PayPal IPN validation
Posted
by denis_n
on Stack Overflow
See other posts from Stack Overflow
or by denis_n
Published on 2010-05-10T10:11:38Z
Indexed on
2010/05/10
10:14 UTC
Read the original article
Hit count: 623
Following is from PayPal Order Management Integration Guide:
Processing the PayPal Response to Your Postback
PayPal responds to your postbacks with a single word in the body of the response: VERIFIED or INVALID.
When you receive a VERIFIED postback response, perform the following checks on data in the IPN:
- Check that the payment_status is Completed.
- If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure it is not a duplicate.
- Check that the receiver_email is an email address registered in your PayPal account.
- Check that the price, carried in mc_gross, and the currency, carried in mc_currency, are correct for the item, carried in item_name or item_number.
After you complete the above checks, notification validation is complete. You can update your database with the information provided, and you can initiate other appropriate automated back-end processing.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="business" value="GXLC9H9VFPLQE">
.....
<input type="submit" name="Submit" value="Submit" />
</form>
In step 3 I should check receiver_email, but I don't want to.
I don't want to keep my paypal account email in my application.
My question is: can I check business variable instead?
© Stack Overflow or respective owner