Paypal PDT & IPN Question - Can we assume payment is completed when returned to site?

StackOverflow https://stackoverflow.com/questions/3483996

  •  28-09-2019
  •  | 
  •  

Question

Can we assume that the payment is completed for a transaction when the customer is auto returned to our site?

Paypal advices us to use their IPN system for other types of payment, like an e-check, but also tells us to tell the customer something along the lines of "Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at www.paypal.com/ca to view details of this transaction."

What are the downfalls of not using IPN, and just assuming the payment is completed when paypal auto-returns users to our site?

Thanks!

Was it helpful?

Solution

Relying solely on the return url is a pretty bad idea. It would be easy for a bad guy to skip payment and just visit your return url to complete the order.

There is a pretty comprehensive article about this here

OTHER TIPS

No.

However, using the Auto Return option in your Paypal account in conjunction with Payment Data Transfer (Profile/My Selling Tools/Website preferences/Website Payment Preferences) will give you payment confirmation data in the URL you use for Auto Return, for example:

www.yourReturnURL.com?tx=9XV61416UY0043254&st=Completed&amt=9%2e00&cc=USD&cm= 9601&item_number=2

You need to verify this data (anyone could send a fake request) by sending the payment reference ("tx" parameter above) back to Paypal and waiting for a VERIFIED response.

This last step is identical as the one you take for the IPN (Instant Payment Notification) implementation.

  • With PDT you get the notification instantly. PDT has a a major weakness: it sends order confirmations once and only once. As a result, when PDT sends a confirmation, your site must be running; otherwise, it will never receive the message.

  • With IPN, in contrast, delivery of order confirmations is virtually guaranteed since IPN resends a confirmation until your site acknowledges receipt. For this reason, PayPal recommends that you implement IPN rather than PDT.

  • Note: If your site must be notified of payments immediately, you can implement both IPN and PDT.

More info here: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNPDTAnAlternativetoIPN/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top