Using IPN to verify successful payment on PayPal - iframe

I'm using PayPal hosted pages for payments on my site. I pass return url when creating SECURETOKEN used in iframe url. After client successful payment, I get browser postback from PayPal on return url passed when SECURETOKEN was created. What happens from time to time is that user close tab before I get postback, saying transaction is approved, and I can't mark it as approved in my local DB.
Workaround was to create IPN listener, and update my local records when I receive valid IPN request.
Now the issue is, I miss some params that I'm getting in iframe postback, that are mandatory, such as ACC, EXPTIME, PNREF.
As far as I can read, IPN will NEVER send those data in it's request. Can this be overridden within paypal manager? If not, can anyone suggest any solution to this problem?
Thanks

I managed to do this by enabling Silent POST url feature in my paypal manager, so same server to server postback will be fired regardless of client closing browser, after payment is accepted.

Related

Preserve asp.net Session Data on Authorize.NET webhook response

I am trying to upgrade Authorize.NET from CIM to Accept Hosted, and stuck on this problem:
Authorize.NET Accept Hosted needs 2 urls for the configuration.
Return URL, which redirects the user to home page, after a successful payment.
A webhook url, to which the Authorization.Net webhook will post transID.
On redirect, I need to access application specific payment details, which are stored in the current session. Note: These are not the authorize.net payment details, I can get them from webhook->transID->GetTransactionDetails
In CIM, the redirect url contained the Payment information from AuthorizeNET(transID, etc.), as well as the app-specific session Payment information. So I was able to process both of them in a single handler, which was called on the redirect.
However in the new api, when a webhook sends post data on my webhook URL, it does it asynchronously, using a different session than the session on which payment was made.
So when I receive transID and subsequent payment details from AuthorizeNET, it has no idea about the session dependent application specific payment details.
My question is, how can I preserve the session-specific data, after I receive the Authorize.Net's payment details?
Has anyone encountered a similar problem? What's the best approach to fix this?
You can't maintain a session across systems so you need an alternative way of storing that data and retrieving it once the user returns to your site. A common way to do this is to persist that data in a database and storing the identifier for that data in a cookie or in a custom field that Authorize.Net will pass through for you as part of the transaction and returning redirect. In this case the return URL you pass in hostedPaymentReturnOptions.url can containa query string with that identifier (i.e. https://www.yoursite.com/return_url?id=12345). Then once the user returns back to your site you can use that identifier to retrieve their session data from the database and add it back into their session.

Payu not returning to website after successful transaction

I have integrated payu payment gateway in my ASP.NET application.
Everything is working well, except it is not returning to the website after successful transaction. What could be the issue?
There is an issue or you forgot to pass the Success URL in payment transaction request. This will return the user to your site after successful transaction.
Make sure to pass these below parameters.
Success URL
Failure URL
Cancel URL

PayPal asynchronous notification

Now information about the successful transaction I get with a redirect the user back to my site from paypal. And then I make additional requests to api paypal.
But if the user cancels the redirect to my site, for some reason, I do not get the information about the transaction.
Is there an asynchronous notification from Paypal for Website Payments Standard or Express Checkout?
Instant Payment Notification (IPN) works for all payment methods through PayPal. The Developer.PayPal.com document you linked is a list of variables for the Express Checkout feature and it is telling you that you can only pass the NOTIFYURL variable successfully in the DoExpressCheckoutPayment API call.
In Payments Standard transactions you'll use the notify_url variable.
You can also just enable IPN within your account to have an IPN post sent to your notification page when any payment completes - regardless of whether or not you define a URL in the button code or API request (the URL you define in the code will always override what is set in your account).

Paypal integration without IPN

I want to integrate paypal buy now button and get feedback from paypal in a school project, but i don't want to use IPN because the computer running the website will not be accessible from outside.
Are there any options for doing this?
You don't have to enable IPN to have buy now buttons on Paypal, it's completely optional. The buy now button will still take you to the correct page on Paypal so the purchase can be made. IPN only allows you to get feedback from Paypal when this happens.
Well, I need to get some information
when a successful payment is made.
Paypal can notify you by mail when something has happened.
Apologies for the bump. Just adding this in case anyone else needs it:
Use "rm=2". (input type hidden, name=rm, value=2)
https://merchant.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables
Return method. The FORM METHOD used to send data to the URL specified by the return variable after payment completion. Allowable values:
0 – all shopping cart transactions use the GET method
1 – the payer’s browser is redirected to the return URL by the GET method, and no transaction variables are sent
2 – the payer’s browser is redirected to the return URL by the POST method, and all transaction variables are also posted

Preventing Spoofing with Paypal

I have a scenario where i need to have a user checkout through PayPal and then once we receive the payment then we create a membership record in our membership site. The PayPal requires a "return" field when you submit the form button that will take the user back to our page once the order has been successfully processed. On that page is where we actually track the sale and fire a chunk of javascript to track the sale.
So my question is this, how can i make sure that the return page comes from PayPal and is not spoofed by a user in the system. I know there is a way to use the notify_url to have PayPal post back to our system, but in this case i have to run a chunk of javascript. Is there an easy way to do this, or would i have to write some looping/timeout function that checks to see if the notify post has come through?
Im using .net to do the posting to paypal
You need to have PayPal call a script on your site in order to prevent spoofing. Anything that goes through the client/browser is open to the user for modification, so only things that come directly to your server from PayPal are secure.

Resources