IPN vs PDT The IPN System, How it works Why you’re “sort of” Good to Go Who can use IPN Lets go play in the sandbox Details about Test Accounts Creating Buy Buttons 2 Ways to NOT Test Bu
Trang 1Real World PayPal IPN
Paypal’s Instant Payment Notifications
are GREAT*
*Once You Actually Get Them to Work
Paul Croubalian
First Edition
Trang 2The name, “PayPal” is owned by PayPal (Nasdaq: PYPL) and is used within this text solely for ilustration and indentification pur- poses PayPal neither endorses nor approved that which is written herein.
The author has taken care in the preparation of this book, but
makes no expressed or implied warranty of any kind The author assumes no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs con- tained herein.
For information about buying this title in bulk quantities or for special sales opportunities (which may include electronic, print, or audio versions, content particular to your business, training goals, marketing focus, branding interests, or consulting) contact the au- thor at Paul@PaulTheGhost.com
Copyright © 2017 Paul Croubalian
This publication is protected by copyright and permission must
be obtained from the author prior to any reproduction, storage in
a retrieval system, or tansmission by any means, electronic, chanical, photocopying, recording, or any other means Contact the author for information regarding permissions.
me-ISBN (eBook): 978-1-988406-02-2
ISBN (print): 978-1-988406-04-6
ISBN (audioBook , as narrated by the author):
978-1-988406-03-9
Trang 3Conventions used in this book
What you will learn
Just how “instant” is Instant?
IPN vs PDT
The IPN System, How it works
Why you’re “sort of” Good to Go
Who can use IPN
Lets go play in the sandbox
Details about Test Accounts
Creating Buy Buttons
2 Ways to NOT Test Buttons
Customizing a Hosted Button
The REAL way to test Hosted Buttons
How to build a button from scratch
Stored vs Custom Buttons
Creating your listener
Dissecting Listener.php
PayPal’s IPN Simulator
Debugging the listener
Appendix: Variables and Values
Variables for special PayPal features
Individual items variables
Payment transaction variables
Shopping cart variables
Recurring payment variables
Automatic Billing variables
Installment Plan variables
PayPal checkout page variables
Auto-fill PayPal checkout variables
Instant Update API variables
Variables for dimensions of individual itemsReader Promotions
About the Author
Trang 4Conventions used in this book
Most text is written in this font Code samples, or anything lating to code is written in this font
re-ProTip: ProTips offer hacks or
short-cuts or just things to be careful
of Watch for these Tips They can save you a ton of
headaches.
Note: Notes are used to point
something out that I sider important Watch for these too Some-
con-times, they just repeat something in the text
I know people like to skim ;-)
Bookmark Navigation, No Table of Contents
The eBook use Bookmark navigation You can access the
bookmarks (which are easier to use) from the top left corner of your device, or from the Table of Contents
Three versions: eBook, Book, & AudioBook
The eBook version uses capabilities found in next-generation readers, tablets, smartphones, and computers That means you can zoom in and out using the pinch-and-zoom method I increased font sizes so that you shouldn’t need to do that on every page
The print version has extra stuff in the Appendices It’s tough to click a link on a printed page Well, it’s easy, but doesn’t take you anywhere
Both are available on Amazon If you bought the print book, you can get the eBook at a heavily discounted price
The audio book version should be ready in June of 2017
Cheers
Trang 5What you will learn
After reading this book, you will be able to actually use al’s Instant Payment Notification system
PayP-That may not sound like a lot
It is
Once it gets going, it goes on forever on its own
IPN will make your life easier
Once you get it going
You’ll see orders and deposits run automatically
Once you get it going
You can connect everything through your server back end to make things seamless, automatic, and effortless
Once you get it going
Getting the darned thing going is another story altogether
I wasted three solid weeks six months apart trying I spent 3 months invoicing manually! That’s not ideal
Documentation isn’t the greatest Until now, I couldn’t find thing that set out a repeatable process, let alone set one out in simple English
any-That’s why I decided to write this book It helps that I’m a
ghostwriter who’s specialty is demystifying tech
I save you the headaches, aggravation, and Tourette’s style outbursts that accompanied me on this journey
Instant Payment Notification (IPN) does pretty much what its name implies IPN notifies you (nearly) instantly of any actions people make on, to, or with your account
That’s the first gotcha!
There are many more I’ll share the ones that kicked me in the teeth
Trang 6IPN notifies you of any action.
A notification that somebody added something to a shopping cart is not the same thing as the notification that somebody ac-tually bought that stuff
Don’t laugh! It took me hours before I figured out why I had so many repeating notifications They can come in one right after the other
Just that warning alone is worth the price of this book
No worries, once you understand that, you can deal with it It’s better to get too much info than not enough
You will be able to verify that the order actually came from Pal
Pay-You will know who bought how much of what, for how much
and when
Then you can fill the order
You will learn how to use PayPal’s sandbox feature to build and test your notification system
You will also learn how to build custom buttons on the fly
You will know how to have your system send you an email opsis of every notification You’ll also know how to turn those emails off
syn-You’ll learn how to generate a log of all notifications, busted up
by month and day
You’ll Learn how to make your system read the incoming cations, ask for verification, and then act on the ones you need
notifi-to act on
PayPal will send info They will even confirm that it came from them
They won’t do the work for you
Just how “instant” is Instant?
Paypal goes to great lengths to tell you the system is not really
“instant.” Okay, so they’re right But VVFN, “very, very fast fications” doesn’t sound as cool IPN is plenty fast enough for most purposes
Trang 7noti-It’s even fast enough for situations where the buyer is waiting for a download link.
