[ic] Paypal IPN?

Christopher Wenham cwenham at synesmedia.com
Tue Dec 23 13:23:15 EST 2003 

On Tuesday 23 December 2003 04:04, Tom wrote:
> Im trying to develop a PayPal IPN Gateway with interchange My question is
> when User selects PayPal as a payment option where do I put the code to
> require the PayPal Gateway? Anyone can help me develop this will be great.

 IPN needs a URL for PayPal to POST a form to, so you'll need to create either 
a standalone CGI program for PayPal to POST to, or create a page in the 
catalog's "pages" directory that contains the code to do your magic.

 BUT... IPN integration has been looked at for Interchange several times in 
the past, but there's a big problem that implementors keep running into. If I 
have this right, I think it goes like this:

 1) There is no way to avoid sending the customer off to PayPal's web site, 
because you can't take the customer's PayPal username and password and then 
masquarade as that user to PayPal. (Despite being against PayPal terms of 
service, It's not even worth trying, because you have no way of knowing what 
source of funds attached to the customer's PayPal account they want to use.)

 2) PayPal does not automatically redirect the customer back to your site once 
the payment is complete. The best you can get is a little "Continue" button 
on the final page of the PayPal sequence, which you can program to take the 
customer back to your site. Not every customer will remember to click on that 
button, so it's not a reliable way to inform Interchange that the payment was 
successful. 

 3) IPN should theoretically solve that problem, because PayPal will POST a 
form to any URL you specify when the payment is complete. But this POST will 
come from PayPal's IP address and not the customer's, so Interchange will not 
recognize it as part of the same session. That means any Interchange page 
called by that POST will be in a new session with an empty shopping basket 
and no customer information. 

 The only way to get around the IP address mismatch is to run Interchange in 
WIDEOPEN mode, which opens up a security hole and isn't really an option in a 
serious production environment.

 4) Last but not least, even if you do somehow get Interchange to use the 
contents of the IPN POST within the customer's session, there still isn't a 
reliable way to get the customer's browser back to your site so you can show 
her the receipt page. I think the best you can do is to display a message 
asking the customer to click on the "Continue" button at the end of the 
PayPal sequence before you send her to PayPal's site, and then hope the 
customer remembers it.

 This is the reason why most Interchange users and consultants I know of still 
recommend just adding a link or a pop-up window on the Receipt page. You can 
record the order, deliver the receipt to the customer, and then explain very 
clearly that the customer still has to go through PayPal before their order 
will ship.

Regards,
-- 
Chris Wenham - Synesmedia, Inc.
http://www.synesmedia.com
516-620-4110 / 1-888-255-7573
Fax: 516-908-7824

More information about the interchange-users mailing list