What options do I have to automate my order management?
- Payment Data Transfer (PDT) and Instant Payment Notification (IPN).
- IPN.
- POST transaction details to the Return page (URL).
- PDT.
Method 1: PDT and IPN The PDT/IPN method is recommended for any payment flow. With this method, you use PDT as your primary data receiver. IPN serves as a backup to receive other event notifications and catch any redirect issues that might occur. For each IPN you receive, you must check whether you also got it from PDT. The combination of PDT and IPN allows you to use two separate pages, one to provide information to your customer (PDT) and one to update your system (IPN). As a result, you can provide immediate information to your customers (through PDT) and keep a long-term record (through IPN) in a database.
You can find the relevant settings in the following sections of your PayPal profile:
- Website Payment Preferences - Auto Return, the default return URL, PDT, and your identity token
- Instant Payment Notification Preferences - IPN and the default notification URL
Here's how to implement the PDT/IPN option:
- Specify a return PDT URL in your account profile or in the return variable in your HTML form. This script processes the GET request that PayPal sends to your page. (If your URL contains a query string, PayPal appends parameters to the URL.)
- In the following example,
"your_pdt_url_hererepresents the return URL.<input type="hidden" name="return" value="your_pdt_url_here"> - Specify a return IPN URL in your account profile or in the "notify_url" variable in your HTML form. This is where you process payment data from PayPal. This script processes POST data from PayPal. (You post a form with
"cmd=_notify-validate" and all the fields you received from PayPal, and you receive a one-word response "VERIFIED" or "INVALID." If the response is VERIFIED, PayPal ensures that you're receiving a tamper-free form, from which you can use data as needed.)
- Check whether PDT already processed the data you received. In the following example,
"your_ipn_url_here" represents the notification URL.<input type="hidden" name="notify_url" value="your_ipn_url_here"> - Enable Auto Return and IPN in the account profile.
Method 2: Instant Payment Notification (IPN) The IPN-only method provides transaction information via a back-end post to an IPN script that the customer can't access. As a result, the customer can't alter the URL. PayPal initiates the IPN post when the customer clicks the Pay button. IPN also updates you on any other changes to the payment.
Use IPN if you need transaction information from PayPal. This method minimizes the risk of a problem occurring. With the IPN method, as opposed to the PDT-only method, if the customer closes the browser or navigates away, PayPal still sends you notifications. IPN also compels PayPal to keep sending payment data to you for several days, if it encounters an issue while initially sending that data. Other methods of returning payment data make just one attempt.
In the IPN process:
- The customer closes the browser or returns to your website after finishing the payment transaction on PayPal.
- In the background, PayPal posts the payment data in an HTML form to a notification URL (which is different from your return URL).
- You post a form with
"cmd=_notify-validate"and all the fields you received from PayPal, and you receive a one-word response "VERIFIED" or "INVALID." - When "VERIFIED" is the response, PayPal ensures that you're receiving a tamper-free form, from which you can use data as needed.
- Specify a return URL in your account profile or in the "notify_url
"variable in your HTML form. This is where you process payment data from PayPal. In the following example,"your_ipn_url_here" represents the notification URL.<input type="hidden" name="notify_url" value="your_ipn_url_here"> - Disable PDT in the account profile.
- Enable IPN in the account profile.
See also:
IPN code samples
Method 3: POST transaction details to the Return page
The POST method uses a variable "rm" with a set value "2" to force PayPal to POST the unencrypted transaction URL to your return variable. This allows you to use an IPN script on your Return page to validate the transaction as PayPal payment-related.
Although this method encrypts your payment button to hide the URL, it posts an unencrypted URL back to your website, leaving it vulnerable for someone to change. Instead of requiring the customer to complete the process by clicking on a button to return to your website, PayPal recommends that customers simply close their browser or navigate away.
In the POST method process:
- The customer clicks a button after finishing the payment transaction on PayPal.
- PayPal posts the payment data in an HTML form to your URL.
- You post a form with
"cmd=_notify-validate"and all the fields you received from PayPal, and you receive a one-word response "VERIFIED" or "INVALID." - When "VERIFIED" is the response, PayPal ensures that you're receiving a tamper-free form, from which you can use data as needed.
- Specify a return URL in the return variable in your HTML form. In the example below, "
your_url_here"represents the return URL.<input type="hidden" name="return" value="your_url_here"> - Set the "rm" variable to "2," as in the following example.
<input type="hidden" name="rm" value="2" - Disable PDT, IPN, and Auto Return in the account profile. (An enabled Auto Return prevents you from getting any data.)
Method 4: Payment Data Transfer (PDT)
With the PDT-only method, your return variable receives encrypted transaction information from PayPal. A customer can reload this page up to five times. This approach is safer than the POST method, but the auto redirect may still create issues after the payment is complete. For example, if the customer closes the browser or navigates away before the redirect completes, you won't be notified of the payment.
Use PDT when you must know immediately, while the customer is still on your site, whether the payment went through (for example, during the purchase of a digital download). You'll receive only data about the initial payment.
In the PDT process method:
- The customer is redirected to your page automatically after finishing the payment transaction on PayPal.
- PayPal sends a GET request to your page. If your URL contains a query string, PayPal appends parameters to the URL. In the next example, two parameters were appended:
http://yoursite/yourpage?yourparam=yourvalue&tx=3KK900354R868601V
- As in the following example, you post a form to PayPal that includes the "cmd" variable set to "_notify-synch," the "tx" token passed in the query string, and the "at" token that is in your account profile when you turned on PDT.
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="POST"> <input type="hidden" name="cmd" value="_notify-synch"> <input type="hidden" name="tx" value="3KK900354R868601V"> <input type="hidden" name="at" value="lpeb7DhJWXz5BU43tiarWlo42x5g-Nvv0oJCORuEVsmY9JiRuVUDW2jAHUI"> </form> - PayPal responds with "SUCCESS" or "FAIL" and a block of text. When "SUCCESS" is the response, name/value pairs follow on separate lines. Be sure to also read the rest of the lines from the response.
- Specify a return URL in your account profile or in the return variable in your HTML form. In the following example,
"your_pdt_url_here"represents the return URL.<input type="hidden" name="return" value="your_pdt_url_here"> - Enable PDT, IPN, and Auto Return in the account profile.
See also:
Payment Data Transfer
Was this article helpful?