I ran 1000 test buys The slowest one was 32 seconds No
other test even came close to that The next slowest was 21 seconds Most, over 700, worked in less than 8 seconds That super slow one may have been due to the bad weather, busy servers, or maybe my ISP was running slow
Isn’t it funny how nowadays, 32 seconds seems like an ty?
eterni-I also include links to my web site where you can download the code we talk about here Those files are the actual code but
in RTF format with color-coded notes They make things very easy
That’s a drawback common to books and eBooks It isn’t easy
to get stuff like code from the book to your site
Those links fix that They’re regular text files in rich text format (RTF) Just save them as PHP when ready
If you’re ready, so am I Let’s get to it
You’ll have it up and running before lunch
Note: All the examples and scripts
available for download are
in PHP with mySQL as the database You
can easily morph them to your preferred
poison, sorry, language PHP and mySQL
combine to drive the internet Even
Face-book started out as a LAMP stack (Linux,
Apache, MySQL, PHP) I figured that was
the best place to focus.
Trang 8IPN vs PDT
PayPal has two notification systems, IPN and PDT PayPal
loves its acronyms We already learned that IPN was Instant Payment Notifications PDT stands for Payment Data Transfer Both use the Name Value Pair system, or NPV
Yeah, PayPal really loves its acronyms
NPV is fancy-pants talk It just means a variable name has a value associated to it No poop, Sherlock They’d be pretty use-less otherwise It’s like back in grade school when we learned X=3 That’s a name-value pair too “X” is the name 3 is the val-
ue
ProTip: The trick for making this stuff
work is in knowing which able names PayPal sends and which values those
vari-names have That can be complicated or easy I’m
Constructively Lazy so I found the easy way I’ll
show it to you soon.
Back to the two notification systems.
You would think that the “Instant” one would be faster, right? Nope
PDT is the real Instant one
PDT fires off a notification the very moment a buyer buys
There is no lag Not even a tiny lag of a few seconds They
click, “Buy,” and boom, you have a notification zipping over to you
You might be saying, “Yeah! That’s what I want! To heck with this IPN stuff Gimme PDT!!!!”
Hold your horses
First of all, they both get set up the same way Second, neither
is well-documented
Second, yes, PDT is faster We’re only talking seconds faster, though That extra speed comes at a cost, a Big One Capitals intended
Trang 9PDT sends a notification instantly That’s the problem.
Did you catch it? No?
I’ll repeat it This time I’ll add some emphasis
PDT sends a notification instantly That’s
Better late than never
There’s another problem with PDT It only sends payment fications That might not sound too bad at all But, there’s great value to being to automate everything not just payments
noti-IPN lets you know about:
¾ Payments received: That includes Express Checkout and Adaptive Payments
¾ Credit card authorizations: Handy if your Buyer
doesn’t have a PayPal account or prefers to use a
credit or debit card
¾ eCheck payments as well as pending, completed, or
denied situations
Trang 10¾ New subscriptions It will even automatically assign
user names and id for you, if you like
¾ New sign-ups or carts
¾ Cancelled subscriptions or carts
¾ Recurring payments: Those are related to
subscrip-tions and installment plans They’re great Payments
continue until either you or the buyer stops them The
buyer just needs to click once
¾ Chargebacks, disputes, reversals, and refunds
Okay, so maybe we don’t really want those Still,
they’re a fact of life
Once you have the info, you can do whatever you want with it
¾ You can email an order confirmation
¾ You can email an up-sell pitch
¾ You can add them to your email list for future
mar-keting
¾ You can update their info with the info from PayPal
¾ Update your customer lists
¾ Segregate your lists based on buying habits
¾ Update inventory
¾ Prepare a picking and/or packing slip
¾ Cut an order if you drop ship
¾ Issue a refund (not often, I hope)
¾ Update your accounting
¾ You can notify sales people of purchases by their
customers
¾ You can update and assign sales to affiliates
You have the data You can do whatever you need or want to
do with the data once you have it
Want the Speed of PDT with the reliability of IPN?
No problem Implement them both
Really, go ahead
Trang 11They aren’t mutually exclusive There’s no law, rule or even
guideline that says you can’t Nothing even says you shouldn’t PayPal believes, and I agree, that IPN is better suited for the vast majority of applications
If you need instant notification, use both I strongly suggest you don’t use PDT exclusively!
ProTip: IPN = good, IPN and PDT =
good, PDT alone = bad It’s not an either/or thing
It’s an IPN alone or IPN and PDT thing.
Even if you absolutely, positively need instant notifications, set them both up
The only reason I can see for not setting up IPN with PDT is if the thing being sold is crazily time-sensitive It would have to
be so much so, that you would rather lose a sale, and maybe a customer, than risk processing too late
Darned if I can think of something that would qualify Maybe off-track betting on horse races? Is that even legal?
Excited yet?
Ready to dive in with both feet?
