Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can one rely on Paypal IPN solely to record purchases?

I'm setting up a simple 'buy now' transaction from a website with these major steps:

  1. Select product from price list
  2. Review selection (amounts, tax etc)
  3. Process Payment on Paypal
  4. Receipt / Thank you

At the moment, i'm storing a database record in step 2 - which potentially means there will be a number of records where no payment is received as people decide not to go ahead with their purchase after all. These records are of no real use since i'll use Google Analytics to track how successful the checkout flow is.

I'm using Paypal IPN to verify the authenticity of the payments and log them against the records inserted at step 2 - however, could I feasibly rely solely on the data from the IPN transactions to populate the database in the first place, thus removing the need to store them at step 2 and have to do database cleanup to remove transactions that never completed?

I personally can see no reason why I wouldn't - the IPN contains all the data I need about the payment and probably more besides, and Paypal will resend IPNs for several days if they don't go through first time due to server glitchery, but am I missing anything else important?

Obviously the number one consideration is that no transactions get lost or aren't logged so that no customer unhappiness ensues!

like image 652
Codecraft Avatar asked Jan 20 '23 13:01

Codecraft


1 Answers

It's important to do a 2 way validation like you have.

You save the order info (total, quantity) before the user leaves your system towards paypal. When ipn come back you validate the request (it must be from paypal ip or whatever), you validate that it's a successful transaction then your step 2 enters the scene. You validate if the total returned from paypal ipn is the same with the total that was saved before the user left (Paypal sometime may return partial payments, the user may grab the post data and do his own post from a modified html with a lower total set). Step 2 should also store the user_id of the buyer so you must compare that too.

here's a sample layer (no programming language just a dummy code):

if request comes from paypal:
    #   query the order
    if order.total == request.total && order.user_id == request.custom:
        payment may come in...
like image 157
Romeo M. Avatar answered Jan 30 '23 07:01

Romeo M.