Instant Payment Notification (IPN) is PayPal's interface for handling real-time purchase confirmation and server-to-server communications. IPN delivers immediate notification and confirmation of PayPal payments you receive and provides status and additional data on pending, cancelled, or failed transactions. IPN can be used to manage and customize a variety of PayPal-enabled web services and communication, including: * Customize your website's response to customer purchases in real-time * Track customers via IPN "pass through" variables * Deliver access keys for software downloads and other digital goods * Automate your fulfillment operations * Track affiliate sales and commissions * Store transaction information in your own database Instant Payment Notification (IPN) is PayPal's interface for handling real-time purchase confirmation and server-to-server communications. IPN delivers immediate notification and confirmation of PayPal payments you receive and provides status and additional data on pending, cancelled, or failed transactions. IPN can be used to manage and customize a variety of PayPal-enabled web services and communication, including: * Customize your website's response to customer purchases in real-time * Track customers via IPN "pass through" variables * Deliver access keys for software downloads and other digital goods * Automate your fulfillment operations * Track affiliate sales and commissions * Store transaction information in your own database Instant Payment Notification allows you to integrate your PayPal payments with your website's back-end operations, so you get immediate notification and authentication of the PayPal payments you receive. Start using IPN. (you must have paypal account and be logged in to view this link) How It Works When a customer makes a payment to you, PayPal will post a notification to your server at a URL you specify. Included in this notification will be all of your customer's payment information (e.g. customer name, amount) as well as a piece of encrypted code. When your server receives a notification, it will then post the information, including the encrypted code, back to a secure PayPal URL. PayPal will authenticate the transaction and send confirmation of its validity back to your server. Note: To activate Instant Payment Notification, you will need to enter the URL at which you would like to receive the notification posts from your Profile. After you have activated Instant Payment Notification, your server will be sent a notification every time you receive a payment, this notification will be sent as a hidden "FORM POST" to the URL you specified, and will include all of the payment information. The FORM variables for the notification are listed at the bottom of this page. Using IPN Each time you receive an IPN from PayPal, you must complete these four steps: 1. Perform the "Notification Validation" below 2. Confirm that "payment_status" is "Completed" 3. Check "txn_id" against prior transactions to prevent duplicate processing 4. Confirm that "receiver_email" is an email address registered in your PayPal account View sample payment notification code. <a href="hxxps://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside" target="_new">sample payment notification code.</a> (you must have paypal account and be logged in to view this link) Notification Validation To ensure that a payment has been made into your PayPal account, you must verify that the email address used as your "receiver_email" has been registered and confirmed in your PayPal account. Once your server has received the Instant Payment Notification, you will need to confirm it by constructing an HTTP POST to PayPal. Your POST should be sent to hxxp s://www.paypal.com/cgi-bin/webscr You must post all of the form variables you received exactly as you received them. You will also need to append a variable named "cmd" with the value "_notify-validate" (e.g. cmd=_notify-validate) to the POST string. PayPal will respond to the post with a single word, "VERIFIED" or "INVALID", in the body of the response. When you receive a VERIFIED response, you need to: * Check that the "payment_status" is "completed" * If the "payment_status" is "completed", check the "txn_id" against the previous PayPal transaction you have processed to ensure it is not a duplicate. * After you have checked the "payment_status" and "txn_id", make sure the "receiver_email" is an email address registered in your PayPal account * Once you have completed the above checks, you may update your database based on the information provided. If you receive an "INVALID" notification, it should be treated as suspicious and investigated. Note: for maximum security, you may wish to include code to check for PayPal's digital certificate using the Verisign public key. When you connect to PayPal's secure server (https://www.paypal.com) it will present you with a digital certificate signed by a trusted Certificate Authority (Verisign). The certificate confirmation code will depend on the server platform and scripting language used in your implementation; we have provided an example of this confirmation in our Java IPN code sample.