Geek Answers Handbook

QueryString values ​​removed from IPN endpoint via PayPal

We had a simple integration of payments with PayPal for a period of 5 years, no problem until today. In the IPN URL ( notify_url ) we skip 3 values ​​in the request, for example.

 https://www.example.com/callback/ipn?pspId=A&secCode=MnBP%2fxOwbQhXLd%2arD5xd6g%3d%3d&isPur=false

From today, PayPal will split the last 2 values ​​and only call the first request value, for example

 https://www.example.com/callback/ipn?pspId=A

We use the secCode value as the signature that we check on the callback to prevent any form modification. Why does PayPal suddenly start deleting values ​​from the query string? I suspect they should be in POST, but I just don't know why the sudden change occurred?

+7
paypal paypal-ipn
source share
1 answer

OK, we realized that some of the PayPal servers end on the first ampersand. This explains why we get the first value of the query string, but not the others.

It appears that this behavior is not limited to the value of notify_url , but as suggested by Mike in the comments, this also happens with the CUSTOM field. If you are breaking a series of pairs of name values ​​using an ampersand delimiter, you need to either switch to some other delimiter or the URL. Code all value.

We are now testing whether the encoding URL of the entire callback URL will still result in the actual callback.

EDIT:

Yes, URL encoding of the whole notify_url value resolved the issue and saved the query string.

EDIT 2:

It seems that the URL encoding the whole value no longer works, so I assume PayPal returned to its original behavior before we ran into these problems. We hope that this will be consistent on all incoming servers and will remain fixed.

+3
source share

More articles:


All Articles