Reputation: 28968
How to explicitly reject an IPN request
In the documentation for IPN, it says things like "Check email address to make sure that this is not a spoof". But I cannot see what to do when that is the case, and how I tell PayPal I want to reject a transaction. E.g. do I sent back a 400 instead of a 200? Or alter the POST data in some other way?
Or do I just ignore the message? (The problem with that is that PayPal will keep re-trying, which is wasted bandwidth for us, but also means it takes longer for the user to hear about the payment failure.)
Background: I realize sending it back to PayPal and getting the VERIFIED message back handles most security issues. But in my case, there is some unique ID information in the custom field. If that is missing, or does not validate against the DB, I want to reject the payment. I want my customer to see it failed, so they know to go and use a fresh form. The alternative is to accept the payment, and then have to involve a manual process trying to work out who the payment came from, and then possibly do a manual refund. (Other reasons to do this might be that the inventory has sold out in the split second between them seeing a product on the site and clicking BUY.)
Upvotes: 2
Views: 327
Answers (3)
Reputation: 311023
The payment didn't fail. PayPal is notifying you that the payment succeeded: not asking you whether you want to accept it. You can't reject it at this stage.
Upvotes: 2
Reputation: 1144
IPN is Instant Payment Notification. After the payment paypal notify you the result of the payment. Check if connection VERIFIED, and next if if the payment is Completed and mark the result in the database.
If you say to PayPal the ipn address in the cart, Paypal send you the notification. You can't say to paypal: "yes please, send me a notification" and when receive say "why you send this?" If you put ipn in cart form you can provide a ipn url with code 200, not 404. Or remove ipn value in the cart form
Upvotes: 1
Reputation: 8508
Simple send back a 200 code to let Paypal know you received the IPN, otherwise Paypal will try to send the IPN response repeatedly.
Upvotes: 1
Related Questions
- Rejecting a PayPal IPN request for security reasons
- paypal IPN returns pending_reason: unilateral
- Validate that IPN call is from PayPal?
- Paypal IPN for cancel billing agreement
- How to deny payment via PayPal IPN?
- Invalid Paypal IPN Response
- How do I stop a PayPal transaction from inside the IPN?
- Preventing duplicates with Paypal IPN
- Paypal IPN Message
- PayPal IPN validation