Ready! Set! Wait a bit
Let’s look at a quick overview of how this puppy works first
The IPN System, How it works
If you’re reading this, you probably have some idea of what
HTML looks like You know about web forms and how they can use either GET or POST as methods When we start building custom buttons you’ll recognize them for what they are, web forms
You’ll also see how this thingamabobber works more clearly Bear with me for now
Trang 12When you see a ton of seeming gibberish in your browser’s address bar, it isn’t gibberish It’s a bunch of variables passed from one page to another Yes, they’re name-value pairs
That’s a GET
GETs aren’t very useful for what we’re doing here All the info would be sitting right on the browser bar for anyone to see or play with
If someone was crazy enough to use GET for a sale, any idiot that notices sale_price=100 can just delete a zero or two They can even delete the 1 Servers are fast They aren’t very bright
POST works very much the same way as GET but hidden in the background
Much better
PayPal uses a Secure POST to send you notifications You
set up a listener page to, you guessed it, listen for those fications Don’t worry about how that works just yet We’ll get there
noti-The listener hears the notification That’s not enough to act
on That info could be from anybody who knows the link to the listener page If they know the info PayPal passes, and that’s public, they can spoof it easily
So, no, we can’t act yet
The listener then parrots the info back to PayPal PayPal swers that, yes, it was them, or no, someone is messing with you
an-That step, called logically enough, “verification”, is vital
to the process We need to know we are talking to PayPal not some idiot scammer It’s pretty easy to pull it off
I’ll show you how
But, first, I’m reminded of a joke that illustrates the importance
of this point
A cell phone is just sitting there on a bench in a country
club’s locker room The locker room is a little noisy The
phone rings A man answers on hands-free
Man: Hello?
Woman’s voice: Hi, Honey, it’s me I’m at the mall with
the girls and I see the most amazing outfit But, it’s like
Trang 13Man: Well, if you like it, you like it Go ahead and buy it
Woman: Oh honey!!! You’re the best! While you’re in
such a good mood Do you mind if my Mother stays with us for a few weeks?
Man: No problem Whatever makes you happy
Woman: Oh, you are just the Perfect Man!! Bye
PayPal: Hey, Business, I got a guy here, Tom Smith,
who just bought a video game He paid for it Ship it to
his place, here’s the address
Business: Whoa there How do I know it’s you, PayPal?
PayPal: You have my number Call me back I’ll wait
Business calls back
PayPal: Paypal how can I help you?
Business: It’s me, Business You called about an order? PayPal: Could be What was it?
Business: Tom Smith bought a video game He’s at this address
PayPal: Lemme check Yup, got it right here
Tom Smith, one video game It’s bought and paid for
Go ahead and ship it
Business: Will do Thanks!
In a nutshell, that’s what happens In reality, this is what pens These are real sample communications You don’t need
hap-to worry about what they mean just yet Your site will handle that stuff
This is a sample of a notification for Tom Smith’s video game Express Checkout purchase for 19.99
Trang 14
gross=19.95&protection_eligibility=Eligi-BWMFAY&tax=0.00&address_street=1+Main+St&pay-ment_date=20%3A12%3A59+Jan+13%2C+2017+P-
ble&address_status=confirmed&payer_id=LPLWNMT-
ST&payment_status=Completed&charset=win-dows-1252&address_zip=95131&first_name=Tom&mc_fee=0.88&address_country_code=US&address_
com&txn_id=61E67681CH3238416&payment_type=in-action_subject=&payment_gross=19.95&ship-
0ZELryHFjY-Vb7PAUvS6nMXgysbElEn9v-1Xcm-SoGtf&payer_email=tomSmith%40example
stant&last_name=Smith&address_state=CA&receiv-er_email=gpmac_1231902686_biz%40paypal.com&pay-
Trang 15type=express_checkout&item_name=video+game&mc_currency=USD&item_number=1&residence_coun-
action_subject=&payment_gross=19.95&ship-
If it’s VERIFIED, you’re good to go, sort of You’ll see why it’s
“sort of okay” in a bit
If it’s INVALID, I just ignore it Others report the fraudulent tempt to PayPal You can take whatever measures you prefer
at-It works pretty much like our fictitious phone call between ers It’s just faster a lot faster
serv-There is some gobbledegook That’s because some symbols have special meaning to a web server You can’t use those as-
is The same goes for spaces The server will ignore anything after the space
That’s not a good thing All you would get from PayPal is
https://YourSite.com/listener_file_name?mc_
gross=19.95&protection_eligibility=Eligi-BWMFAY&tax=0.00&address_street=1
ble&address_status=confirmed&payer_id=LPLWNMT-If you know percent-encoding, you have no trouble reading
this Replace %3A with a colon Plus signs replace spaces
Ampersands signal the start of a new variable Replace %40 with a “@.” Now the message is easily read
I did it for you
The Human-Readable Message
mc_gross=19.95
protection_eligibility=Eligible
address_status=confirmed
payer_id=LPLWNMTBWMFAY
Trang 16Again,it’s not important for you to know what all that stuff
means just yet (although you can figure it out, right?) We’ll get
to it Still, it can give you an idea of what kind of information
you’ll get
Also, it’s a good idea to double check certain things before you act on the order
Trang 17That’s why I said you’re “sort of” good to go.
Why you’re “sort of” Good to Go
It’s like leaving your cell phone unattended in the locker room You can get into trouble
We’ll get to how in due course, but for now, let just say it would
be a good idea to double check that the item ordered
actual-ly exists, it’s at the price ordered, in the currency ordered, and that you’re the account the order is intended for
You wouldn’t want to ship me your U$10 item for one Mexican peso, would you?
Different notifications use different variables You will need to know which variables PayPal sends before you can work with the data in those variables
Makes sense, right?
