Paypal Order Management 2006 Integration Guide
Order Management - 2006 - Integration Guide PP_OrderManagement_IG_2006 Free User Guide for PayPal Software, Manual
2015-07-27
: Paypal Paypal-Order-Management-2006-Integration-Guide-777974 paypal-order-management-2006-integration-guide-777974 paypal pdf
Open the PDF directly: View PDF .
Page Count: 88
Download | |
Open PDF In Browser | View PDF |
Order Management Integration Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l'instant. Last Updated: October 2006 PayPal Order Management Integration Guide Document Number: 100009.en_US-200608 © 2006 PayPal Inc. All rights reserved. PayPal and the PayPal logo are registered trademarks of PayPal Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal Inc. It may not be used, reproduced or disclosed without the written approval of PayPal Inc. PayPal (Europe) Ltd. is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution. PayPal FSA Register Number: 226056. Notice of non-liability: PayPal Inc. is providing the information in this document to you ìAS-ISî with all faults. PayPal Inc. makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. PayPal Inc. assumes no liability for damages (whether direct or indirect), caused by errors or omissions, or resulting from the use of this document or the information contained in this document or resulting from the application or use of the product or service described herein. PayPal Inc. reserves the right to make changes to any information herein without further notice. PayPal Inc. does not guarantee that the features described in this document will be announced or made available to anyone in the future. Contents Chapter P Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Organization of This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Documentation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 15 Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Differences between Instant Payment Notification (IPN) and Payment Data Transfer (PDT) 16 SSL Not Required for IPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 PayPal-Supported Transactional Currencies . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 2 Payment Data Transfer . . . . . . . . . . . . . . . . . . . 19 How PDT Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Enabling Payment Data Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Getting and Using the Identity Token . . . . . . . . . . . . . . . . . . . . . . . . . . 24 PDT Notification Synch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Constructing the POST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 PayPal Response to POST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 PDT and Auto Return: Messaging to Buyer . . . . . . . . . . . . . . . . . . . . . . . 26 Preventing Fraud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Code Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Chapter 3 Instant Payment Notification (IPN) . . . . . . . . . . . . . 29 About IPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Setting Up IPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Activating IPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Setting Up an IPN-Processing Program . . . . . . . . . . . . . . . . . . . . . . . . . 31 Order Management Integration Guide October 2006 3 Contents IPN Notification Validation: Preventing Fraud . . . . . . . . . . . . . . . . . . . . . . . . 31 Shared Secret Per Transaction or by Profile Setting . . . . . . . . . . . . . . . . . . 32 Shared Secret Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Your HTTPS Postback to PayPal . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Using IPN with Multiple Currencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 mc_gross and mc_fee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 mc_currency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 payment_gross and payment_fee . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Examples of Multi-currency IPN Variables. . . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 4 Transaction History and Reporting Tools . . . . . . . . . . 39 Monthly Account Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Online History Searching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Basic Search: Time Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Advanced Search: Key Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Download My History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Choosing a Date Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Selecting a File Format and Transaction Categories . . . . . . . . . . . . . . . . . . 42 Completed Transactions Since Last Download . . . . . . . . . . . . . . . . . . . . . 43 Customizing the Download: Selecting Transaction Fields . . . . . . . . . . . . . . . . 43 Transaction Reconciliation with the Balance Impact Column . . . . . . . . . . . . . . 45 Lifecycle of a Transaction: Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Net Amount Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Dispute Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Programmatic Access to Dispute Report . . . . . . . . . . . . . . . . . . . . . . . . 47 Appendix A IPN and PDT Variables . . . . . . . . . . . . . . . . . . . . 51 About These Tables of Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Transaction-Specifc Variable Values. . . . . . . . . . . . . . . . . . . . . . . . . . . 51 test_ipn Variable in Sandbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 IPN Variables in All Posts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 IPN Version: notify_version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Security Information: verify_sign. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Buyer Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Basic Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Advanced and Custom Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Website Payments Standard and Refund Information . . . . . . . . . . . . . . . . . . . . 55 Currency and Currency Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4 October 2006 Order Management Integration Guide Contents Auctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Mass Payment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Subscriptions Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Dispute Notification Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 PDT-Specific Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Appendix B Downloadable History Log Columns and Values71 Appendix C Country Codes . . . . . . . . . . . . . . . . . . . . . . . 79 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Order Management Integration Guide October 2006 5 Contents 6 October 2006 Order Management Integration Guide List of Tables Table P.1 Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Table 1.1 PayPal-Supported Currencies and Currency Codes for Transactions . . . 17 Table 4.1 Online Search: Selectable Activity Types . . . . . . . . . . . . . . . . . 41 Table 4.2 Advanced Transaction Search: Key Fields . . . . . . . . . . . . . . . . . 41 Table A.1 IPN and PDT Variables: Buyer Information . . . . . . . . . . . . . . . . . 52 Table A.2 IPN and PDT Variables: Basic Information . . . . . . . . . . . . . . . . . 53 Table A.3 IPN and PDT Variables: Advanced and Custom Information . . . . . . . . 54 Table A.4 IPN and PDT Variables: Website Payments Standard and Refund Information 55 Table A.5 IPN and PDT Variables: Currency and Currency Exchange Information . . 60 Table A.6 IPN and PDT Variables: Auctions. . . . . . . . . . . . . . . . . . . . . . 61 Table A.7 IPN and PDT Variables: Mass Payment . . . . . . . . . . . . . . . . . . 62 Table A.8 Subscriptions Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Table A.9 IPN Variables with Each Subscription Event . . . . . . . . . . . . . . . . 65 Table A.10 Dispute Notification Variables. . . . . . . . . . . . . . . . . . . . . . . . 68 Table A.11 PDT-Specific Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Table B.1 Downloadable History Log Columns and Values . . . . . . . . . . . . . . 71 Table 1: Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Order Management Integration Guide October 2006 7 List of Tables 8 October 2006 Order Management Integration Guide List of Figures Figure 3.1 How IPN Works: Three General Steps Figure 4.1 The History Page . . . . . . . . . . . . . . . . . . . . . . 39 Figure 4.2 Download My History . . . . . . . . . . . . . . . . . . . . 42 Figure 4.3 Customize My History Download . . . . . . . . . . . . . . . 44 Figure 4.4 Gross, Fee and Net Amount Calculations from History Log . . . 46 Figure 4.5 Dispute Report . . . . . . . . . . . . . . . . . . . . . . . 47 Order Management Integration Guide October 2006 . . . . . . . . . . . . 30 9 List of Figures 10 October 2006 Order Management Integration Guide P Preface This Document This release of the PayPal Order Management Integration Guide, a document that describes the PayPal features for managing orders, such as Payment Data Transfer (PDT), Instant Payment Notification (IPN), and Downloadbale History Log, replaces the version released in December, 2005. This document replaces portions of the Merchant User Manual and Integration Guide issued in April, 2005. Intended Audience This document is written for merchants who use PayPal to manage order information. Organization of This Document Chapter 1, “Introduction,” gives a brief overview of the PayPal features for order management discussed in this guide. Chapter 2, “Payment Data Transfer,” describes how PDT works and how to set it up. Chapter 3, “Instant Payment Notification (IPN),” describes how IPN works and how to set it up. Chapter 4, “Transaction History and Reporting Tools,” describes monthly account statements, online transaction search, the Downloadable History Log, and dispute reports. Appendix A, “IPN and PDT Variables,” is a detailed description of all variables and values returned by IPN or PDT. Appendix B, “Downloadable History Log Columns and Values,” describes the columns and values that can be included in the Downloadable History Log. Order Management Integration Guide October 2006 11 Preface Notational Conventions Notational Conventions This document uses typefaces to identify the characteristics of text. These typefaces and the characteristics they imply are described below: Typeface How Used serif italics A document title. A term being discussed or defined. For example: A file is a readable or writable stream of characters … Boolean values (not keywords). For example: The function returns true if it encounters an error. monospaced Pathnames or file names that appear in body text frames. Code-related names that appear in body text frames. Such names are used for functions, callbacks, arguments, data structures, and fields. For example: AbstractResponseType is the SOAP response type definition on which all PayPal API response methods are based. Components of Internet protocol requests and responses, such as HTTPS and FORM variables. For example: The PayPal system uses a method=POST request to return IPN status variables related to subscriptions, such as txn_type. Serif bold User interface names, such as window names or menu selections. For example: On the Profile page, click Email to confirm your email address. San-serif oblique Placeholders used in the context of a format or programming standard or formal descriptions of PayPal system syntax. Placeholders indicate values or names that the reader should provide. Example: For example, amount is the variable for a single-item shopping cart, but amount_X is the name of the variable for a multi-item shopping cart. amount_3 is the item amount for the third item in a multiple-item shopping cart. To convey additional information, this document may also apply color and underlining to words or phrases that use the typefaces described above. Such use is described below: 12 Text attribute How Used xxxxxx Hypertext link to a page in the current document or to another document in the set. xxxxxx Hypertext link to a URL or that initiates a web action, such as sending mail. October 2006 Order Management Integration Guide Preface Documentation Problems Documentation Problems If you discover any errors in or have any problems with this documentation, please email us by following the instructions below. Describe the error or problem as completely as possible and give us the document title, the date of the document (located at the foot of every page), and the page number or page range. To contact Customer Service about documentation problems: 1. Go to https://www.paypal.com/. 2. Click Help in the upper left corner of the page. 3. Click Contact Us in the lower left of the page. 4. Choose Help by Email. 5. Complete the form. Revision History Revision history for PayPal Order Management Integration Guide. TABLE P.1 Revision History Date Description October 2006 Details about the Downloadable Dispute Report. Minor additions and corrections to some variables in Appendix A. July 2006 Minor correction to values of payment_status IPN variable. May 2006 Description of the programmatically retrievable Disput Report. Additional IPN variable values for txn_type: merch-pmt for the Website Payments Pro monthly fee and adjustment for a resolved dispute requiring a chargeback. October 2006 Adaptation to specifics for Germany. Order Management Integration Guide October 2006 13 Preface Revision History 14 October 2006 Order Management Integration Guide 1 Introduction PayPal offers four payment notification methods for backend integration: z Email z Reporting Tools z Instant Payment Notification (IPN) z Payment Data Transfer (PDT) Email You will receive an email notification in the following cases: z Successful Payment z Pending Payment z Cancelled Payment If you do not want to receive payment notifications via email: 1. Click the Profile subtab of the My Account tab. 2. Click the Notifications link in the Account Information column. 3. Find the Payment Notifications heading and clear the I receive PayPal Website Payments and Instant Purchase checkbox. 4. Click Save. Reporting PayPal’s Reporting Tools provide you with the information you need to effectively measure and manage your business. With PayPal’s Reporting Tools, you can: z Analyze your revenue sources to better understand your customers’ buying behavior z Automate time-consuming bookkeeping tasks z Accurately settle and reconcile transactions Available reports: z Monthly Account Statements: View a summary of all credits and debits that have affected your account balance each month. Order Management Integration Guide October 2006 15 Introduction Differences between Instant Payment Notification (IPN) and Payment Data Transfer (PDT) z Merchant Sales Reports: – Settlement Report (STL): Contains only the records of all balance-effecting daily transactions. Can be coordinated with Settlement System or created independently of the moving of money. – Transactions Detail Report (TDR): Status of all transactions (including non-complete transactions such as eCheck) in the account in a 24 hour period. A super set of data contained in Settlement Report including buyer and auction data. – Order Report (ODR): List all orders created in a 24-hr period with the order ID. Only appropriate for those merchants using the order functionality on their website. – Dispute Resolution Report (DRR): List all cases that changed in status or were created in a 24-hr period. Allows a merchant to reconcile cases against money moving transactions. z History Log: View an online record of your received and sent payments. z Downloadable Logs: Keep track of your transaction history by downloading it into various file formats (suitable for financial settlements). For more information about PayPal's reports, see http://www.paypal.com/cgibin/webscr?cmd=p/xcl/rec/reports-intro-outside. Differences between Instant Payment Notification (IPN) and Payment Data Transfer (PDT) PDT's primary function is to display payment transaction details to buyers when they are automatically redirected back to your site upon payment completion; however, there are cases where you will not receive notification of all transactions, such as with pending transactions, refunds, and reversals. For these reasons, or if you are using this data to fulfill orders, PayPal strongly recommends that you also enable Instant Payment Notification (IPN). Both IPN and PDT send back the same data; however, there are several important differences. PDT: z Requires Auto Return to be enabled. z Auto Return will include an ID that can be used to query PayPal for the complete transaction details. z It is possible to miss a notification if the user closes the browser before the redirection is complete. IPN: 16 z Does not require Auto Return to be enabled. z At the end of the website payment flow, PayPal POSTs the IPN data asynchronously (i.e. not as part of the website payment flow). z IPNs will also POST for EFT completions, reversals, and refunds. October 2006 Order Management Integration Guide Introduction PayPal-Supported Transactional Currencies SSL Not Required for IPN Because credit card and bank information is not transmitted in Instant Payment Notification (IPN), PayPal does not require Secure Sockets Layer (SSL) to encrypt IPN transmissions. PayPal-Supported Transactional Currencies The following currencies are supported by PayPal for use in transactions. TABLE 1.1 PayPal-Supported Currencies and Currency Codes for Transactions ISO-4217 Code Currency AUD Australian Dollar CAD Canadian Dollar CHF Swiss Franc CZK Czech Koruna DKK Danish Krone EUR Euro GBP Pound Sterling HKD Hong Kong Dollar HUF Hungarian Forint JPY Japanese Yen NOK Norwegian Krone NZD New Zealand Dollar PLN Polish Zloty SEK Swedish Krona SGD Singapore Dollar USD U.S. Dollar Order Management Integration Guide October 2006 17 Introduction PayPal-Supported Transactional Currencies 18 October 2006 Order Management Integration Guide 2 Payment Data Transfer Payment Data Transfer (PDT) provides merchants with the ability to display transaction details to buyers who are redirected back to their site upon payment completion. N O T E : You must enable Auto Return for Website Payments to use Payment Data Transfer. Auto Return brings your buyers back to your website immediately after payment completion. Auto Return applies to PayPal Website Payments, including Buy Now, Donations, Subscriptions, and Shopping Cart. For more information about Auto Return, see the PayPal Website Payments Standard Integration Guide. How PDT Works Bob is going to purchase a widget from the Widget Warehouse. Step 1: Bob goes to the Widget Warehouse website, finds the widget he wants, and clicks Buy Now. Order Management Integration Guide October 2006 19 Payment Data Transfer How PDT Works Step 2: Bob is taken to a PayPal Payment Details page which displays the details of the payment he is about to make. Step 3: Bob enters his PayPal account information into the PayPal Login fields. 20 October 2006 Order Management Integration Guide Payment Data Transfer How PDT Works Step 4: Bob is then taken to a confirmation page that displays the details of his selection, information about how his automatic payments will be funded, and his shipping information. He clicks Pay to complete the payment. Order Management Integration Guide October 2006 21 Payment Data Transfer How PDT Works Step 5: A payment confirmation page appears that informs Bob that his payment has been completed and that he is being redirected back to the Widget Warehouse website. Step 6: A transaction token is passed to the return URL provided by the Widget Warehouse. The Widget Warehouse fetches the transaction token and retrieves the transaction details from PayPal via an HTTP POST. Included in the HTTP post is the identity token that was given to the Widget Warehouse when PDT was enabled. For more information about the PDT identity token, see “Getting and Using the Identity Token” on page 24. For more information about the HTTP POST, see “PDT Notification Synch” on page 25. Step 7: The Widget Warehouse's Thank You page appears and displays the transaction information, again informing Bob that his transaction has been completed and a receipt for the purchase has been emailed to him. The page also displays payment details, a link to PayPal that Bob can use to view more transaction details if necessary, as well as links that he can use to continue shopping. 22 October 2006 Order Management Integration Guide Payment Data Transfer Enabling Payment Data Transfer For example, as shown in the following diagram: Thank you for your payment. Your transaction has been completed, and a receipt for your purchase has been emailed to you. You may log into your account at www.paypal.com to view details of this transaction. Step 8: Bob receives an email receipt for this transaction, confirming his purchase and including a copy of the payment details, the Widget Warehouse's business information, and his confirmed shipping address. Enabling Payment Data Transfer To enable PDT: 1. Click the My Account tab. 2. Click the Profile subtab. Order Management Integration Guide October 2006 23 Payment Data Transfer Enabling Payment Data Transfer 3. Click the Website Payment Preferences link, as shown in the following snapshot. The Website Payment Preferences page opens. 4. Click the Payment Data Transfer On radio button, as shown in the following diagram. You must enable Auto Return in order to use Payment Data Transfer. Auto Return can also be enabled from the Website Payment Preferences page. 5. Click Save. Getting and Using the Identity Token When you click Save and save your PDT preferences, a message appears at the top of the page indicating that you have successfully saved your preferences. Your identity token also appears in this message. 24 October 2006 Order Management Integration Guide Payment Data Transfer PDT Notification Synch You will need to pass this identity token, along with the transaction token, to PayPal in order to receive information that confirms that a payment is complete. For security, the identity token is not sent to you; however, once you have enabled PDT, it permanently appears below the Payment Data Transfer On/Off radio buttons on the Website Payments Preferences page. PDT Notification Synch After you have activated PDT, every time a buyer makes a website payment and is redirected to your return URL, a transaction token is sent via a FORM GET variable to this return URL. To properly use PDT and display transaction details to your customer, you should read the transaction token from the variable tx and retrieve transaction details from PayPal by constructing an HTTPS POST to PayPal. This is called notification synch or synchronization. Constructing the POST Here are the guidelines for constructing the PDT HTTPS POST to PayPal for notification synch: 1. Your POST must be sent to https://www.paypal.com/cgi-bin/webscr. 2. You must include the cmd variable with the value _notify-synch: cmd=_notify-synch 3. You must include the transaction token in the variable tx and the value of the transaction token received via PayPal’s GET: tx=value_of_transaction_token 4. You must post your identity token using the variable at and the value of your PDT identity token: at=your_identity_token Order Management Integration Guide October 2006 25 Payment Data Transfer PDT Notification Synch For information about the identity token, see “Getting and Using the Identity Token” on page 24. PayPal Response to POST PayPal responds to the post with a single word on one line in the body of the response: SUCCESS or FAIL. When you receive a SUCCESS response, the rest of the body of the response is the transaction details, one per line, in the format key=value where key and value are both be URL-encoded strings. This response data needs to be parsed appropriately and then URL-decoded. Example successful response: SUCCESS first_name=Jane+Doe last_name=Smith payment_status=Completed payer_email=janedoesmith%40hotmail.com payment_gross=3.99 mc_currency=USD custom=For+the+purchase+of+the+rare+book+Green+Eggs+%26+Ham ... If the response is FAIL, PayPal recommends making sure that: z The Transaction token is not bad. z The ID token is not bad. z The tokens have not expired. PDT and Auto Return: Messaging to Buyer When Auto Return, you must display a message on the page displayed by the Return URL that helps the buyer understand that the payment has been made, that the transaction has been completed, and that payment transaction details will be emailed to the buyer. You can display to your customer whatever payment details you feel are appropriate; however, PayPal recommends including the following: z Item name z Amount paid z Payer email z Shipping address If you are using PDT to determine when to fulfill an order automatically, confirm that the payment_status is Completed, since the buyer could use methods such as EFT that do not immediately clear. For a list of PDT variables, see Appendix A, “IPN and PDT Variables.” 26 October 2006 Order Management Integration Guide Payment Data Transfer Preventing Fraud Preventing Fraud In order to prevent fraud, PayPal recommends that your programs verify the following: z txn_id is not a duplicate to prevent someone from reusing an old, completed transaction. z receiver_email is an email address registered in your PayPal account, to prevent the payment from being sent to a fraudulent account. z Other transaction details, such as the item number and price, to confirm that the price has not been changed. Code Samples PayPal has made available code samples that you can use to set up PDT. These samples are available at https://www.paypal.com/us/cgi-bin/webscr?cmd=p/xcl/rec/pdt-code. There are code samples for the following development environments: z ASP/VBScript z ColdFusion z PERL z PHP Order Management Integration Guide October 2006 27 Payment Data Transfer Code Samples 28 October 2006 Order Management Integration Guide 3 Instant Payment Notification (IPN) Instant Payment Notification (IPN) allows you to integrate PayPal payments with your website’s back-end operations. IPN provides immediate notification and confirmation of PayPal payments you receive. This chapter details IPN in the following sections: z “About IPN” on page 29 z “Setting Up IPN” on page 30” z “IPN Notification Validation: Preventing Fraud” on page 31” z “Using IPN with Multiple Currencies” on page 34” About IPN Instant Payment Notification consists of three parts: 1. A customer pays you. 2. PayPal POSTs FORM variables to a URL you specify that runs a program to process the variables. 3. You validate the notification. Order Management Integration Guide October 2006 29 Instant Payment Notification (IPN) Setting Up IPN FIGURE 3.1 How IPN Works: Three General Steps 1. A customer payment or a refund triggers IPN. This payment can be via Website Payments Standard FORMs or via the PayPal Web Services APIs for Express Checkout, MassPay, or RefundTransaction. If the payment has a “Pending” status, you receive another IPN when the payment completes, fails, or is denied. 2. PayPal posts HTML FORM variables to a program at a URL you specify. You can specify this URL either in your Profile or with the notify_url variable on each transaction. This post is the heart of IPN. Included in the notification is the customer’s payment information (such as customer name, payment amount). All possible variables in IPN posts are detailed in this guide. When your server receives a notification, it must process the incoming data. 3. Your server must then validate the notification to ensure that it is legitimate. Setting Up IPN Setting up IPN has two parts: 1. Activating IPN for your PayPal account 2. Setting up a program on your website to process the IPN FORM variables Activating IPN To activate IPN, you can either change a setting in your PayPal Profile or include the notify_url variable in the payment FORMs on your website. Profile Setting 1. Log in to your Business or Premier PayPal account. 30 October 2006 Order Management Integration Guide Instant Payment Notification (IPN) IPN Notification Validation: Preventing Fraud 2. Click the Profile subtab. 3. Under Selling Preferences, click Instant Payment Notification Preferences. 4. Click Edit. 5. Click the checkbox and enter the URL of the program that will process the IPN posts. 6. Click Save. notify_url Alternatively, you can activate IPN by including the notify_url variable in your PayPal button HTML. This field specifies the URL of a program that can process the IPN. For more details, see “IPN Notification Validation: Preventing Fraud” on page 31. Setting Up an IPN-Processing Program The data sent to you by IPN is in the form of HTML FORM name/value pairs. At a minimum, your program must process these pairs. What other processing might be required depends on your order management needs, what kinds of database you use, and other factors outside the scope of this guide. Code samples for the following development environments are available on the PayPal website at http://www.paypal.com/de/cgi-bin/webscr?cmd=p/xcl/rec/ipn-code-outside: z ASP.Net/C# z ASP/VBScript z ColdFusion z Java/JSP z Perl z PHP IPN Notification Validation: Preventing Fraud After your server receives Instant Payment Notification, you must confirm that you received it. This is known as notification validation, which is a means for PayPal to help you prevent spoofing or “man-in-the-middle” attacks. IMPO RTANT: If you do not use Encrypted Website Payments (EWP) or shared secret validation, you must check the price, transaction ID, PayPal receiver email address and other data sent to you by IPN to ensure that they are correct. By examining these the data you can be sure that you are not being spoofed. You have two methods by which you can validate the notification: Order Management Integration Guide October 2006 31 Instant Payment Notification (IPN) IPN Notification Validation: Preventing Fraud 1. Sending a shared secret that only you know, described in “Shared Secret Validation” on page 32. PayPal recommends this method because it ensures the validity of the data and decreases network traffic to and from your website. Shared secret validation is appropriate: – – – – if you are not using a shared website hosting service. if you have enabled SSL on your web server. if you are using PayPal Encrypted Website Payments. if you use the notify_url variable on each individual payment transaction. 2. Sending a POST back to PayPal after you receive the IPN and verify the correctness of the data, described in “Your HTTPS Postback to PayPal” on page 33. Postback is appropriate: – if you rely on a shared website hosting service – if you do not have SSL enabled on your web server Both methods rely on the concept of a notification URL, which is described in the next section. Shared Secret Per Transaction or by Profile Setting The URL to which PayPal posts IPN data is called the notification URL. It can be set either with each individual payment transaction or globally in your Profile for all transactions: z Per Transaction: If you want to receive payment notifications for different payments at different URLs (for example, if you need to separate payments to different websites you run), use the notify_url variable to pass the notification URL. With each payment PayPal saves the value of the notify_url for a specific payment, and any subsequent updates to that payment (such as a cleared eCheck) are sent to that notify_url. When you pass a notify_url in your post, it overrides the setting in your Profile. N O T E : The z value of notify_url must be URL-encoded. Profile Setting. If you want to receive your IPNs at only a single URL, enter that URL in the Preferences section of your Profile. Likewise, the shared secret you can use to validate that you have received an IPN can be set either with each individual payment transaction or globally in your Profile for all transactions: z Per Transaction: If you want a distinct shared secret for each notification for each payment, append a FORM variable name and a shared secret value to the value of the notify_url variable. When you pass a shared secret in your payment post, it overrides the setting in your Profile. z Profile Setting. If you want the same shared secret for each and every transaction, enter that shared secret in the Preferences section of your Profile. Shared Secret Validation The recommended method for notification validation is to use a shared secret on individual payment transactions. Add a shared secret variable and value to the value of the notify_url 32 October 2006 Order Management Integration Guide Instant Payment Notification (IPN) IPN Notification Validation: Preventing Fraud variable to which the IPN data is posted after a payment is made. The shared secret consists of the following: notify_url=yourIPNnotificationURL?shared_secret_variable_name=shared_secret_value where: yourIPNNotificationURL is a URL on your website at which you want to receive notification. shared_secret_variable_name is any variable name you want. shared_secret_value is the shared secret itself. For example, the value of notify_url variable might look like this: notify_url=https%3A//www.mysite.com/PP-IPN-Validate.cfm?secret=shhhhhhh Security Considerations with Shared Secret Validation To ensure the security of your shared secret, you should use Encrypted Website Payments (EWP). For information about EWP, see the PayPal Website Payments Standard Checkout Integration Guide. The value of the shared secret is not encrypted; it is in clear text for easier processing. Therefore, the shared secret value is recorded in your web server’s access log. Be sure to practice proper security for your server access logs. If you use a web server hosting service, ensure that your provider practices proper security of your data. N O T E : Your notification URL should check the validity of the returned shared secret and flag for investigation any transaction that does not have the correct shared secret. Your HTTPS Postback to PayPal The second method for validating your receipt of an IPN is to post back to PayPal the exact variables and values you received in the IPN. Constructing the POST Here are the guidelines for constructing the IPN HTTPS POST to PayPal for notification validation. N O T E : You can implement IPN without SSL, but PayPal recommends against doing so. 1. Your POST must be sent to https://www.paypal.com/cgi-bin/webscr. 2. You must include the variable cmd with the value _notify-validate: cmd=_notify-validate 3. You must post all the form variables you received exactly as you received them. PayPal Response to Postback PayPal responds to the postback with a single word in the body of the response: VERIFIED or INVALID. When you receive a VERIFIED response, perform the following checks: Order Management Integration Guide October 2006 33 Instant Payment Notification (IPN) Using IPN with Multiple Currencies 1. Check that the payment_status is Completed. 2. If the payment_status is Completed, check the txn_id against the previous PayPal transaction you have processed to ensure it is not a duplicate. 3. After you have checked the payment_status and txn_id, make sure the receiver_email is an email address registered in your PayPal account. 4. Check that the price, mc_gross, and currency, mc_currency, are correct for the item, item_name or item_number. 5. Check the the shared secret returned to you is correct. Once you have completed the above checks, you can update your database based on the information provided. If you receive an INVALID response, you should investigate. In some cases, this response is caused by an IPN error, possibly from a change in the IPN format. To determine if it is an IPN error, first examine your code. If you need further assistance, go to http://www.paypal.com/wf/, click the Seller Tools topic, and click Instant Payment Notification (IPN). Using IPN with Multiple Currencies With multiple currencies, you can accept payments in any of the PayPal-supported currencies (see “PayPal-Supported Transactional Currencies” on page 17). As a result, your IPNs will then include information about the currency of the payment. The following overview explains how IPN interacts with multiple currencies. N O T E : If you are using one of PayPal’s Website Payments solutions (e.g. PayPal Shopping Cart), and would like to be paid in a currency other than Euro, you will need to set up your buttons for your currency of choice. mc_gross and mc_fee These variables reflect the amount received and corresponding fee of your payments. In order to see those variables IPN has to use thepayment_gross variable. z mc_gross:Full amount of payment received, before transaction fee. z mc_fee: Transaction fee associated with the payment. N O T E : mc_fee is z not always present in IPNs, such as when a payment is pending. For subscription IPNs, such as signup, cancel, modify, failed, and eot, mc_currency is the currency of the subscription, rather than the currency of the payment. N O T E : The variables mc_gross and mc_fee will not be added to IPNs with txn_type: subscr_signup, subscr_cancel, subscr_modify, subscr_failed, or subscr_eot. 34 October 2006 Order Management Integration Guide Instant Payment Notification (IPN) Using IPN with Multiple Currencies mc_currency This variable reflects the currency of mc_gross, mc_fee, payment_gross, and payment_fee amounts. Possible values are detailed in “PayPal-Supported Transactional Currencies” on page 17. payment_gross and payment_fee These variables reflect the amount received and corresponding fee of US Dollar (USD) payments. If the amount received and fee deducted are in a currency other than USD, the variables will still appear in your IPN, but will have no values in them. Examples of Multi-currency IPN Variables Example 1 If a user with a EUR balance receives a €100 EUR payment, the following variables will be used for the payment: z mc_gross and mc_fee have values. z payment_gross and payment_fee are blank. EXAMPLE 3.1 Multi-currency IPN: EUR Payment payment_status = Completed payment_gross = payment_fee = mc_gross = 100 mc_fee = 3.00 mc_currency = EUR Example 2 f a user with a USD balance receives a $100 USD payment, the following variables will be used for the payment: z mc_gross = payment_gross z mc_fee = payment_fee EXAMPLE 3.2 Multi-currency IPN: USD Payment payment_status = Completed payment_gross = 100 payment_fee = 3.00 mc_gross = 100 mc_fee = 3.00 mc_currency = USD Order Management Integration Guide October 2006 35 Instant Payment Notification (IPN) Using IPN with Multiple Currencies Example 3 If the account is set to automatically convert payments, these variables will be used to show the conversion. This example is for a user with a EUR balance who receives a payment of 100 GBP: EXAMPLE 3.3 Mutli-currency IPN: Automatic Conversion of GBP Payment payment_status = Completed payment_gross = payment_fee = mc_gross = 100 mc_fee = 3.00 mc_currency = GBP settle_amount = 145.5 settle_currency = EUR exchange_rate = 1.5 Example 4 If a payment received is pending due to pending_reason = multi_currency, the first IPN received would not have the settle_amount, settle_currency, or exchange_rate. EXAMPLE 3.4 Mutli-currency IPN: Pending Payment payment_status = Pending pending_reason = multi_currency payment_gross = mc_gross = 100 mc_currency = GBP The second IPN contains information about settling the payment. If the payment is accepted into the account’s primary currency, which is EUR in the following example: EXAMPLE 3.5 Pending - Convert to Primary Currency payment_status = Completed payment_gross = payment_fee = mc_gross = 100 mc_fee = 3.00 mc_currency = GBP settle_amount = 145.5 settle_currency = EUR exchange_rate = 1.5 If the payment is accepted into a balance of the same currency: EXAMPLE 3.6 Pending - Accept to Currency Balance payment_status = Completed payment_gross = payment_fee = mc_gross = 100 mc_fee = 3.00 36 October 2006 Order Management Integration Guide Instant Payment Notification (IPN) Using IPN with Multiple Currencies mc_currency = GBP If the payment is denied: EXAMPLE 3.7 Pending - Denied payment_status = Denied payment_gross = mc_gross = 100 mc_currency = GBP N O T E : If a user receives a payment into a currency balance and later converts this amount into another currency balance, the corresponding currency conversion transaction has no IPN. Order Management Integration Guide October 2006 37 Instant Payment Notification (IPN) Using IPN with Multiple Currencies 38 October 2006 Order Management Integration Guide 4 Transaction History and Reporting Tools With transaction history and reporting tools, you can access monthly account statements, search specific time periods for transaction records or customer disputes, and download these search results to your local computer. To access these features: 1. Log in to your PayPal Business or Premier account. 2. Click the History subtab. The History page is shown in Figure 4.1, “The History Page.” FIGURE 4.1 The History Page Monthly Account Statements After you activate this feature, you can view Order Management Integration Guide October 2006 39 Transaction History and Reporting Tools Online History Searching monthly account statements of your transaction records. New statements become available on the 15th of each month, and the statements are retained online for up to three months. To activate monthly account statements: 1. Click Get Monthly Account Statements on the History page. 2. On the displayed page, click the Yes radio button. 3. Click Save. Online History Searching The History page gives you many options for searching the transaction records viewable online. There are two types of searches: basic and advanced. z With basic search, you specify the date range and type of activity you’re interested in. z With advanced search, you specify the date range and a pattern you want to find in certain fields of the transaction records. Basic Search: Time Periods You have two ways to narrow the search. 