PayPal IPN validation

Posted by denis_n on Stack Overflow See other posts from Stack Overflow or by denis_n
Published on 2010-05-10T10:11:38Z Indexed on 2010/05/10 10:14 UTC
Read the original article Hit count: 623

Filed under:
|
|

Following is from PayPal Order Management Integration Guide:

Processing the PayPal Response to Your Postback

PayPal responds to your postbacks with a single word in the body of the response: VERIFIED or INVALID.

When you receive a VERIFIED postback response, perform the following checks on data in the IPN:

  1. Check that the payment_status is Completed.
  2. If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure it is not a duplicate.
  3. Check that the receiver_email is an email address registered in your PayPal account.
  4. Check that the price, carried in mc_gross, and the currency, carried in mc_currency, are correct for the item, carried in item_name or item_number.

After you complete the above checks, notification validation is complete. You can update your database with the information provided, and you can initiate other appropriate automated back-end processing.

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

    <input type="hidden" name="cmd" value="_cart" />
    <input type="hidden" name="upload" value="1" />
    <input type="hidden" name="business" value="GXLC9H9VFPLQE">

    .....


    <input type="submit" name="Submit" value="Submit" />

</form>

In step 3 I should check receiver_email, but I don't want to.

I don't want to keep my paypal account email in my application.

My question is: can I check business variable instead?

© Stack Overflow or respective owner

Related posts about paypal

Related posts about ipn