There’s a hard way to do it and an easy way
Guess which one I like better We’ll get to how to do that soon too
What Variables are available
Different actions trigger different notifications Not everything
is pertinent to everything else A new subscriber notification
doesn’t need to mention sizes An order for a bikini doesn’t
need a subscription date There’s a list of variables that may be
in your notification in Appendix A
It’s a long list Don’t freak out
I’ll show you the easy way to find out what variables are
actual-ly in your notification I didn’t have this book when I started ing IPN I did it the hard way
us-The hard way is very hard
Then I figured out the easy way
The easy way is much better.That’s what I’ll show you That will come later when we dissect the listener
Trang 18Who can use IPN
Only business members can use IPN That makes sense The general public doesn’t sell stuff in any big way John Q Public doesn’t need automation for the occasional eBay sale
You don’t need a Premium Account (i.e paid) Even a free
business account can use IPN It might make sense for you to get a Premium account It might not That all depends on your needs, and doesn’t really matter for our purpose here
Standard or Premium, the method is the same
PayPal is pretty good about guiding you to the best solution When I first set my business up, I fully expected to open a
Premium Account Jeremy, the PayPal Guy, went over what I needed to do and suggested I stick with the Standard Plan
It’s rare that a big business will put its customer’s needs ahead
of it own I appreciated the gesture
Every business account can use IPN, but it is not active by fault You need to activate it It’s straight-forward
de-Activating IPN
First you need to get to your Selling Tools Depending on
where you happen to be on the PayPal site, you will need to do one of two things
1 – Click on your Profile icon It’s the icon that looks
like a head-and-shoulders children’s drawing From the
Business Profile section choose Profile and
Set-tings, then Selling Tools
OR If you don’t see the Profile Icon,
1 - Go My Account -> Profile -> Selling
Tools
2 - Now that you’re in Selling Tools, scroll down to the
Getting Paid and Managing My Risk part Click
on Update
3 - Enter your full web site link including the https:// part
Trang 19Note: You do have https, right? It
isn’t 100% required at time
of writing but it will be soon enough
You may as well get ahead of the curve
Be-sides, what with Google putting big red
in-secure warnings on http sites, you look like
a fly-by-night scammer if you don’t have
one.
Get an SSL certificate, get your https and be
done!
4 - Put the full URL for your web site and the file that will
process the PayPal message Yes, that’s your listener
Here’s an example https://www.example.com/my_
cat_bruce/process_message.php
A couple of things to add here I wouldn’t include “PayPal” or
“payments” or “here_is_the_cash_come_and_get_it” in that
filename It isn’t easily readable, but why chance it?
You need to put something in there, but you don’t need to fall in love with it Think of that link as the default place where PayPal will send you notifications You can tell PayPal to send the noti-fication for any button to a specific listener
For you techie types that’s, “You can set the listener matically.” For you non-techies, you can also set it when you create the button
program-We’ll get to that when we build custom buttons For now, just click Save and this part is done
Lets go play in the sandbox
Obviously, you wouldn’t want to test your IPN with real money PayPal realizes that They provide us with a playground where
we can test stuff without incurring a boatload of fees
Trang 20Like most playgrounds, this one has a sandbox
Lucky for us, PayPal’s sandbox has no cat poop in it
Unluckily for us, PayPal’s sandox has other gotchas
The Sandbox is just a replica of the real PayPal system The difference is that everything is simulated You create a fake business account and as many fake buyer accounts as you like You set them up anyway you like You can load your fake PayPal accounts with fake money or not You can link fake
credit cards You can make different fake accounts to simulate different real regions
I made Canadian fakes for every province to test taxation
scripts I also made fake US and UK accounts
Setting up your Sandbox is easy
1 Go to https//developer.paypal.com
2 Login Use the email and password from your
exist-ing PayPal Business account If you don’t have one, go
to PaylPal’s site and get one
3 PayPal will send you an email to confirm that you are you Reply to it
4 Go to https://developer.paypal.com/docs/
classic/lifecycle/sb_create-accounts/
5 Create at least two sandbox (i.e fake) accounts
You do need to create at least two fake accounts, a BUYER
type and a BUSINESS type The BUYER type account will do all the fake buying The BUSINESS type will be you getting all the fake orders, fake notifications, and oodles of fake dollars
You really should create BUYER accounts as both verified and not verified Let’s call that a suggested optional step
Those fake accounts work like they’re real except no money changes hands and no fees are charged
Actually, that’s not 100% true
It’s true that you won’t get charged anything on your real count But, PayPal does include what the fee would have been had that fake transaction been real
ac-It’s more accurate, and more useful, to say that PayPal
charges fake fees against fake accounts for fake buyers that buy fake stuff
Trang 21For real.
ProTip: Create your tests with real
item and cost data That way, you’ll also get the real Paypal cost of that transac-
tion You may as well have your tests do
double-du-ty.
Remember the passwords to those fake accounts You will need to enter the password when you place your fake orders Passwords don’t need to be super-secure The accounts don’t actually do anything
Note: Don’t forget the passwords
to your fake accounts They don’t actually do anything It’s safe to write
the passwords down.
Everything we will do going forward will be with those fake counts Once you have everything nice and operational, it’s a simple thing to make it go live
Trang 22ac-Danger: Remember what I said about
IPN resending failed tions? They can come back to drive you nuts
notifica-Some notifications may fail during testing to come
back to bite you on the ass when the system is live!
If you use the listener I suggest, you’ll be okay It
will catch sandboxed notifications that come through
when the system live It will send you an email to
that effect
You can and should code your processing scripts to
ignore them.
I know of one guy who didn’t do this Worse, or maybe luckily,
he used his home address as the sandbox BUYER account dress His warehouse shipped over 700 identical items to his house
ad-Not good
To be extra safe, create an email address specifically for your testing That temporary email must be reachable Remove it from the listener when you go live The listener will ignore any-thing sent to that email as the Business For example, if you test with fakeBucks@mycompany.com, remove that email from the listener
You’ll see what I mean once we dissect the listener file
A note on Back-End Testing
f you plan to test extensive back-end processes, you may want
to build your own sandbox It can just be a copy of your tem with a limited number of products, or a single mySQL table where records will go Ask your techies
sys-Details about Test Accounts
CountrySelect: You can set where the fake
BUY-ER or BUSINESS lives This way you can test shipping
Trang 23costs, tax, etc Set up as many test accounts as make sense to you.
Account type: Select either the
Person-al or Business radio button You must have at least one of each The BUSINESS account will receive all
your fake money The PERSONAL or BUYER account(s) will do the fake buying
Email address: This could be fake too PayPal won’t send emails from the Sandbox Instead, they will list stuff on both the Notifications tab on the Devel-oper site, and on the Sandbox test site You will use this email to login to the Sandbox site and to pro-cess your fake purchases The BUSINESS email must
be real to get your messages from the system It’s a
good idea to make an email just for testing
Password: The password must be 8-20
charac-ters long Use numbers, letcharac-ters, or both You’ll need the password to log in to the Sandbox test site as the test account and to process fake orders Don’t break your head making it super secure It’s not as if it actu-ally leads to anything Make it something you’ll remem-ber
First and Last names: Optional I just use,
“Fake BuyerUSA,” “FakeBuyerQc,” “FakeBuyerOn,” etc (I’m Canadian, eh!)
PayPal balance: Optional, but a really good idea This is how much fake money your fake Buyer has to make fake purchases You can enter any integer from 1
to 10 million Go hog wild It might also be a good idea
to make some accounts without money
Bank Verified Account: I suggest you create both Verified and Unverified fake accounts It will
be a better reflection of real-word situations
Select Payment Card: Test payments made
with different payment cards by selecting either
Discov-er or PayPal That only works for “US-based” fake ness accounts
busi-Credit card type: If you want, you can choose a single credit card type for each fake account Sandbox
Trang 24will create a fake card number for the fake account to
send you fake money with
Notes: Optional but suggested if you have several
fake accounts You can scroll through the whole page to
find out what makes this fake account different Or, you
can look at the note
Once you have at least one BUYER account and one
BUSI-NESS account you’re ready to move on to buy buttons
Creating Buy Buttons
There’s an easy way and a hard way to build buttons I usually prefer the easy way of doing anything That’s not necessarily the case this time
The easy way is to use PayPal’s button building and hosting function It works and works well It has advantages The secu-rity is built-in PayPal hosts the button It’s fast You can create
a button in record time even if you never saw HTML in your life You can customize some of it on the fly
One disadvantage is that you can’t customize all of it on the fly.That’s not the biggest disadvantage
The biggest disadvantage is also one of the reasons why so many people have trouble setting up IPN
PayPal hosted buttons are not sandbox-able That means they can’t be tested
I have no idea why PayPal wouldn’t include hosted buttons in the sandbox
Take it up with them
There is a workaround We’ll get to it soon Just know, that one way or another, you will need to learn how to build a custom button That’s not a bad thing
Things can be easy
Things can be completely customizable
Rarely are they both
Trang 25Creating a Hosted Button
¾ From your PayPal account, choose Tools from the
top menu bar
¾ Scroll down to All Tools and click
¾ Scroll down again to find PayPal Buttons On my page it’s on the far left, fourth row down Click that By
the way, if you click on the Heart, that Tool will be on your initial drop-down menu
¾ You’ll see links to sample buttons and links to create new ones
¾ To create a new button, click on “Create new
button,” and follow the steps
Done
ProTip: if you click on the Heart in the
box that takes you to Buttons, that Tool will be on your initial drop-down menu.
PayPal will write the HTML and show you a preview of what it will look like By default, it will notify to the link you set when you activated Instant Payment Notification on your account
By default, it also points to the LIVE PayPal site We definitely don’t want that right now
Let me show you what I mean This is the HTML generated by the Button Builder for a Sample Subscription button
<form action=”https://www.paypal.com/cgi-bin/webscr” method=”post” target=”_top”>
<input type=”hidden” name=”cmd”
src=”https://www.paypal-safer, easier way to pay online!”>
Trang 26<img alt=”” border=”0” alobjects.com/en_US/i/scr/pixel.gif” width=”1” height=”1”>
src=”https://www.payp-</form>
Look at the first line, <form al.com/cgi-bin/webscr” method=”post” target=”_top”> That tells the button to send to the LIVE site
action=”https://www.payp-We can’t use that Testing Live is never a good idea
There is no way to make a hosted button
work through the sandbox
No, there is no way to make hosted buttons play in the box Still, I actually found two “methods” for doing just that
sand-One was in another book The other was on an e-commerce forum
I tried them both
Neither worked
Maybe they worked in a previous version of IPN and/or PayPal Hosted Buttons Maybe not
Whatever they sure as heck don’t work now
If you’re curious, it is now May 14th, 2017
2 Ways to NOT Test Buttons
Just in case you skimmed to here, don’t
try this It doesn’t work There is no way
to make hosted buttons work in the
sand-box I’m listing these two pieces of wrong
advice just so you can recognize them if
you stumble upon them.
