The idea of this post is not to try teach somebody how to make integration between his site and Paypal. In fact Paypal has really good development center and everything is very well documented. I strongly recommend getting familiar with Paypal development docs to anyone. I just hope this post will be useful to may colleagues in their very first steps in paypal integration.
When we are talking about PayPal integration in e-commerce sites there are two main methods that we have to use. Payment Data Transfer (PDT) and Instant Payment Notification (IPN) are both ways PayPal to inform you system about the payments.
PDT’s primary function is to display payment details to buyers when they are automatically redirected back to your site after payment completion. However there cases where the site will not receive notification, such as with pending transactions or if the buyer closes the browser before redirection to your site is complete. This is why PDT should NOT be used to confirm the shipment. Also PDT requires Auto Return to be enabled. So in a few words PDT should be used for retrieving appropriate information for showing the Thank You page at the end of the payment.
In a few words I’ll try to explain how PDT works. For more information please refer to Paypal development central. The buyer clicks on the button Pay on your web site. The site redirects to Paypal page, sending information like amount that should be payed and some other account details. After payment Paypal’s site redirects back to your site and sends you some useful information like transaction ID. You have to use this transaction ID and make so called synchronization. To do that you have to send post request back to Paypal gateway with a proper set of variables including transaction ID. Then you will receive success or fail response At the end you have to use this information to show the buyer that everything is OK and the his order will be processed. For details about variables that can be passed you should check here.
IPN is a different approach receiving payment information. It is an asynchronous POST request to provided by page (URL) on your server. The system will receive the request no matter if the buyer’s browser is closed. Also it is not required Auto Return to be enabled. The other benefit is the fact that credit card and bank information is not transmitted in IPN and Secure Sockets Layer (SSL) is not required. IPN is the way I use to mark the orders in our systems as payed as soon as payment is confirmed by Paypal. To use IPN you have to supply a page which is going to receive the notifications. The URL to this page can be set in you Paypal account or you can send this URL each time when your site redirects the buyer to Paypal site. When payment is completed payment system will send a post request to notification URL you have supplied. After that you must confirm that this notification is authentic. It is called notification validation. In fact there are two ways for this validation. First one which is also the better one is so called shared secrets. The problem with this approach if that your site has to support SSL and dedicated hosting with high enough level of security. The alternative solution for notification validation is postback. It means you have to make a post request to Paypal’s gateway which have to include exactly the same variables in same order as variables paypal have sent it to you. To the list of name value pairs you have to add cmd=_notify-validate. After this you will receive response VERIFIED or INVALID. Then after a few checks that you have to make and which are very well documented here. You can be sure that payment is completed. I’m posting a link to my class for handling IPN with notification validation written in PHP5. The class is not 100% ready yet, but it is a good starting point for future development.
This is a simple example of the class usage:
$payPalConfig = array( ‘gatewayUrl’=>”www.sandbox.paypal.com’,
‘gatewayPort’=>’443′,
‘receiverEmail’=>’test@tes.com’, // the email of merchant account in Paypal
);
$ipn = new IpnHandler();
$ipn->setConfiguration($payPalConfig);
$result = $ipn->handle();
In fact PDT and IPN doesn’t exclude each other so both should be used simultaneous web site’s order systems.
Some useful links for goodbye :
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/home_US
https://www.paypal.com/us/cgi-bin/?cmd=p/xcl/rec/ipn-code-outside
https://www.paypal.com/us/cgi-bin/?cmd=p/xcl/rec/pdt-code-outside
Ciao ciao