There are several ways of retrieving paypal payment data after the payment is completed. I’ve been thru a lot of confusion in development paypal process before, to use the correct technology for your choice. Sometimes the technology is mismatched with the settings you made and you get unexpected results. I hope this article will help clear things up kids.
Option 1: Post to return page
How does it work?
- After finishing the payment on PayPal, the customer clicks on a button.
- PayPal posts payment data to your URL in a HTML form.
- You post a form (format is described in the IPN section below) to PayPal. PayPal responds with a single word VERIFIED or INVALID.
- If you receive VERIFIED, you can be confident that the form you received came from PayPal and wasn’t tampered with. Do whatever you need to do with the form data.
Settings:
- Specify a return url in the return variable in your html form. The return url must be an absolute url.
<input type=”hidden” name=”return” value=”your_url_here”>
- set the rm variable to 2.
<input type=”hidden” name=”rm” value=”2″>
- Auto Return = Disabled in account profile (if Auto Return = Enabled, you won’t get any data)
- PDT = Disabled in account profile
- IPN = Disabled in account profile
Sample script: http://paypaltech.com/SG2/
I don’t recommend this as a stand-alone solution because you can’t guarantee that the customer will click on that button after the payment. Many customers simply close their browser or navigate away because they are done with their payment.
Option 2: Payment Data Transfer (PDT)
- is a secure method to retrieve the details about a PayPal transaction so that you can display them to your customer.
- It is used in combination with Website Payments Standard, so that after a customer returns to your website after paying on the PayPal site, they can instantly view a confirmation message with the details of the transaction.
- PDT is not meant to be used with credit card or Express Checkout transactions. This page describes how PDT works and how to configure your account to use PDT.
How does it work?
- After finishing the payment on PayPal, the customer is automatically redirected to your page.
- PayPal sends a GET request to your page. If your URL contains a query string, PayPal will append parameters to the URL. For example: http://yoursite/yourpage?yourparam=yourvalue&tx=3KK900354R868601V&…..
- You post a form to PayPal with cmd=_notify-synch, the tx token you received in the query string and the identity token in your account profile when you turned on PDT.
<form action=”https://www.sandbox.paypal.com/cgi-bin/webscr” method=”POST”>
<input type=”hidden” name=”cmd” value=”_notify-synch”>
<input type=”hidden” name=”tx” value=”3KK900354R868601V”>
<input type=”hidden” name=”at”
value=”lpeb7DhJWXz5BU43tiarWlo42×5g-Nvv0oJCORuEVsmY9JiRuVUDW2jAHUI”>
</form>
- PayPal responds with a block of text with SUCCESS or FAIL on the top. If it’s SUCCESS, name value pairs on separate lines follow the SUCCESS line.
- If the response has SUCCESS on the top, you read the rest of the lines from the response.
Settings: - specify an url for PDT in your account profile or in the return variable in your html form. The url must be an absolute url.Code:
<input type=”hidden” name=”return” value=”your_pdt_url_here”>
- Auto Return = Enabled in account profile
- PDT = Enabled in account profile
- IPN = Disabled in account profile
Sample script: http://paypaltech.com/PDTGen/
More info: https://www.paypal.com/IntegrationCenter/ic_pdt.html
This approach is better than Option 1 but there still may be breakage from the auto redirect after the payment is done. For example the customer could close the browser or navigate away before redirect is completed. If the redirect breaks, you won’t know about the payment. It is possible for the customer to refresh the page. So if you are inserting records to a database, you must check for duplicates. Don’t count on the PDT url being called only once. Use PDT if you must know immediately whether the payment went through, while the customer is still on your site, for example for providing immediate access to digital downloads. If you are shipping physical goods, you can wait for the IPN (see Option 3 below). Because PDT is a front end technology, you will only get data for the initial payment. You won’t get data on eCheck clearance and other events. If you want to get notified programmatically about those events, you will still have to do IPN.
Option 3: Instant Payment Notification (IPN)
- Allows you to automate certain aspects of your business by posting transaction details to your server whenever you receive a PayPal payment or whenever a status change occurs on a transaction.
- When used with a credit card or Express Checkout transactions, IPN is not useful to get the status of a payment, but only to get asynchronous notification such as an eCheck clearing or a chargeback.
How does it work?
- After finishing the payment on PayPal, the customer is auto-redirected to your page (“return” variable)
- Customer returns to your page. PayPal does NOT send any payment data there.
- Separately in the background, you receive a form POST from PayPal at a different URL (notify_url variable).
- You post back a form with cmd=_notify-validate and all fields you received from PayPal. PayPal responds with a single word VERIFIED or INVALID
- If you receive VERIFIED, you can be confident that the form you received came from PayPal and wasn’t tampered with. Do whatever you need to do with the form fields.
Settings:
- Specify an auto return url in your profile or in the return variable in your html form. The url must be an absolute url. This is just a generic page with no PayPal processing logic. Display something like “Thank you and your order will be processed shortly.” Code:
<input type=”hidden” name=”return” value=”your_return_url_here”>
- Specify an IPN url in your profile or in the notify_url variable in your html form. This is where you process payment data from PayPal. The IPN url must be an absolute url. It must also allow anonymous access from outside of your network. If you must open your firewall to a specific host, please note the Sandbox sends IPNs from ipn.sandbox.paypal.com. PayPal live site sends IPNs from notify.paypal.com. Code:
<input type=”hidden” name=”notify_url” value=”your_ipn_url_here”>
- Auto Return = Enabled in account profile
- PDT = Disabled in account profile
- IPN = Enabled in account profile
Sample script: http://paypaltech.com/SG2/
Test your IPN listener: http://paypaltech.com/Stephen/test/ipntest3.htm
More info: https://www.paypal.com/IntegrationCenter/ic_ipn.html
I recommend this approach over the 2 options above because there is less chance for breakage. It’s independent of the customer’s action. If the customer closes the browser or navigates away, you will still receive notifications from PayPal at your notify_url. IPN also has built-in retry mechanism. If there’s a problem reaching your notify_url, PayPal will re-try for several days. With either of the 2 options above, you only have one shot at getting the payment data.