1. You can select a pre-determined date range: – – – – The Past Day The Past Week The Past Month The Past Year 2. You can select an exact From and To range of day, month, and year. 40 October 2006 Order Management Integration Guide Transaction History and Reporting Tools Online History Searching IMPO RTANT: The length of time of the date range affects how quickly you see the results. The longer the time, the slower the search. For the speediest results, try to make the range as narrow as possible. Basic Search: Activity Types The default set of transactions (also called “activities”) is All Activity- Simple View. The selectable activity types are listed in Table 4.1, “Online Search: Selectable Activity Types.” TABLE 4.1 Online Search: Selectable Activity Types All Activity -Advanced View Fee Reversals Open Authorizations: Sent or Received All Activity Simple View Subscriptions Shipping PayPal Buyer Credit Payments Sent or Received BillPay Transactions Balance Affecting Transactions Mass Payments Refunds eChecks Money Requests Currency Conversions Preapproved Payments Funds Added or Withdrawn Balance Transfer Gift Certificates All Activity - Advanced View is the same as All Activity - Simple View except it also includes a Balance column. The Balance column can show “...” in some instances, which indicates that showing a balance is not appropriate for these kinds of transaction. Advanced Search: Key Fields For an advanced search, specify the dates in the same manner as you do for basic search, as detailed in “Basic Search: Time Periods” on page 40. You can limit your search to the following fields. TABLE 4.2 Advanced Transaction Search: Key Fields Field Matching Criteria Email The text you enter must exactly match an email address. Transaction ID Exact match. Last Name Any part of the text you enter can match. For example, the text mit matches Smith and Mitty. Last Name, First Name Any part of text can match. Receipt ID Exact match. Item Number Exact match. Order Management Integration Guide October 2006 41 Transaction History and Reporting Tools Download My History Download My History Download My History gives you many options for selecting the transactions and fields to save to your local computer. To access the Download My History page: 1. In the upper right corner of the History page, click Download My History. FIGURE 4.2 Download My History Choosing a Date Range To download your history, specify the dates in the same manner as you do for basic search, as detailed in “Basic Search: Time Periods” on page 40. Selecting a File Format and Transaction Categories You can choose among four file formats. Each file format can include all activity, but the comma-delimited and tab-delimited formats are limited to either completed or balanceaffecting payments. 1. Comma-delimited: 42 October 2006 Order Management Integration Guide Transaction History and Reporting Tools Download My History – All activity – Completed payments – Balance-affecting payments 2. Tab-delimited: – All activity – Completed payments – Balance-affecting payments 3. Intuit Quicken (.qif file format) 4. Intuit QuickBooks (.iif file format) Completed Transactions Since Last Download You can use the Last Download to Present feature to coincide with your consecutive accounting periods. It includes only completed transactions in either comma-delimited or tabdelimited format. Customizing the Download: Selecting Transaction Fields You can also include any of the fields shown in Figure 4.3, “Customize My History Download” on page 44. Which of these fields you include in the downloaded file depends on what you want to do with the downloaded data. The transaction history always contains the default fields listed below. The meanings of these fields are described in Appendix B, “Downloadable History Log Columns and Values.” z Date, Time, and Timezone z Name z Type, Status and Currency z Gross, Fee, and Net z From Email Address and To Email Address z Transaction ID and Reference Transaction ID z Receipt ID z Balance Order Management Integration Guide October 2006 43 Transaction History and Reporting Tools Download My History FIGURE 4.3 Customize My History Download 44 October 2006 Order Management Integration Guide Transaction History and Reporting Tools Download My History Transaction Reconciliation with the Balance Impact Column The Balance Impact column shows the word “Credit” for a positive effect or the word “Debit” for a negative effect on your PayPal account balance. Credit When you receive an instant payment or credit card transaction, the Balance Impact column indicates a credit. Other possible credits to your account are refunds, reversals and payments sent but never claimed. In some cases, a credit line-item can update a debit for a transaction.. For example, if you send a payment initially indicated as a debit, but it is denied by the recipient, a new line-item for that transaction will indicate a credit. Debit Debits are transactions that reduce your available balance. For example, refunded transactions are recorded as a debit in the Balance Impact column and as completed in the Status column. Memo Entries The Balance Impact column can display a Memo entry for transactions that do not affect your balance, such as unclaimed or uncleared transactions. These kinds of transactions have no impact on your balance since neither transaction ever becomes a completed transaction. Lifecycle of a Transaction: Status Every transaction in your History Log shows the transaction a status at the time the data were downloaded and its corresponding impact on your balance. Various types of transaction statuses and scenarios can have a negative, positive, or neutral balance impact. These statuses include: z Pending z Held z Completed z Denied z Cancelled z Reversed For a complete list of possible transaction statuses, see “Status” on page 73. Pending to Completed or Cancelled When a pending payment, such as an EFT, completes after the he buyer has sent the money from his bank, the transaction status changes from Pending to Completed. Status of Disputed Transactions Transactions with a Placed status (for temporary holds) usually involve a customer dispute. Order Management Integration Guide October 2006 45 Transaction History and Reporting Tools Dispute Report If you are found in favor in a dispute, the transaction will be updated with a new line-item to indicate a Credit. However, if the opposite is true, the Balance Impact column will not change from the Debit status for that transaction. You can generate a dispute report that correlates the transaction to the customer and the reason for the dispute. For more information, see “Dispute Report” on page 46. Net Amount Column The Net Amount of a transaction can aid in faster reconciliation. In most cases, the Net Amount is the Gross minus Fee. When a History entry is updated (for example, in the case of a refund), the Net Amount column indicates the current net value of the transaction on a separate line-item. FIGURE 4.4 Gross, Fee and Net Amount Calculations from History Log Dispute Report Buyers can register claims about payments; such claims are called cases. PayPal notifies merchants about new cases with email and with IPN. There are two kinds of cases: z Complaint: A buyer has used the PayPal Resolution Center to register a claim about a payment to a merchant. N O T E : After notification about a complaint claim, merchants must log in to PayPal to use the Resolution Center to respond to the case. z Chargeback: A buyer has filed a complaint with a credit card company that has resulted in a chargeback. The credit card company notifies PayPal about the reason for the chargeback. After investigating the case, PayPal notifies the merchant of any action required. N O T E : The IPN messages for chargebacks resulting from a complaint are asynchronous: the IPN message for the chargeback can be sent to the merchant before the IPN message relating to the complaint. You should compare the IPN variable parent_txn_id of all IPN messages to match the chargeback with the complaint. 46 October 2006 Order Management Integration Guide Transaction History and Reporting Tools Dispute Report IPN variables for cases include the type of case, the reason, and other information about the case. For details about all variables and their possible values, see “Dispute Notification Variables” on page 68. With the dispute report, you can focus only on transactions that are disputed by customers for some reason. FIGURE 4.5 Dispute Report Programmatic Access to Dispute Report The Downloadable Dispute Report (DDR) provides merchants with a regular report of newly created disputes and changes in the status of those cases that are already open and are in the midst of processing. The report is designed for the merchant that processes large volumes of payments. Thus, while the report resembles the Dispute Report available via the Resolution Center within the PayPal site, the DDR differs in that it contains all open records and the invoice ID which can be used to track dispute cases based on your transactional identifiers. The DDR cannot filter on open records. N O T E : To use this feature, you must sign up for the report through your PayPal Account Manager. Order Management Integration Guide October 2006 47 Transaction History and Reporting Tools Dispute Report Content of the Report The report contains information about all chargebacks and buyer complaints generated for your account. This report does not contain information about ACH returns of PayPal unauthorized complaints. First DDR Report When you first sign up for the DDR, the report contains: z All open chargebacks, regardless of the date the case was created or the current status of the case z All open buyer complaints, regardless of the date the case was created or the current status of the case Use this report as a starting point against which you will read future DDR reports. N O T E : If you need to regenerate the first report, contact your PayPal Account Manager and ask them to generate a first day DDR report for you. Subsequent Daily DDR Reports Following the first DDR report, reports are generated daily and contain information about dispute activity for your account in the past 24 hours, or since the last report was generated, including: z New cases created z Cases that were modified, including cases that were closed Frequency / Archiving The DDR is generated every day based on activity for the previous day. Days with no activity will generate an empty report. PayPal will maintain DDR reports for seven days after which the report will not longer be available. Report Set Up To use the DDR you must: 1. Sign up for the report through your PayPal Account Manager 2. Create a unique user to download the report 3. Write code to download the report from a PayPal server Step 1. Sign up for the report via PayPal Account Management. Contact your PayPal Account Manager to sign up for the Downloadable Dispute Report. Step 2. Create a Unique User on PayPal to Download the Report. To use the DDR, you must use PayPal’s Multi-User Access feature to create a unique user for downloading reports. 1. Login to your PayPal account. 2. Select the Profile subtab. 48 October 2006 Order Management Integration Guide Transaction History and Reporting Tools Dispute Report 3. Click the Multi-User Access link under the Account Information column to open the Multi-User Access page. 4. Click the Add button. On the Multi-User Access page, enter the requested information into the fields provided. 5. Select the checkboxes next to each of the choices that you want the alias to have. 6. Click Save. Your new user and alias appear on the Multi-User Access page along with a confirmation message that you have successfully added a new user to your account. Step 3. Write Code to Download the Report from the PayPal Server. Write code to request the report from a PayPal server. The code must send an HTTP POST to the PayPal server. The POST must be sent from a secure server that uses HTTPS. PayPal does not accept requests from servers using HTTP. You can automate which details you want to be prioritized in your Settlement File reports by assigning values as depicted in the sample HTML code. The HTML code below is an example of the values that your DDR may contain. In the following example, the uname value is the alias created using the Multi-User Access feature.View the Report You will receive an email when the report is ready. This email contains a link to the report which can you access via a browser. You can also use the email as a trigger for your code to programmatically access the report. Order Management Integration Guide October 2006 49 Transaction History and Reporting Tools Dispute Report 50 October 2006 Order Management Integration Guide A IPN and PDT Variables IPN and PDT variables are case-sensitive. All values are lowercase, except those for payment_status, which have an initial capital letter. In addition, values posted by IPN are URL-encoded. For example, a colon in http:// is encoded as %3A in the IPN post: http%3A// About These Tables of Variables The tables in this appendix group IPN variables by different characteristics: z “test_ipn Variable in Sandbox” on page 51 z “IPN Variables in All Posts” on page 52 z “Buyer Information” on page 52 z “Basic Information” on page 53 z “Advanced and Custom Information” on page 54 z “Website Payments Standard and Refund Information” on page 55 z “Currency and Currency Exchange” on page 60 z “Auctions” on page 61 z “Mass Payment” on page 62 z “Dispute Notification Variables” on page 68 z “PDT-Specific Variables” on page 69 Transaction-Specifc Variable Values Unless otherwise indicated in the table column labeled Possible Values, the value of an IPN or PDT variable is always specific to the transaction whose information is being posted. test_ipn Variable in Sandbox In the Sandbox environment, IPN includes the additional variable test_ipn with a value of 1 (one). The purpose of test_ipn is to provide testing programs a means to differentiate between Sandbox IPN and live IPN. Order Management Integration Guide October 2006 51 IPN and PDT Variables IPN Variables in All Posts IPN Variables in All Posts IPN Version: notify_version The value of the notify_version variable is the version number of Instant Payment Notification that makes the post. N O T E : The value notify_version is a means for PayPal to track versions of IPN. There is no need for your programs to store this value or query it. Security Information: verify_sign The value of of verify_sign is an encrypted string used to validate the authenticity of the transaction. Buyer Information TABLE A.1 Variable Name Description Character Length address_ city City of customer’s address. 40 address_ country Country of customer’s address. 64 address_ country_ code Two-character ISO 3166 country code 2 address_ name Name used with address (included when the customer provides a Gift Address) 128 address_ state State of customer’s address 40 address_ status 52 IPN and PDT Variables: Buyer Information Possible Values confirmed unconfirmed Customer provided a confirmed address. Customer provided an unconfirmed address. address_ street Customer’s street address. 200 address_zip Zip code of customer’s address. 20 first_name Customer’s first name 64 October 2006 Order Management Integration Guide IPN and PDT Variables Basic Information TABLE A.1 Variable Name IPN and PDT Variables: Buyer Information Possible Values Description Character Length last_name Customer’s last name 64 payer_ business_ name Customer’s company name, if customer represents a business 127 payer_email Customer’s primary email address. Use this email to provide any credits. 127 payer_id Unique customer ID. 13 payer_ status verified unverified Customer has a Verified PayPal account. Customer has an Unverified PayPal account. Two-character ISO 3166 country code residence_ country 2 Basic Information TABLE A.2 Variable Name IPN and PDT Variables: Basic Information Possible Values business Character Length Description Email address or account ID of the payment recipient (that is, the merchant). Equivalent to the values of receiver_email (if payment is sent to primary account) and business set in the Website Payment HTML. 127 N O T E : The value of this variable is normalized to lowercase characters. item_name Item name as passed by you, the merchant. Or, if not passed by you, as entered by your customer. If this is a shopping cart transaction, PayPal will append the number of the item (e.g., item_name_1, item_name_2, and so forth). 