I integrated PayPal to a custom website. Post integration, did a transaction test. All params seemed to pass through correctly. Made the transaction payment (for trial basis kept amount as low as $ 0.02) and PayPal perfectly executed it and redirected it to the url that i had defined for success trn. However, neither does the seller paypal account show the turn nor has $0.02 been debited from the buyer's paypal id.
Kindly let me know of the mistake if any. Under what circumstances is such a thing expected.
P.S: The balance in the sellers account is $0. Is it possible that because of the negative value, the turn did not go through? ($ +0.02 - $0.3) : 0.3 being the commissions
It could be a number of things.
Try catching the response sent by paypal and putting it into a log file.
Simply do this:
ob_start();
print_r($_POST);
$data = ob_get_clean();
file_put_contents('log.txt',$data,FILE_APPEND);
This will help you in determining what the problem is. A lot of times, the transaction is in "pending" mode.
Related
I currently have a fully working cart and checkout process through PayPal _xcart method, but I want to migrate it to REST API, mainly because I want to mitigate the possibility of price-jacking. Currently my IPN does check for price jack and sets the according flags so the product doesn't get downloaded (selling digital products only). Anyway more to the point, I found the PayPal documentation very confusing and I'm struggling to get the full grips of it.
This is what I have understood and worked out till now.
Using my PHP script (let's call it page A) I create the cart content, then I create a new PayPal sale and redirect the client to PayPal for authentication
Client authentication on PayPal, then it's redirected back to my site to page B (page B is defined in page A)
Page B needs to get the PaymentID (from page A) and use it to effectively complete the transaction. Once competed finalize the checkout.
Now here are my problems:
a) I had read quite a few forums and tutorials and they all mention that I should use a session to store the PaymentId from Page A and then use it in Page B to finalize the transaction. Some threads on SO suggests that PayPal should actually include the PaymentID in the call to page B, along with the token and the PayerID. Those are almost 3 years old posts and during my testing I see that PayPal now does return the PaymentID as well.
Is this a new thing, did PayPal really started to send the PaymentID as a GET variable? OK I found this on PayPal SDK documentation (not PHP of course some other language) that they return the PaymentID as well as a GET.
Is there any disadvantage on using the GET presented by PayPal compared to storing a session from page A to B? I don't really wan't sessions, so GET will be ideal for me. I guess if it is on PayPal documentation it's safe to use.
Will this work on the live page as well or only in Sandbox?
b) On Page B when I execute the Payment I get a nice JSON as response, but in the same time my IPN listener also gets called, and this is what confuses me big time. Can/Should I just trust all the data which is in the JSON response and more or less ignore the IPN listener? This will make sense for instant download, for example, much more easier to process, or should I still rely on the IPN for data validation?
If I use only the JSON returned to Page B, which are the correct fields to look for and what values? For example, there is a state field which is approved and another (Transactions -> related items -> state) which is competed. Which one do I need to check?
If I rely on the JSON do I still need to check if the paid amount matches the original amount or can I trust that the payment is equal to the amount I have requested in my call?
If I use the IPN how can I pare it with the transaction? The PaymentID doesn't show up in the variables posted to the IPN. The only way I could think of is to get the txn_id from the JSON response, but somehow that feels odd, plus how can I know if the JSON response hit the server BEFORE the IPN?
Can/Should I just trust all the data which is in the JSON response and more or less ignore the IPN listener?
Yes, and no. In that order.
In a nutshell, you can't trust the payment ID in the call to "Page B" (it could be forged, faked, repeated etc) but you can trust the response YourServer->PayPalServer as it can't be intercepted and faked by the end user.
So your process is (as you describe above)
Page A: Create a sessionID (cookie), amount, cart details etc and store in a local database/storage. You can also create a "custom" field to store your own saleID
Send off amount etc to Paypal, which returns you to ....
Page B: Grab the PayPal TransactionID and send back (server->server) to PayPal. Paypal returns the amount, state etc. Then check your database that the amount is the same and that it belongs to the sessionID. If you also use custom fields, check that too. If everything marries, you're good. If not, it's up to you how to handle.
The status should be "complete" for a simple sale at this point; but (as with IPN below) you should verify this.
Do check the amounts, just in case. They should match, but if not, the PayPal one will be what you receive and it's up to you to accept it, flag it (and phone up) or refund through the API and reject the order etc.
So why have IPN?
It is possible that the user completes the transaction on Paypal and then closes their browser before "Page B" is called. In this case, the only way you know about the order is through the IPN.
If you get an IPN notification going to your IPN handler, IPN can still be faked, but there's a slightly different way of verifying.
You actually send the IPN information back to Paypal (server to server) and Paypal confirms it's correct or wrong (https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNIntro/). Your IPN handler will then check the transaction ID (yes, that's what you use) and verify everything matches in the database (just like you do in "Page B"). If it does, mark the order as complete if the status is complete (and if not already marked as complete in "Page B").
Obviously you can't display anything to the user at this point as they are not the ones that called the page.
The docs above warns you that you can get multiple IPNs for the same transaction so you also need to check status.
(Note: you could use the APIs to verify the transactionID as you do in "Page B").
So why not reply on IPN?
Paypal warn that the IPN may not arrive. Paypal explains it best:
Although PayPal usually processes IPN messages immediately, IPN is not synchronized with actions on your website. Internet connectivity is not always 100% reliable and IPN messages can be lost or delayed. The IPN service automatically resends messages until the listener acknowledges them. The service resends messages for up to 4 days.
Because IPN is not a real-time service, your checkout flow should not wait for the IPN message before it is allowed to complete. If the checkout flow is dependent on receiving an IPN message, processing can be delayed by system load or other reasons. You should configure your checkout flow to handle a possible delay.
So back to the original question
Yes: rely on the JSON (server->server) call you make to verify the parameters to "Page B" (and in and the IPN handler if you choose)
No: Don't ignore the IPN in case Page B never gets called. But still run the verification checks here too.
Yes: Check state = complete for both "Page B" and "IPN handler"
Yes: Use the Paypal TransactionID, but mix into your own database with either custom fields or sessionID.
Yes, you can/will get both Page B and IPN notifications, I'd suggest ignoring the IPN if the payment is already marked as completed, otherwise process and handle appropriately. They should be using the same database.
Using PayPal NVP PHP API. When a payment is submitted $ACK response equals "FAILURE" with the long message "THIS TRANSACTION CANNOT BE PROCESSED. PLEASE ENTER A VALID CREDIT CARD NUMBER AND TYPE.".... however the payment does go through. I end up getting paid multiply times because of the Failure response error. Does anybody have any experience with this?
It sounds to me like you must somehow have duplicate API hits happening, where the first one includes all the correct details and processes the payment, but then you have one following that up which is empty and returning the error, and that's the result people are seeing on the site.
I would make sure you have logging setup of some kind so you can see all of the API requests and responses, and then when you run a test order check to see if you're getting more logs than you expect.
we have implemented express checkout very well.
we get ipn response for each transaction.
we done these thing in sandbox.
now we are making recurring payment with express checkout.
here the recurring profile is creating proper,
But i am not getting any ipn notification for transaction and also not any transaction is done for that profile.
Can anyone suggest me solution for this issue.
Help will be highly appreciated.
Thanks
vijay
Recurring Payments transactions send IPN's just fine, so my guess is your IPN script must not be handling them correctly or maybe just "doing nothing" with them. For example, if you're only handling a specific txn_type, then you might be missing out on other stuff.
Log in to your PayPal account and check your IPN History and you should see a list of all the IPN's it's been sending. You can see if it's returning Success or Fail, there, because another possibility is that your IPN script is simply failing when a certain txn_type hits it.
Your own web server logs can be a big help when troubleshooting that sort of thing, too. If you are getting some IPN's, though, it would be sending them all, so something must be going on to make you think they're not sending when they are.
I hope someone can help with this problem I'm having.
I am building a shopping cart solution using the PayPal payflow api. I have been able to submit successful transactions but. I am having problems with AVS checks and validation.
It seems if I enter an incorrect expiry date the transaction is still successful. Entering a valid CVN number, the paypal response suggests CVV2MATCH=N even when the CVN number is correct.
I've been told I can set up fraud filters, but I cant seem to find these settings. I have checked paypal and the manager paypal accounts.
Any help would be greatly appreciated.
The response codes for AVS and CVV2 come from the card issuing bank, so if you're absolutely certain you're entering the correct value and it's still coming back with an N then you need to call the card issuing bank and as them why that would be happening.
Fraud Filters need to be activated on your account in order for you to have access to them. The easiest way to do this is to call PayPal and request it.
I'm using PayPal on a website that I'm currently working on and everything works correctly: user is sent to paypal, pays, and comes back and IPN validation is working perfectly.
The only thing is that I noticed, using the sandbox, that the transaction number given to the buyer is not the same as the one I get in the IPN data (txn_id). I'm wondering how am I supposed to help a customer on my website if he gives me the confirmation number he got on his invoice and it's not the same as in PayPal's system? Is there something that I missed in my IPN scripting that would allow me to get that same information? I didn't see anything about that in the documentation and I'm probably not the first developer who notices that...
Thanks for any kind of help you can give me.
A seller's transaction ID is different from a buyer's transction ID, since they're two different actions (one debit, one credit).
See from
PayPal IPN unique identifier