the sending of IPN messages, useful if your site is down for maintenance. They are still generated and stored until you switch sending back on again.
You must perform a number of checks on the IPN message received from PayPal.
- Check the email address to make sure it is yours
- Check that you have not already processed the transaction identified by the transaction ID
- Make sure that the transaction’s payment status is “completed”
- Verify that the payment amount actually matches what you intend to charge
When you are developing your website you really don’t want to be trying to get it working by experimenting on a real money system. Any early bugs in the system could leave security holes but even if you write perfect code it is best not to do your testing using real money.
PayPal provides what they call a sandbox, almost identical to the live PayPal system. You can setup fake customers with fake money and make as many test purchases as you want. The perfect system to fully test your web application.
There is a Sandbox Forum on the developer network. It’s a great place for advice.
Testing your Listener
The Sandbox has an excellent IPN Simulator (under Test Tools) which lets you choose the transaction type, fill in all the parameter values and send a test IPN to a specified address.
PayPal provides an IPN history page under the My Account tab. Click on History to see it. It includes everything you want to know about each IPN message including the following Status values.
- Sent: indicates that PayPal sent the message to your IPN listener
- Failed: indicates that PayPal did not receive an acknowledgement to the message
- Queued: indicates that PayPal is ready to send the message
- Retrying: indicates that message was resent between 1 and 15 times and PayPal continues to be resend the message
- Disabled: indicates that the message will not be resent because the merchant’s account has been disabled
The best place to search for information is the PayPal Integration Centre which has guides, code and links for everything to do with integrating your website with PayPal.
The one place you MUST visit is the PayPal IPN Forum on the developer website. As well as a constantly changing list of discussion topics about IPN, there are some good sticky posts about troubleshooting tips, IPN variables, template code etc.
PayPal IPN is a difficult subject but the combination of an excellent testing environment in the form of the sandbox and the good quality advice provided through the forums should make it possible for you to get your website application up and running.