2004
Instant Payment Notification Manual
13
Copyright 2004 PayPal, Inc. All rights reserved
Using IPN
Getting set up to use IPN and validate notifications
Setting up IPN
To set up IPN:
1. Log in to your Business or Premier PayPal account.
2. Click the Profile subtab.
3. Click on the Instant Payment Notification Preferences link in the Selling
Preferences column.
4. Click Edit.
5. Click the checkbox and enter the URL at which you would like to receive your
IPN Notifications.
6. Click Save.
Notification Validation
To ensure that a payment has been made into your PayPal account, you must
verify that the email address used as your receiver_email has been registered and
confirmed in your PayPal account.
Once your server has received the Instant Payment Notification, you will need to
confirm it by constructing an HTTP POST to PayPal. Your POST should be sent to
https://www.paypal.com/cgi-bin/webscr. This post-back of the IPN data to a secure
PayPal URL (i.e., https://) prevents 'spoofing,' so you can be sure that the IPN came
from PayPal.
Note: It is possible to implement IPN without SSL (i.e., http://), but then the IPN
data that is received and posted back is not secure.
You must post all of the form variable you received exactly as you received them. You
will also need to append a variable named cmd with the value _notify-validate
(e.g., cmd=_notify-validate) to the POST string.
PayPal will respond to the post with a single word, “VERIFIED” or “INVALID,” in the
body of the response.