What options do I have to automate my order management?
We use four different methods to return payment data to you automatically after a payment is completed (excluding automatic email notifications):
- Payment Data Transfer (PDT) plus Instant Payment Notification (IPN).
- IPN-only.
- POST transaction details to the Return page (URL).
- PDT-only.
Method 1: PDT plus IPN
The PDT plus IPN method is recommended for any payment flow. With this method, you use PDT as your primary data receiver. IPN serves as a backup to receive other event notifications and catch any redirect issues that might occur. For each IPN you receive, you must check whether you also got it from PDT. The combination of PDT and IPN allows you to use two separate pages, one to provide information to your customer (PDT) and one to update your system (IPN). As a result, you can provide immediate information to your customers and keep a long-term record in a database.
You can find the relevant settings in the following sections of your PayPal profile:
- Website Payment Preferences - Auto Return, the default return URL, PDT, and your identity token (shown once PDT is enabled).
- Instant Payment Notification Preferences - IPN and the default notification URL.
Here's how to implement the PDT/IPN option:
- Implement PDT as per the Payment Data Transfer documentation.
- Implement IPN as per the Instant Payment Notification documentation.
- Check whether PDT already processed the data you received. In the following example, "your_ipn_url_here" represents the notification URL:
<input type="hidden" name="notify_url" value="your_ipn_url_here">
Method 2: Instant Payment Notification (IPN)
The IPN-only method provides transaction information via a back-end post to an IPN script. PayPal initiates the IPN post when the customer clicks the Pay button. IPN also updates you on any other changes to the payment.
Use IPN if you need transaction information from PayPal. This method minimizes the risk of a problem occurring. With the IPN method, as opposed to the PDT-only method, if the customer closes the browser or navigates away, PayPal still sends you notifications. IPN also compels PayPal to keep sending payment data to you for several days if it encounters an issue while initially sending that data. Other methods of returning payment data make just one attempt.
For more information on the IPN Process, see IPN Overview. Here's how to implement the IPN option:
- Enable IPN in the account profile.
- Implement your IPN listener script as per the IPN integration guide.
See also:
IPN code samples.
Method 3: POST transaction details to the Return page
The POST method uses a variable "rm" with a set value "2" to force PayPal to POST the unencrypted transaction URL to your return variable. This allows you to use an IPN script on your Return page to validate the transaction as PayPal payment-related.
Although this method encrypts your payment button to hide the URL, it posts an unencrypted URL back to your website, leaving it vulnerable for someone to change. Instead of requiring the customer to complete the process by clicking on a button to return to your website, PayPal recommends that customers simply close their browser or navigate away.
In the POST method process:
- The customer clicks a button after finishing the payment transaction on PayPal.
- PayPal posts the payment data in an HTML form to your URL.
- You post a form with "cmd=_notify-validate" and all the fields you received from PayPal, and you receive a one-word response "VERIFIED" or "INVALID."
- When "VERIFIED" is the response, PayPal ensures that you receive a tamper-free form from which you can use data as needed.
Here's how to implement the POST method:
- Specify a return URL in the return variable in your HTML form. In the example below, "your_url_here" represents the return URL.
<input type="hidden" name="return" value="your_url_here"> - Set the "rm" variable to "2," as in the following example.
<input type="hidden" name="rm" value="2"> - Go to the Website payment preferences page of your profile and disable Auto Return and Payment data transfer.
- Go to the Instant Payment Notification (IPN) preferences page and click Turn off IPN.
Method 4: Payment Data Transfer (PDT)
With the PDT-only method, your return variable receives encrypted transaction information from PayPal. A customer can reload this page up to five times. This approach is safer than the POST method, but the auto-redirect may still create issues after the payment is complete. For example, if the customer closes the browser or navigates away before the redirect completes, you won't be notified of the payment.
Use PDT when you must know immediately, while the customer is still on your site, whether the payment went through (for example, during the purchase of a digital download). You'll only receive data about the initial payment.
For more information on the PDT Process, see Payment Data Transfer on the PayPal developer site.
To implement PDT, see Get Started on the PayPal developer site.
Method 5: Webhooks
Webhooks are automated notifications built on our REST API stack. Please review What are webhooks and how do I subscribe? for additional information.