To make a hosted button work in the sandbox, you just
need to edit the form action link Just change <form
ac-
tion=”https://www.paypal.com/cgi-bin/web-scr” method=”post” target=”_top”> to <form tion=”https://www.sandbox.paypal.com/cgi-bin/webscr” method=”post” target=”_top”>
Trang 27Not quite
This mistaken advice is partially based on fact It’s true that
adding sandbox to the form action URL will make the URL point to the sandbox That’s what we do to test custom buttons Both the button and the listener need to play in the sandbox, so
we add the sandbox part
The stored button will not work
You will run through your listener’s code wondering what you did wrong
You will call me choice names your Mama wouldn’t approve of You’ll develop temporary Tourette’s
It wasn’t you
It wasn’t me
It was some well distributed bad advice
Button testing that DOESN’T work #2:
Just in case you skimmed to here, don’t
try this It doesn’t work There is no way
to make hosted buttons work in the
sand-box I’m listing these two pieces of wrong
advice just so you can recognize them if
you stumble upon them.
To make your hosted button play in the sandbox, you need to add an Advanced Variable It’s under the “Step 3” part of the Create PayPal Payment Button page
Click the check box and type “test_ipn = 1” on a line by self Now it’s aiming at the sandbox.! Just remember to switch
it-it back when you go live! Otherwise, you’ll never get paid
Trang 28Yes and no
Yes, if you include the test_ipn=1 you can catch it and not process it
No, PayPal doesn’t recognize test_ipn outside the sandbox
It will consider it a real transaction and process payment and charge fees
The test_ipn=”1” name-value pair will fly back and forth tween PayPal and your listener The trouble is that test_ipn
be-is particular to the Sandbox The live site passes it along but doesn’t know what to make of it
It has no idea what test_ipn means So it wil do what it
knows to do with the rest of the stuff it will process
pay-ments and charge fees
Incidently, that does mean you can use test_ipn as an extra custom field Play with it, but play carefully Using test_ipn
as an extra custom field only works when you’re live
It has real meaning when sandboxed
I haven’t tested any values other than 0 or 1 which can be
aliases for no and yes respectively
While we’re on the subject of adding Advanced Variables, think
if you want the button to aim at your default link or not If not, this is where you change it Type “notify_url=https://www.yoursite.com/boatLoadsOfCash/” or whatever it’s called
The Step 3 screen is also where you can add things like where
to send people after they paid, or, where to send them if they abandoned the purchase
No, sending people who abandon carts, “straight to Hell,” is not
an option Shame on you ;-)
Let’s get back to dissecting the Hosted Button
We already looked at this part, <input type=”hidden”
name=”hosted_button_id” value=”93YR2PTH8LT2Y”> , when we discussed the ways that don’t work to make Host-
ed Buttons work in the Sandbox Now you’ll understand why it doesn’t work
This part tells PayPal which stored button to use Since the
button is stored on the Live PayPal site, Sandbox can’t see it
Trang 29That value, 93YR2PTH8LT2Y, points to a place on PayPal’s servers that holds a bunch of info about what the button does
I think of it as shorthand for several name-value pairs, some of which are better kept away from prying eyes
Sandbox can’t read the contents of 93YR2PTH8LT2Y It gives
it the ol’ College Try, but it just can’t After a few seconds, an eternity in server-time, Sandbox gives up, throws its hands in the air, pouts, and throws an error
It’s the server equivalent of a hissy fit
Customizing a Hosted Button
You can set up a button right on PayPal and change it in your in-house code You can also add customization right on PayP-
al Sometimes you need to do both
Obviously, you can only customize what’s visible in the Hosted Button’s HTML Just like the Sandbox, you have no access to the contents of 93YR2PTH8LT2Y
That’s the whole point of a hosted button
A PayPal button is really just a web form It has a form action It has input labels It has input values connected to those labels Often you need to adjust what PayPal writes Some stuff is
standard and some things that PayPal gives I’m not quite fond
of
For example, you probably noticed that the form action has a target of top That means PayPal page will open right on top of yours
For me, it’s much smarter to send the buyer to another tab On the other hand, you might not like that idea Maybe you’ll be happier sending them to PayPal, then redirecting them back once they’re done
Different strokes for different folks
The important thing is not which is the “right” way to do it
There really isn’t a right way Whatever suits you is the right
way
I have a Twitter management platform I send people to PayPal
to subscribe It would be annoying for them to subscribe then
Trang 30be redirected back where they have to login again Better to just open a new tab They can close it when they’re done.
Right now we can’t really go deeply in customizing a hosted button There really isn’t all that much customization to do Be-sides, we have to list all the name value pairs There are so many of them, that it’s better we leave them to Appendix A
Don’t freak out There are tons of name-value pairs Most won’t apply to you
Note: When it comes to
customiz-ing Stored buttons, you can only change what’s already there You can’t
override values You can’t add name-value
pairs
If anyone at PayPal reads this: Allowing
both actions would make your stored
but-tons much more useful That’s just my
two-cents worth.
