Geek Answers Handbook

Can I rely on my Paypal IP address solely to register purchases?

I am creating a simple buy now transaction from a website with these basic steps:

  • Select a product from the price list
  • Selection of recall (amount, tax, etc.)
  • Paypal process payment
  • Receipt / thank you

At the moment, I save the database record in step 2, which potentially means that there will be a number of records in which payment will not be received, because people decide not to continue their purchase in the end. These entries have no real use, as I will use Google Analytics to track how successful the verification flow will be.

I use Paypal's IPN to authenticate payments and log them against the records inserted in step 2, however I can really rely solely on the data from IPN transactions to populate the database in the first place, which eliminates the need to store them in step 2 and Do I need to perform a database cleanup to delete transactions that never completed?

I personally see no reason why I will not do this - IPN contains all the data that I need to pay, and, perhaps moreover, Paypal will resend the IPN within a few days if it does not pass for the first time due to behind server glitchery, but did I miss something else important?

Obviously, the number one consideration is that no transactions are lost or logged so that no customer misfortune arises!

+4
source share
5 answers

It is important to do a two-way check, as you have.

You save order information (total quantity and quantity) before the user leaves your system in the paypal direction. When ipn returns, you check the request (it must be from PayPal IP or something else), you confirm that this is a successful transaction, then your step 2 enters the scene. You check if the amount returned from paypal ipn matches the total amount that was saved before the user left (Paypal can someday return partial payments, the user can capture the message data and make his own post from the modified html with more low total set). Step 2 should also store the user_id of the buyer, so you should also compare this.

here is a sample layer (without a programming language only dummy code):

 if request comes from paypal: # query the order if order.total == request.total && order.user_id == request.custom: payment may come in...
+3
source

Since the developer and administrator of the system, which has processed more than 600,000 PayPal payments over the past three years, relying solely on IPN, let us make some mistakes for slipping cracks.

Real data:

  Total transactions No IPN Invalid IPN Duplicate IPN
 year 1 170,000 + 2 101 0
 year 2 205,000 + 54 15 3
 year 3 230,000 + 20 24 13

Fortunately, our system is structured with PDT (Transfer Data Transfer) as a “backup”, so we did not lose any transaction data or receive customer dissatisfaction. Note: PDT cannot be relied upon solely for real - at the beginning of this year there was a serious problem with the reliability of the return of PDT.

The most common “invalid” IPN reviews are the HTML error page or truncated results ... I can provide samples if necessary.

The best choice is a combination of both IPN and PDT (with the data from your basket stored in your database, like you). Either IPN processes or the PDT process can create a transaction (and delete the "cart" data record in the database). The second process, which should arrive, will not have a “basket” record from which a transaction can be written.

NOTE. - as you noted in your final decision to use a custom field - keep in mind that there is a length limit for a custom field, and it can be truncated when returned to you.

+3
source

I did not rely solely on IPN for this, but PayPal will break failures to contact your server if it fails, and should try again later, although I only had development failures and retries were never verified. I just trust them on this.

+1
source

For a typical e-commerce site, yes you can - it is fairly reliable. If the nuclear reactors melt and people die, then no, you cannot - I have seen problems with it, but very rarely.

+1
source

I have developed several e-commerce sites, and in practice, you always want to write down what you can in case of any “accidents”. You own the data, probably more informative.

As you said, yes, you can do it, but I would suggest that this is not a great idea.

+1
source

More articles:


All Articles