Update to PayPal IPN

In Sept 2016 PayPal are changing their requirement for posting IPN messages back to PayPal for verification.

They are making the post url as https. My current versions of scripts already post to https so there should not be any change required, however, they also suggest that https://ipnpb.paypal.com/cgi-bin/webscr should be used in the future rather than https://www.paypal.com/cgi-bin/websc

Change:

https://www.paypal.com/cgi-bin/webscr

to

https://ipnpb.paypal.com/cgi-bin/webscr

PayPal upgrade to Certificate which may affect IPN based programs and scripts

There appears to be quite a bit of chat about the changes that PayPal are making to their system to allow SHA-256 during September 2015. This is to do with improving the SSL (Secure Socket Layer) security and is used over https systems.

A part of their message is:

“PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.”

PayPal IPN can be used over non SSL, that is using http – that is why many developers like it because it does not need SSL certificates on their web servers which can be expensive especially if you are a small trader. You don’t really want to have to purchase certificates if you are selling a small number of items.

So the kind of systems that are affected are those that use https and which use PayPal API to provide secure connections from your server to the PayPal server.

IPN over plain http will be supported as it currently is, so you will still be able to supply a plain http link to your IPN listener script. However if your IPN listener script is sSL/TLS enabled it will have to be SHA-256 complaint and your listening server will need to be able to accept SHA-256 certificates.

So do the changes affect the scripts on www.Withinweb.com that use IPN? Well the answer to that is NO, it does not affect the scripts at all.

PHP-eSeller, PHP-SecureArea and PHP-KeyCodes use a simple method of handshake between PayPal to verify that the transaction has taken place and hence no modifications are need to the applications.

Signing up for PayPal Express Checkout

To work with PayPal digital goods you need to use PayPal Express Checkout system and then get the API credentials from the PayPal site.

Use the following link to sign up with PayPal :

Express Checkout sign up

https://merchant.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/digital_goods

You select the Express Checkout option and then either create a new account or convert your existing account into a Business account.

I have had some problems in converting an existing account to a Business account that will work with express checkout and I have found that the best way is to create a new PayPal account from scratch using the above link.

This sets up your account to work with Express Checkout.

Now you can get your signature details as follows :

Log into you PayPal account.

Click on the ‘Profile‘ tab.

Click on ‘My Selling Preferences‘ on the left hand side of the page.

For API Access, click on the ‘Update‘ link.

This takes you to the ‘API Access‘ page.

Click on ‘Request API credentials’ link and this takes you to the ‘Request API Credentials‘.

You need to select the ‘Request API signature’ so that you can obtain the three components of :

API Username
API password
API signature

Make sure that the Request API signature radio button is selected.

Then click on ‘Agree and Submit‘ button.

Copy all the details and store in a secure place on your PC.