I needed to implement a payment module on a project and decided to use PayPal’s Web Payment Standard. I was pretty impressed with the simple approach and with the complete sandbox that PayPal provides to test out the solution. With very little effort I was able to code something that works, and even implemented the Instant Payment Notification (IPN) part of the solution for something more robust. Here’s a quick overview of how things work.
Web Payment Standards accomodates a number of different scenarios, I’ll only describe mine. I wanted PayPal to handle only the payment part of the transaction, as I already had a shopping cart built. No problem, says PayPal’s documentation. Integrating basically consists in posting a form to a PayPal URL including a number of hidden fields. Among those hidden fields are required fields, like the account the payment is to be made to, the information for the items in the shopping cart, etc. You can also include some optional fields that allow you to customize the header of your payment page, background color, the URL the user will be returned to once they complete their payment, etc. It’s really that easy. Pass that information and PayPal will do the rest. While they collect a small percentage on transactions, I think the convenience of not having to look into merchant accounts as well as implement all the payment stuff is well worth it.
Now, for IPN. IPN is basically a good way for you to record the transaction on your end. Sure, you could just do that when PayPal returns the user to your page, but what if the user doesn’t go? I discovered that PayPal will NOT redirect the user to your page if they don’t have a PayPal account and just pay by credit card, which is a pretty common case. The user has to click on a button to return to your site. So you can’t rely on the user clicking on that button to record the transaction. Enter IPN. With IPN, PayPal makes an HTTP post to a page of your choosing. On that page, you can receive the HTTP post which has all the variables you’ll need to store the order in your database, email the customer, and whatever else you want to do. But before, there are some security mechanisms to verify the data. You will need to do an HTTP get request to PayPal’s server sending it back all the variables you received. You will then receive a status of INVALID or VERIFIED. Once your transaction is verified, there are a few more instructions that I won’t get into of things you can check before actually processing the order. So by using IPN, you make sure that your system records the transaction, independent of what the user does. If they paid, you’ll know about it, even if they wander off after they’re done paying.
Finally, it’s worth mentioning that you’ll be able to test this entire process on PayPal’s sandbox server. All you need to do is sign-up for a free account on the developer site. You will then be able to create accounts for testing purposes on the sandbox. The sandbox works exactly like the live PayPal site except financial transactions don’t actually go through. It even has a built in email reader so you can see the emails that would go out. Nifty.
I’m pretty happy with this system so far. The only disappointing thing is that the customization options for the look of the payment page are very limited. Also, I was disappointed about the auto return not working for non-PayPal account holders. But overall, I’m satisfied, and I can’t wait to have this live. Show me the money!