Jump to content


Photo

More complicated than it has to be?


  • This topic is locked This topic is locked
1 reply to this topic

#1 jschultz

jschultz

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 13 May 2004 - 10:27 PM

I worked on a PayPal interface in JSP about a year ago which thankfully was cancelled but now, like everyone else, I need to get an interface running in Struts.

I've read through the appropriate documentation and through a number of posts on this board. My understanding is that in order to create a truely smooth user experience, you need to combine "Auto Return" and "Payment Data Transfer" on the front-end of the interface and "IPN" on the back-end. The process effectively "forks" when you call PayPal and creates two return paths - one for the user, and one for the actual transaction.

You wouldn't want to update databases based on PDT because you could get a 'Pending' and PDT will never send a final status. Conversely, you wouldn't want to (or can't) inform the user about their transaction based on IPN because it's not always "instant" and could be sending updates about the transaction days after the original request. I can't even figure out how you would effectively link an IPN transaction back to a specific user/session!

So am I trying to make this more complicated than it needs to be (not that it's THAT bad!)? I haven't seen too many people discussing where PDT fits into the picture and am starting to wonder if I've missed something critical.

Thanks everyone,

Jim






#2 jtheory

jtheory

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 07 July 2004 - 03:47 PM

There are reasons for all of the complications... but of course they still do make things more difficult.

For example, the IPN request is from the PayPal servers, and you "call back" over SSL to verify that the request isn't forged, while the connection's still open. That's about as hack-proof as you can get... and definitely way better than trusting the request you're getting from the user's browser (I actually recommend just ignoring the data in the front-end request).

Plus, payment processing is NOT always in realtime -- if the users is paying by electronic check, there's a delay of a few days while it clears, so you get a pending IPN notice, then the real one later.

Don't worry so much, though -- I believe the user also gets emails from PayPal automatically, telling them what's going on, so they won't expect their download to be available (or subscription started, etc.) until the payment has been processed.

So you can use a few strategies, depending on what your customers are expecting, and how much development time/resources you have. Personally, on the payment redirect screen (on a subscription-based website) I tell users that in most cases they can log in immediately (since the IPN is almost always instantaneous), but if there's any delay processing their payment, they will be able to log in once they receive their welcome email. When the final IPN notification comes through, that kicks off an email from my website to the user.

If you wanted to get fancy, you could put them on an auto-refreshing page that checks every 10 seconds if the IPN came through, and unless it's pending status, you can send them on their way directly.

Linking the IPN transaction back to the original request: this is what the pass-through variables are for, like "invoice" (if you're tracking the single transaction in your database) and "custom" (could be a user id in your database, or anything you want).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users