Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can make an API call to check the status of a transaction very easily.

When my users are redirected back to my site (thanks page, or similar), I check if their transaction is completed, if not, I kick off an every-five-seconds check while asking the user to hold on while we talk with paypal. I will eventually fail after some number of checks of course, but this means PayPal can stop sending IPNs and everything will just keep going along just fine.

If the user might not end up back on your site for some reason, run a cronjob that tries to verify transactions created in the past day/hour/whatever.

An issue like this doesn't have to, and really shouldn't, cripple your business.



Agreed. It doesn't take a lot of working with PayPal to know the IPN system is fragile at best.

PaymentDetails is mandatory for any adaptive payments integration.

https://developer.paypal.com/docs/classic/api/adaptive-payme...


[deleted]


> utterly bullet proof

It is an https request. The internet is not bulletproof. What if your SSL cert expires, or due to being on the front page your webhook is timing out? Do you expect paypal to keep trying that IPN indefinitely? I hate paypal and all my new stuff uses stripe but any system that relies upon a request being made to notify of a transaction is not going to be bulletproof due to the nature of the internet.


Do you expect paypal to keep trying that IPN indefinitely?

They retry up to 15 times or 4 days[1].

[1] https://developer.paypal.com/webapps/developer/docs/classic/...


That's very close to what I've always done. I have a notification to warn me if I have new failed sign-ups due to payment and keep Paypal responses to catch all sorts of problems. It's just good practice to expect things to fail sometimes. That's also why I have my status page hosted with a different provider and twitter status as a back-up for that.

My favorite Paypal annoyance is that for split payments there's no way to verify that a seller's Paypal account qualifies for split payments (has to be a business account and verified), without trying to send a payment. At least, that's the way it was last it mattered to me.


Actually you can check if an account is verified!

Here's a snippet in Ruby I use to check. It's not perfect, but it catches a lot of cases:

    # ...

    def initialize
      @request = PaypalAdaptive::Request.new
    end
    
    # ...

    def verified_status( opts={} )
      begin
        opts.assert_keys! :first_name, :last_name, :paypal_account_email
        result = @request.get_verified_status(
          emailAddress: opts[:paypal_account_email],
          firstName: opts[:first_name],
          lastName: opts[:last_name],
          matchCriteria: 'NAME'
        )
        Rails.logger.debug "PAYPAL VERIFICATION: #{result.inspect}"
        return result.success? && result['accountStatus'] == 'VERIFIED'
      rescue
        return false
      end
    end
Here's the API docs: https://developer.paypal.com/docs/classic/api/adaptive-accou...

What I can't stand is that accounts in some countries (at least India) can't send payments from balance. So you can't get your fee. This is mentioned nowhere in the docs, a customer just hit it one day and that's how I found out. I asked paypal what other countries can't send payments and they said... wait for it... they "don't have a list". I kid you not: https://twitter.com/rfunduk/status/412980259001102336


Belt and suspenders, dude, belt and suspenders.


When dealing with PayPal, go for an elastic waistband as well :)


Agreed - the statement of "Because of how critical IPNs are to any Paypal integration, we didn't think to double check if IPNs were not being sent." is exactly why you should double check - anything that is critical needs tests and backup solutions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: