Paypal IPN: receiving instant payments in your web application.
This tutorial explains how to use Paypals IPN system with a simple single item purchase.Instant Payment Notification allows you to integrate your PayPal payments with your website’s back-end operations, so you get immediate notification and authentication of the PayPal payments you receive. The main use of IPN is where your website needs to know immediately that payment has been made. For example you might have sold something that you will then make available for the user to download.
There is a lot of information on the Paypal website which is worth looking at but the following tutorial will show you in detail a real world example of how to use it.
There are 3 main parts to an IPN system.
1) A webpage that initiates a call to Paypal to make a payment
2) A php page on your webserver that Paypal calls to notify you that payment has been made
3) A webpage that confirms the above have occurred, and continues on to the next phase of you web application.
1 and 3 will be part of your website and accessible to users in the normal way. 2 however is only ever accessed by paypal.
I will first explain some of the issues that go with using IPN.
Paypal Account Setup
Your Paypal account must be setup correctly to use IPN. Check the following in your paypal account (under edit profile).
under “Selling Preferences” , “Instant Payment Notification Preferences”
- set IPN to “On”
- set IPN Url to the page containing the ipn code shown later in the tutorial. The name I use is “http://<yourwebsite address>/paypalipn.php” but you can use anything here.
Under “Selling Preferences”, “payment receiving preferences”
- block payments from users who pay with echeck. (This is because these will not be instant)
Under “account information” , “email”
- make a note of your primary email address. You will need to embed it in the code below. This email will be visible to users so make it a professional one. Users don’t get a good feeling about sending money to a hotmail address or to an address that doesnt match the website.
Sequence of Events
The way IPN works is a bit unusual so to explain…
You initiate IPN by sending a message to Paypal from the webpage that the user is on when they confirm a purchase.
What happens next is that 2 completely separate chains of events occur.
- The first is the obvious one where the user goes to the paypal website, makes the payment and is returned to your website where they can be told their purchase is confirmed.
- The second is initiated by Paypal and envolves Paypal calling up a predetermined webpage on your site (paypalipn.php). Paypal will send a message to this page which indicates that the payment has happened, how much was paid, who paid it, who was paid etc. On this page you need to check these details and somehow log that the payment has happened, usually by updating a database.
These two chains of events are happening at the same time (only the first is visible to the user). Although as the paypal event is more complex it will usually take longer. For this reason when you send the user to the confirmation page and it checks the database that payment has happened ok it may well find that the payment hasn’t yet been made. You will need to create some code that waits for the payment to go through and as this can take quite a few seconds you will need to inform the user with a message along the lines of “Waiting for Paypal to confirm payment…”.
So in summary
- Customer makes a payment through your website.
- Paypal sends an IPN to your specified ipn webpage specifying what has been bought etc
- Your webpage validates the IPN and sends Paypal an acknowledgement.
- Customer continues to access your website.
2 and 3 occur in parallel with what the user is doing in 4) on your website.
The purchase page
The easiest way to generate the code to use on this page is to use Paypals “Buy Now Button” function. Log in to Paypal and look under Merchant Services for “Buy It Now” button.
Fill in the information as required
You must take steps to ensure the security of the purchase.
There are various ways of doing this
- Encrypt the button on the paypal site (there is an option for this)
- Encrypt the button yourself (complex and beyond this tutorial)
- Manually check all prices before shipping. I assume this isn’t appropriate for this tutorial.
- Check all the values in the IPN processing. (Explained below in the paypalipn.php code)
If you enter an image for the button make sure it is on a secure (https) server otherwise the user will get a warning about insecure items which may scare them off continuing with the purchase.
Click to “Create Button” and copy and paste the code produced into your purchase web page.
The code will look something like this…
The IPN webpage code
Paypal IPN page
Save this as paypalipn.php
Notes
There are two methods of validating the IPN sent by Paypal. Shared Secret and Postback. Paypal recommends shared secret as it is more secure but this tutorial uses Postback. Shared Secret requires that you have dedicated hosting, SSL enabled and you use Paypal Encypted website payments. Paypal recommends Postback for shared hosting applications and where you dont have SSL.
They also don’t recommend you use IPN unless you have SSL !
This is too complicated!
Hope you enjoyed the tutorial. IPN is a complicated subject. If you found it too complicated there are a few commercial products out there that will handle everything for you, such as
Here are some useful websites to help you.
do not attempt this tutorial on crack
I am trying to figure out if you have to have a
business Pay Pal account to access the IPN area.
