Paypal Configuration Samle Code - Instant Payment Notification

Instant Payment Notification

IPN can be used to manage and customize a variety of PayPal-enabled APIs and communications, including:

• Customize your website's response to customer purchases in real-time
• Track customers via IPN "pass through" variables
• Deliver access keys for software downloads and other digital goods
• Automate your fulfillment operations
• Track affiliate sales and commissions
• Store transaction information in your own database.

Instant Payment Notification allows you to integrate your PayPal payments with your website's back-end operations, so you get immediate notification and authentication of the PayPal payments you receive.

How It Works

When a customer makes a payment to you, PayPal will post a notification to your server at a URL you specify. Included in this notification will be all of your customer's payment information (e.g. customer name, amount) as well as a piece of encrypted code. When your server receives a notification, it will then post the information, including the encrypted code, back to a secure PayPal URL. PayPal will authenticate the transaction by checking the encrypted string. This post-back of the IPN data to PayPal prevents "spoofing," so you can be sure that the IPN came from PayPal. Upon verification, PayPal will send confirmation of its validity back to your server.

Note: To activate Instant Payment Notification, you will need to enter the URL at which you would like to receive the notification posts from your Profile.

After you have activated Instant Payment Notification, your server will be sent a notification every time you receive a payment, this notification will be sent as a hidden "FORM POST" to the URL you specified, and will include all of the payment information. The FORM variables for the notification are listed at the bottom of this page.

Each time you receive an IPN from PayPal, you must complete the Notification Validation process described below before fulfilling the order. Verifying the information listed will ensure that the transaction is legitimate.

Notification Validation

To ensure that a payment has been made into your PayPal account, you must verify that the email address used as your "receiver_email" has been registered and confirmed in your PayPal account.

Once your server has received the Instant Payment Notification, you will need to confirm it by constructing an HTTP POST to PayPal. Your POST should be sent to https://www.paypal.com/cgi-bin/webscr

You must post all of the form variables you received exactly as you received them. You will also need to append a variable named "cmd" with the value "_notify-validate" (e.g. cmd=_notify-validate) to the POST string.

PayPal will respond to the post with a single word, "VERIFIED" or "INVALID", in the body of the response. When you receive a VERIFIED response, you need to perform several checks before fulfilling the order:

• Confirm that the "payment_status" is "Completed," since IPNs are also sent for other results such as "Pending" or "Failed"
• Check that the "txn_id" is not a duplicate to prevent a fraudster from using reusing an old, completed transaction
• Validate that the "receiver_email" is an email address registered in your PayPal account, to prevent the payment from being sent to a fraudster's account
• Check other transaction details such as the item number and price to confirm that the price has not been changed

Once you have completed the above checks, you may update your database with the IPN data and process the purchase.

If you receive an "INVALID" notification, it should be treated as suspicious and be investigated.

IPN Variables

For a complete list of all IPN variables and detailed instructions on how to use Instant Payment Notification, please refer to the Website Payments Standard Integration Guide (PDF, 4.6 MB, March 2008)

CREATE JSP PAGE - SHOPPING CART
Create jsp called submitToPaypal.jsp Copy below jsp code page. Call this page at time of checkout.

submitToPaypal.jsp
<br /><%@ page import="java.util.Vector" %> <br /><%@ page import="java.util.Iterator" %> <br /><%@ page import="com.site.Constants" %> <br /><%@ page import="java.net.URLEncoder" %> <br /><%@ page contentType="text/html;charset=UTF-8" language="java" %> <br /><html><head> <meta equiv="Content-Type" content="text/html; charset=utf-8"> <title>Paypal Conf Sample Page Sandbox- http://paypalconfiguration.blogspot.com/</title></head> <br /><body onload="javascript:document.frmPayPal.submit();"> <br /><form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="POST" target="_self" name="frmPayPal"> <input type="'hidden'" name="'cmd'" value="'_cart'"> <input type="'hidden'" name="'business'" value="'PAYPAL_BUSINESS_EMAIL'/"> <input type="'hidden'" name="'upload'" value="'1'"> <input type="hidden" name="item_name_1" value="'Aggregated">'/> <input type="hidden" name="amount_1" value="'100.00'/"> <input type="hidden" name="quantity_1" value="'1'/"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="lc" value="US"> <!-- Notify Url for Instant Payment Notification Marc--> <input type="'hidden'" name="'notify_url'value="> <input type="'hidden'" name="'return'" value="'PAYPAL_RETURN_URL'"> <input type="'hidden'" name="'cancel_return'" value="PAYPAL_CANCEL_RETURN_URL"> <input type="hidden" name="cbt" value="MUST RETURN TO COMPANY_NAME" style="text-transform:uppercase;"> </form> </body></html><br />

Create PaypalIPN action .java file or page .jsp and call below method on return from paypal for Notification Validation

<br />import com.site.Constants; <br />import com.site.utils.FormatNumber; <br />import com.site.utils.EmailManager; <br />import javax.servlet.http.HttpServletRequest; <br />import java.net.URLEncoder; <br />import java.net.URL; <br />import java.net.URLConnection; <br />import java.util.Enumeration; <br />import java.util.Date;import java.io.PrintWriter;import java.io.BufferedReader;import java.io.InputStreamReader; <br /> <br />public class PaypalIPNHelper { <br /> <br />public static String encode(String key, String value, boolean concat) throws Exception { if (concat) { return "&" + URLEncoder.encode(key, "UTF-8") + "=" + URLEncoder.encode(value, "UTF-8"); } return URLEncoder.encode(key, "UTF-8") + "=" + URLEncoder.encode(value, "UTF-8"); } <br /> <br />public static String encode(String key, String value) throws Exception { return encode(key, value, false); } <br /> <br /> /** * This response must contain all the variables posted to the page by PayPal * as well as a key variable named "cmd" with a value of "_notify-validate". * When PayPal receives the POST it will respond with a single word, either "VERIFIED" or "INVALID". * * @param request * @param cartBean * @return paypal response */ <br /> <br /> public static String validate(HttpServletRequest request, CartBean cartBean, PaypalinfoBean paypalinfoBean) { <br /> Float totalAmount = null; <br />String retVal = null; <br /> String res = null; <br />try { <br />Enumeration en = request.getParameterNames(); <br />String str = "cmd=_notify-validate"; <br />while (en.hasMoreElements()) { <br /> String paramName = (String) en.nextElement(); String paramValue = request.getParameter(paramName); str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue, "UTF-8"); } URL u = new URL("https://www.sandbox.paypal.com/cgi-bin/webscr"); System.out.println("URI : " + str); URLConnection uc = u.openConnection(); uc.setDoOutput(true); uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); PrintWriter pw = new PrintWriter(uc.getOutputStream()); pw.println(str); pw.close(); BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream())); res = in.readLine(); in.close(); System.out.println("res : " + res); // assign posted variables to local variables String itemName = request.getParameter("item_name"); String itemNumber = request.getParameter("item_number"); String paymentStatus = request.getParameter("payment_status"); Float paymentAmount = null; try { paymentAmount = new Float(request.getParameter("mc_gross")); } catch (Exception ex) { } String paymentCurrency = request.getParameter("mc_currency"); String txnId = request.getParameter("txn_id"); String receiverEmail = request.getParameter("receiver_email"); String payerEmail = request.getParameter("payer_email"); String paymentType = request.getParameter("payment_type"); Float paymentFee = null; try { paymentFee = new Float(request.getParameter("mc_fee")); } catch (Exception ex) { } String pendingReason = request.getParameter("pending_reason"); System.out.println("receiverEmail " + receiverEmail); System.out.println("payerEmail " + payerEmail); System.out.println("PaymentStatus " + paymentStatus); System.out.println("txnId " + txnId); System.out.println("res : " + res); System.out.println("paymentAmount " + paymentAmount); System.out.println("totalAmount " + totalAmount); System.out.println("PaypalIPNHelper.validate - Txn_Id " + txnId); return res; } catch (Exception ex) { ex.printStackTrace(); } return retVal; }}<br />