127 item_number Pass-through variable for you to track purchases. It will get passed back to you at the completion of the payment. If omitted, no variable will be passed back to you. 127 quantity Quantity as entered by your customer or as passed by you, the merchant. If this is a shopping cart transaction, PayPal appends the number of the item (e.g. quantity1, quantity2). Order Management Integration Guide October 2006 53 IPN and PDT Variables Advanced and Custom Information TABLE A.2 Variable Name IPN and PDT Variables: Basic Information Possible Values Character Length Description Primary email address of the payment recipient (that is, the merchant). If the payment is sent to a non-primary email address on your PayPal account, the receiver_email is still your primary email. receiver_ email 127 N O T E : The value of this variable is normalized to lowercase characters. Unique account ID of the payment recipient (i.e., the merchant). This is the same as the recipient's referral ID. receiver_id 13 Advanced and Custom Information TABLE A.3 Variable Name IPN and PDT Variables: Advanced and Custom Information Possible Values Character Length Description custom Custom value as passed by you, the merchant. These are passthrough variables that are never presented to your customer 255 invoice Passthrough variable you can use to identify your Invoice Number for this purchase. If omittted, no variable is passed back. 127 memo Memo as entered by your customer in PayPal Website Payments note field. 255 option_ name_1 Option 1 name as requested by you. If this is a shopping cart transaction, see Table A.4, “IPN and 64 PDT Variables: Website Payments Standard and Refund Information,” on page 55 for more information. option_ name_2 Option 2 name as requested by you. If this is a shopping cart transaction, see Table A.4, “IPN and 64 PDT Variables: Website Payments Standard and Refund Information,” on page 55 for more information. option_ selection1 Option 1 choice as entered by your customer. If this is a shopping cart transaction, see Table A.4, “IPN and 200 PDT Variables: Website Payments Standard and Refund Information,” on page 55 for more information. 54 October 2006 Order Management Integration Guide IPN and PDT Variables Website Payments Standard and Refund Information TABLE A.3 Variable Name IPN and PDT Variables: Advanced and Custom Information Possible Values Character Length Description Option 2 choice as entered by your customer. If this is a shopping cart transaction, see Table A.4, “IPN and option_ selection2 200 PDT Variables: Website Payments Standard and Refund Information,” on page 55 for more information. Amount of tax charged on payment. If this is a shopping cart transaction, see Table A.4, “IPN and tax PDT Variables: Website Payments Standard and Refund Information,” on page 55 for more information. Website Payments Standard and Refund Information TABLE A.4 IPN and PDT Variables: Website Payments Standard and Refund Information Variable Name Possible Values Description Character Length auth_id Transactionspecific Authorization identification number 19 auth_exp Transactionspecific Authorization expiration date and time, in the following format: HH:MM:SS DD Mmm YY, YYYY PST 28 auth_amount Transactionspecific Authorization amount auth_status Completed Pending Voided Status of authorization mc_gross_x Transactionspecific for multiple currencies The amount is in the currency of mc_currency, where x is the shopping cart detail item number. The sum of mc_gross_x should total mc_gross. mc_ handling_x Transactionspecific for multiple currencies The x is the shopping cart detail item number. The handling_cart cart-wide Website Payments variable is also included in the mc_handling variable; for this reason, the sum of mc_handling_x might not be equal to mc_handling Order Management Integration Guide October 2006 55 IPN and PDT Variables Website Payments Standard and Refund Information TABLE A.4 56 IPN and PDT Variables: Website Payments Standard and Refund Information Variable Name Possible Values mc_ shipping_x Transactionspecific for multiple currencies Character Length Description This is the combined total of shipping and shipping2 WebsitePayments variables, where x is the shopping cart detail item number. The shippingx variable is only shown when the merchant applies a shipping amount for a specific item. Because profile shipping might apply, the sum of shippingx might not be equal to shipping. num_cart_ items If this is a PayPal Shopping Cart transaction, number of items in cart. option_ name1 PayPal appends the number of the item where x represents the number of the shopping cart detail item (e.g., option_name1, option_name2). 64 option_ name2 PayPal appends the number of the item where x represents the number of the shopping cart detail item (e.g., option_name2, option_name2). 64 option_ selection1_ x PayPal appends the number of the item (e.g., option_selection1, option_selection2), where x represents the number of the shopping cart detail item. 200 option_ selection2_ x PayPal appends the number of the item where x represents the number of the shopping cart detail item (e.g., option_selection1, option_selection2). 200 parent_txn_ id In the case of a refund, reversal, or canceled reversal, this variable contains the txn_id of the original transaction, while txn_id contains a new ID for the new transaction. 19 payment_ date Time/Date stamp generated by PayPal, in the following format: HH:MM:SS DD Mmm YY, YYYY PST 28 October 2006 Order Management Integration Guide IPN and PDT Variables Website Payments Standard and Refund Information TABLE A.4 IPN and PDT Variables: Website Payments Standard and Refund Information Variable Name Possible Values payment_ status Canceled_ Reversal Completed Denied Expired Failed Pending Processed Refunded Reversed Voided The status of the payment: Canceled_Reversal: A reversal has been canceled. For example, you won a dispute with the customer, and the funds for the transaction that was reversed have been returned to you. Completed: The payment has been completed, and the funds have been added successfully to your account balance. Denied: You denied the payment. This happens only if the payment was previously pending because of possible reasons described for the PendingReason element. Expired: This authorization has expired and cannot be captured. Failed: The payment has failed. This happens only if the payment was made from your customer’s bank account. Pending: The payment is pending. See pending_reason for more information. Refunded: You refunded the payment. Reversed: A payment was reversed due to a chargeback or other type of reversal. The funds have been removed from your account balance and returned to the buyer. The reason for the reversal is specified in the ReasonCode element. Processed: A payment has been accepted. Voided: This authorization has been voided. payment_ type echeck instant echeck: This payment was funded with an eCheck or EFT. instant: This payment was funded with PayPal balance, ELV, giropay, credit card, or Instant Transfer. Order Management Integration Guide Character Length Description October 2006 57 IPN and PDT Variables Website Payments Standard and Refund Information TABLE A.4 58 IPN and PDT Variables: Website Payments Standard and Refund Information Variable Name Possible Values pending_ reason address authorization echeck intl multicurrency unilateral upgrade verify other Character Length Description This variable is set only if payment_status = Pending. address: The payment is pending because your customer did not include a confirmed shipping address and your Payment Receiving Preferences is set yo allow you to manually accept or deny each of these payments. To change your preference, go to the Preferences section of your Profile. authorization: You set
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Page Mode : UseOutlines XMP Toolkit : 3.1-702 Producer : Acrobat Distiller 7.0 (Windows) Creator Tool : FrameMaker 7.2 Modify Date : 2007:07:27 14:08:31-07:00 Create Date : 2006:12:18 16:25:53Z Metadata Date : 2007:07:27 14:08:31-07:00 Format : application/pdf Title : PayPal Order Management Integration Guide Creator : PayPal, Inc. Document ID : uuid:7cb6ea66-a28f-4610-a5e7-09027ba5b4d6 Instance ID : uuid:a0e2bcdf-dd41-4e64-a1f9-c571bd0e5502 Page Count : 88 Author : PayPal, Inc.EXIF Metadata provided by EXIF.tools