You’ve already seen a couple of ways to customize a button You added a different target link You decided how to open the link There is one thing, you probably should add, a custom field
Custom is a name that gets passed through PayPal and back PayPal passes it, and its value back unchanged
That custom field has a ton of uses
I don’t think I know anybody who doesn’t use the custom field
in their buttons
They are that helpful
Changing the default image
Probably the most common customization is to replace the
PayPal images with your own You can do it by simply creating
a new button and specifying the link to your own image
Trang 31Or, you can do it on the fly I know people who use their uct’s image as the actual buy button Why not?
prod-It’s this part that holds the image
<input type=”image” src=” objects.com/en_US/i/btn/btn_subscribe_LG gif” border=”0” name=”submit” alt=”PayPal - The safer, easier way to pay online!”>
https://www.paypal-<img alt=”” border=”0” src=” alobjects.com/en_US/i/scr/pixel.gif” width=”1” height=”1”>
https://www.payp-You can leave the red (<img ) part as is That’s just an ible one pixel by one pixel box It’s there to give some spacing It’s the blue part (https .) you’re interested in
invis-That blue part is the link to PayPal’s subscribe button
PayP-al has many buttons This is the one that this particular button chose There are even several subscribe buttons If there’s an-other one you like, just copy its link and paste it where the blue writing is
If there’s an image you would rather use that you have saved
on your own server, go ahead and use that link instead Your custom image will now replace the generic PayPal button
PayPal buttons are only HTML forms Even beginners can
quickly understand how to modify, edit, or even completely
build forms
Play with them any way you like Test them thoroughly
Once you’re happy with the button, you’re good to go
The REAL way to test Hosted
Buttons
Remember when I said there was no way to make Hosted tons work in the sandbox I’m not going back on that There re-ally is no way to do that
But-Surprising? Yes, I agree
Take it up with PayPal
Here’s my method of accomplishing the same thing
Trang 32Instead of making the Hosted Button play in the Sandbox
(which is impossible), build a button that does the same thing
as the Hosted Button Then, make that button play in the box
Sand-There are three steps to creating a Hosted Button We went through them all already Take a screenshot of every step Print out al three screenshots Use them as a recipe to build a cus-tom button
Test your heart out with the custom button
When you’re ready to go live, swap out the custom button code for the hosted button code Adjust it as needed and, boom!
The Down and Dirty method of “testing”
Stored button don’t really need to be tested What we really
need is to know exactly which name-value pairs PayPal sends through the IPN You need those to code your processing
scripts
The fastest way is to just do it live once!
You will get charged for the but and for fees Make-up a cheap product if you have to Once you get the IPN, hard-code the variables and values in the processing code and work from
It all depends on what you need done and why
It’s just a web form It’s just simple HTML It’s easy They teach HTML in grade schools now
Let’s take a look at the subscribe button for my site,
https://www.mytweet pack.com It’s not super
complicat-ed But it does show a few things that are harder to do with the buttons hosted by PayPal
Trang 33What my button needs to do
This isn’t a sales pitch, but we do need to go over a few things
we do That way you’ll have a better idea of what we need
done and why we do things the way we do
myTweetPack.com is a subscription-based Twitter Account Management System
Prospective members can subscribe for a 14-day free trial or
a longer one if they have a promo code (I added on at the end
of this book) They can cancel anytime If they do, subsequent payment will not process
If they don’t cancel by the end of their trial, their account will be charged Every month going forward, that charge will repeat until they or I cancel it They can cancel for any reason I must cancel if I want to change pricing in either direction
They can also subscribe a year at a time
What we need to know
We need some basic info to create their membership They
need to give us that info when they subscribe otherwise it’s an exercise in futility
Some members are also affiliates We need to track who came
to us from affiliates, and who those affiliates are
Eventually, we’ll need to pay those guys
Every month, when members pay their subscription fee, the system will extend their membership another month
If the expiry date passes with no payment, the system shuts down their access and deletes their stored data
Note: We changed our
subscrip-tion method after I first lished this book No matter This code bet-
pub-ter explains the concepts you need to wrap
your head around.
Trang 34Let’s start with the code, then we’ll go over it step-by-step.
<form action=”https://www.sandbox.paypal.com/cgi-bin/webscr” method=”post” target=”_blank”>
<! Identify your business so that you can collect the payments >
<input type=”hidden” name=”business”
val-ue=”yourAccount@yourSite.com”>
<input type=”hidden” name=”notify_url”
val-al_IPN.php”>
ue=”https://www.yoursite.com/whereToSendPayP-<input type=”hidden” name=”custom”
val-ue=”’.$handle.’”>
<! Specify a Subscribe button >
<input type=”hidden” name=”cmd” value=”_
xclick-subscriptions”>
<! Identify the subscription >
<input type=”hidden” name=”item_name”
val-ue=”myTweetPack Subscription for Account
Trang 35<input type=”hidden” name=”currency_code” value=”USD”>
<input type=”hidden” name=”a1” value=”0”> <input type=”hidden” name=”p1” value=”14”> <input type=”hidden” name=”t1” value=”D”>
<! Set the terms of the regular
Let me show you what I mean
Trang 36Let’s look at the script section by section First of all, we come
to this part, “<form action=”https://www.sandbox
paypal.com/cgi-bin/webscr” method=”post” get=”_blank”>.”
tar-You may be thinking to yourself, “Hey, that looks like the HTML for a web form.” You’d be right That’s all a PayPal button is just a web form This line just says to start a form and send it, when complete, to https://www.sandbox.paypal.com/cgi-bin/webscr It also says to use the POST method
That’s important
There are two main form methods, GET and POST GET writes the data as part of the link It’s visible to anyone, and can be edited directly That’s not terribly secure It’s not secure at all Even the Pope would be (at the least) tempted to rip you off
We don’t want the data to be easily edited or seen We don’t want buyers to set their own prices
POST sends the data as HTTP headers They can still be cepted and modified, but not at all easily The IPN system has
inter-a built-in check inter-and binter-alinter-ance system to protect even inter-aginter-ainst that slim risk
You may notice that the link isn’t paypal.com, but sandbox.paypal.com That’s right, this is a test button It only works in the fantasy world of the Sandbox
When it’s time to go live, we just remove the “.sandbox” part The link becomes, https://www.paypal.com/cgi-bin/webscr and that’s all she wrote The button is live
Finally, that last bit, target=”_blank”, tells the browser to open the PayPal link in a new tab I prefer it that way for my business myTweetPack.com is a members-only system that offers free trials Rather than have them log back in, I find it’s better to open a new tab
That’s just me Do whatever is best for you The default is
target=”_top” That will open on top of the existing page If you use the redirect functions, that should be fine
Your call
Anything that starts with, “<!—“ and ends with “ >” is a ment It’s sole purpose is to let the reader of the code know what the next part does It isn’t part of the code at all
com-That doesn’t mean it’s not important
Trang 37You may know exactly what you have in mind right now Come back to the code in a year and it may be a completely different story I’m a big believer in the maxim that too much comment-ing is better than not enough
Jumping over that first comment we get to this first part,
“<input type=”hidden” name=”business”
val-ue=”yourAccount@yourBusiness.com”>
<input type=”hidden” name=”notify_url”
val-ue=”https://mytweetpack.com/whereToSendPayPal_IPN.php”>”
That section is actually two pieces Each are inputs The
type=”hidden” means exactly what it sounds like It’s den The buyer can’t see it The first one identifies you as the person to be paid Replace the placeholder text with the email you used to set up your PayPal account If you have several accounts, you can create different buttons for each account
hid-ProTip: The listener I suggest using
verifies the email against a hard-written list No match means no processing
Normally, emails are not case-sensitive That is not
the case with the listener me@mysite.com is
differ-ent from Me@MySite.com! That’s probably the
sin-gle most common error when the listener fails to act.
The second input statement, which is also of type hidden, is where you want PayPal to send your IPN I think it’s best to
have a single script that reads the incoming IPN I can also see reasons why someone may want to have others
When it comes to incoming IPN’s, I prefer a two-step process The first step is the back and forth yakking with PayPal That script doesn’t do all that much
1 It reads incoming notifications
2 It replies to PayPal that it got the notification
3 It parrots the notification back to PayPal for validation
4 It receives the verified message
Trang 385 It replies to PayPal that it got the verification.
6 It sends me an email and writes to a log file on the
server
7 It passes the info to another file that actually does stuff
with the information
It’s that other file that does all the work That’s the method I’ll show here
One file will read and confirm the IPN information Then it
pass-es everything to another file to act on it
This is why I do it this way
You don’t have all the time in the world to process the IPN tensive database access, data manipulation, and editing is best done after you’ve replied and verified
Ex-If it takes to long to reply, PayPal will just assume you didn’t get the message and try again later
ProTip: Split your process into two
lis-teners One only talks to Pal, the orher acts on the Verified information the
Pay-first listener sends it That way, you don’t risk acting
too slowly PayPal won’t process a false notification
failed message It won’t resend another one.
I don’t know about you I prefer to get paid sooner rather than later
It gets worse If your script is so long that you never answer
in time, your buyer might get their stuff five times and you will never get paid!
That’s really not good
Back to the button code
The following line of the button code is another hidden input statement This one is a little bit different and very powerful It defines a value for the custom field PayPal allows you to add a field that it calls “custom “
Trang 39<input type=”hidden” name=”custom”
val-ue=”’.$handle.’”>
That custom field can be anything you want Here, I use it to pass the Twitter handle along In other buttons, I use it to pass along an affiliate or promo code
Custom can be whatever you want The buyer doesn’t see it PayPal doesn’t act on it It’s just for you It could be whatever is meaningful to you
There are a ton of uses for that field But, if you don’t need it, feel free to omit this line from your button
You may notice that the code looks a little weird That’s
be-cause the value of “handle” is set programmatically The $
with a name designates a PHP variable So for me, it’s the able, “handle.” It gets assigned by a call to the database
vari-Note: One of the biggest
advan-tages to building your own buttons is that you can set all the values
programmatically.
The next book in this series will deal with
building, testing, and securing custom
Pay-Pal buttons.
The next line is
<! Specify a Subscribe button >
<input type=”hidden” name=”cmd” value=”_
xclick-subscriptions”>
This line specifies the type of button See how handy
com-ments are? In this case, we are building a Subscribe button Think back to when we talked about name-value pairs Here the name is “cmd” and the value is “_xclick-subscrip-
tions.” The code says as much
To change the type of button just change the value you set for the name cmd There’s a list of possible types in Appendix A
Trang 40Now that PayPal knows this is a subscription,
we give details
<! Identify the subscription >
<input type=”hidden” name=”item_name”
val-ue=”myTweetPack Subscription for Account
thing is that the name “item_number” has a value of Subscription.”
“Self-How’s that?
Last time I checked, “SelfSubscription” wasn’t a number Well, in this case it sort of is Anything we send back and forth will be sent as text If the item number was a real number like, say, 1000, we’d send it as “1000” You can use whatever you want
Now we get to something new.
<table>
<tr><td><input type=”hidden” name=”on0”
val-ue=”Twitter Handle”>Twitter Handle</td></tr>
<tr><td><input type=”text” name=”os0”
max-length=”16”></td></tr>
<tr><td><input type=”hidden” name=”on1”
val-ue=”Linked Phone”>Linked Cell Phone</td></
tr><tr><td><input type=”text” name=”os1” length=”20”></td></tr>
max-</table>
Remember that we need some information for the subscriber before we can create his or her account and app instance This part of the code creates a table with two text fields What’s un-usual is that the label for the text fields is repeated as a hidden field That’s so PayPal knows to associate the text the sub-
scriber enters with the value they enter