This tutorial explains how to use Paypals IPN system with a simple single item purchase.Instant Payment Notification allows you to integrate your PayPal payments with your website’s back-end operations, so you get immediate notification and authentication of the PayPal payments you receive. The main use of IPN is where your website needs to know immediately that payment has been made. For example you might have sold something that you will then make available for the user to download.

There is a lot of information on the Paypal website which is worth looking at but the following tutorial will show you in detail a real world example of how to use it.

There are 3 main parts to an IPN system.

1) A webpage that initiates a call to Paypal to make a payment
2) A php page on your webserver that Paypal calls to notify you that payment has been made
3) A webpage that confirms the above have occurred, and continues on to the next phase of you web application.

1 and 3 will be part of your website and accessible to users in the normal way. 2 however is only ever accessed by paypal.

I will first explain some of the issues that go with using IPN.

Paypal Account Setup

Your Paypal account must be setup correctly to use IPN. Check the following in your paypal account (under edit profile).

under “Selling Preferences” , “Instant Payment Notification Preferences”

• set IPN to “On”
• set IPN Url to the page containing the ipn code shown later in the tutorial. The name I use is “http://<yourwebsite address>/paypalipn.php” but you can use anything here.

Under “Selling Preferences”, “payment receiving preferences”

• block payments from users who pay with echeck. (This is because these will not be instant)

Under “account information” , “email”

• make a note of your primary email address. You will need to embed it in the code below. This email will be visible to users so make it a professional one. Users don’t get a good feeling about sending money to a hotmail address or to an address that doesnt match the website.

Sequence of Events

The way IPN works is a bit unusual so to explain…

You initiate IPN by sending a message to Paypal from the webpage that the user is on when they confirm a purchase.
What happens next is that 2 completely separate chains of events occur.

• The first is the obvious one where the user goes to the paypal website, makes the payment and is returned to your website where they can be told their purchase is confirmed.
• The second is initiated by Paypal and envolves Paypal calling up a predetermined webpage on your site (paypalipn.php). Paypal will send a message to this page which indicates that the payment has happened, how much was paid, who paid it, who was paid etc. On this page you need to check these details and somehow log that the payment has happened, usually by updating a database.

These two chains of events are happening at the same time (only the first is visible to the user). Although as the paypal event is more complex it will usually take longer. For this reason when you send the user to the confirmation page and it checks the database that payment has happened ok it may well find that the payment hasn’t yet been made. You will need to create some code that waits for the payment to go through and as this can take quite a few seconds you will need to inform the user with a message along the lines of “Waiting for Paypal to confirm payment…”.

So in summary

1. Customer makes a payment through your website.
2. Paypal sends an IPN to your specified ipn webpage specifying what has been bought etc
3. Your webpage validates the IPN and sends Paypal an acknowledgement.
4. Customer continues to access your website.

2 and 3 occur in parallel with what the user is doing in 4) on your website.

The purchase page

The easiest way to generate the code to use on this page is to use Paypals “Buy Now Button” function. Log in to Paypal and look under Merchant Services for “Buy It Now” button.

Fill in the information as required

You must take steps to ensure the security of the purchase.
There are various ways of doing this

• Encrypt the button on the paypal site (there is an option for this)
• Encrypt the button yourself (complex and beyond this tutorial)
• Manually check all prices before shipping. I assume this isn’t appropriate for this tutorial.
• Check all the values in the IPN processing. (Explained below in the paypalipn.php code)

If you enter an image for the button make sure it is on a secure (https) server otherwise the user will get a warning about insecure items which may scare them off continuing with the purchase.

Click to “Create Button” and copy and paste the code produced into your purchase web page.

The code will look something like this…

button code

The IPN webpage code

Paypal IPN page
Save this as paypalipn.php

Notes

There are two methods of validating the IPN sent by Paypal. Shared Secret and Postback. Paypal recommends shared secret as it is more secure but this tutorial uses Postback. Shared Secret requires that you have dedicated hosting, SSL enabled and you use Paypal Encypted website payments. Paypal recommends Postback for shared hosting applications and where you dont have SSL.
They also don’t recommend you use IPN unless you have SSL !

Hope you enjoyed the tutorial. IPN is a complicated subject.

Here are some useful websites to help you.

Overview

IPN Variables

Order Management Guide

Script Generator

Forum