I was told by the instuctions on a digital delivery script I bought to just login to my reg Pay Pal account and the IPN is under edit profile but I cannot find it in my standard Pay Pal account.
I can make Pay Pal buttons. I have the sandbox account. I just need to enable the IPN settings
and paste a string into the box.
I have looked eveywhere but cannot find the IPN settings area. Is that only avaiilable if you open a business account.
I know his sounds stupid, and that I should probably already have the Business account, but I want to test this script out first and I am a way from launching my site.
So I am trying to try this Digital Delivery out first and get it down prior to openibg my site.
Any help would be appreciated.
Thanks,
Mike
Hi Mike,
There are Personal, Premier and Business accounts.
You need Premier or Business I think.
Cheers
Mike
Forgot to say,
What you really need to do is sign up for Paypal Developer network at https://developer.paypal.com/
This lets you create pretend accounts using pretend money! So you can try everything out first before going live. Including creating dummy Business Accounts.
Edit: Just noticed you say you have the sandbox, so I guess you know about this. I’ll leave the comment up though as it might be useful to others.
Mike
Hi,
I followed your instructions but after i uploaded the file i went to it using my browser and i get an error message.
Parse error: syntax error, unexpected ‘=’, expecting ‘)’ in /home/lionel/public_html/runescapegod/paypalipn.php on line 13
Please Help
Hi Edison,
There was a bug on that line which I have fixed now. You might need to refresh the page to get the fixed version. Also emailed you.
The > sign had turned into & gt;
Mike
Think I just deleted a real comment by mistake in the middle of the endless Spam. Please repost.
Hey Mike, or others looking in their account for the IPN setting – I can never find it either; all i can do is search paypal for IPN, and that takes you to the page where you can turn it on or off and set the URL for the postback.
Good job on commenting the code.
I still have one doubt when you say:
“a “custom” variable is available for you to pass whatever you want in it.”
Since I need to manange online transactions, I need to pass Paypal an “OrderId” and more important, I need paypal to send it back to my php script to procees the transaction. How do you do that? Is there any other way to assure transactions on my website and payments on paypal?
Thank’s in advance.
Oriol
To pass an orderid using the custom variable…
In the button code you can see the last line before the end of the form in the example is
<input type=”hidden” name=”custom” value=”any other custom field you want to pass”>
so you would change this to
<input type=”hidden” name=”custom” value=”your orderid value”>
obviously you will need to put an actual value in here.
Paypal will pass this through and you can get it in the paypalipn.php code
In my example I have…
// a “custom” variable is available for you to pass whatever you want in it.
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$item_colour = $_POST['custom'];
So you would change $item_colour to $orderid
Thanks for the comment. Hope this helps.
Mike
Is there a simpler method? I’m still trying to grasp a lot of this, and want to be able to code some IPN into my applications, however, some are subscription based sites, and others are download based sites. Is there a simpler version of the code to learn from firsthand?
not that I know of, sorry. If you find any good resources let me know and I’ll add them to the tutorial.
Mike
Hi Mike,
thank you for this tutorial. I’m trying to integrate it – with some minor modifications – into my site. I’ve tried it and I do receive the payment (from a MasterCard) into my PayPal account but my ‘paypal_ipn.php’ didn’t do anything (no database upgrade, no e-mail sending). I checked the URLs, everything seems to be OK… Can you help out somehow?
I really appreciate your time.
Hi Victor,
You uncommented the success debug code? And changed where I put payit@designertuts.com to your own email address of course.
If you are getting the payment I would expect the success debug email to be sent. Strange if it isn’t. Why don’t you post your code or email it to me mike@designertuts.com
Mike
Hey,
Thanks for making such a seemingly impossible task simple.
The documentation was very daunting and I had been putting off IPN for a while, but it was easy as hell to integrate with this tutorial.
Thanks
Stephen
Cheers Stephen,
Like your Pagerank checker
Mike
Thanks for the tutorial–very helpful. It has a bit more explanation than Paypal’s (at least the one I found).
Very good tutorial – best one I’ve found so far. I am currently editing your code to suit my needs.
It would be fairly useful if you gave an example that included putting completed transactions in a mysql database and checking for duplicates via said database. Just a suggestion.
Thanks for the comments and suggestion Tristan.
Hey there,
Great post, i finished testing it and it works, first time ever something i downloaded is working first run.
Thumbs-up
Very informative, much better than Paypal documentation…..plz suggest abt creating a DB to b linked to this page which can check the duplicate ipns….
Hi,
I am working on a project which involves Paypal IPN integration, I have to say your article does provide basics in a nutshell. Thank you for the same.
-Tejas