Reputation: 476
How to make safe Rails PayPal payment?
I'm using this guide https://launchschool.com/blog/basic-paypal-checkout-processing-in-rails to redirect user to special PayPal page via simple get request.
Then website will wait PayPal answer at special hook page to allow the user to get his goods. But PayPal answer is just a simple post request, how to be sure that is a real PayPal answer, not fake request from third side app with the same params?
SOLVED
Additional layer of logic is needed. When PayPal sends a post request to our hook handler, we should resend it to special validation address, according to documentation https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNImplementation/
If it answers with "VERIFIED" - we could continue process the request
Upvotes: 0
Views: 39
Answers (1)
Reputation: 26056
When it mentions return_url it's talking about Payment Data Transfer (PDT).
When it refers to notification_url it's talking about Instant Payment Notification (IPN).
These are both similar in that you will send a POST request back to PayPal for verification purposes. If the data actually came from them, you'll get a VERIFIED result back. If not, it will be INVALID.
If the sample code included in that guide is not including this call back, then it's not a complete guide (and missing a vital piece of the puzzle.)
Details on this procedure are available in the docs linked above.
Upvotes: 1
Related Questions
- How to integrate Paypal with Ruby on Rails
- Best way to integrate Paypal with Ruby
- PayPal Integration with Rails
- How to integrate paypal with ruby on rails app?
- Paypal Recuring Payment with Paypal Express
- Paypal Rails Payment
- Rails PayPal proof of concept
- Security concerns with paypal_adaptive gem
- Paypal with rails
- How to create a secure credit card gateway using paypal / ruby on rails / active merchant