PayPal IPN https changes 2016

Received information today from PayPal:

IPN Verification Postback to HTTPS

If you are using PayPal’s Instant Payment Notification (IPN) service, you will >need to ensure that HTTPS is used when posting the message back to PayPal for >verification. After Sept 30, 2016 HTTP postbacks will no longer be supported.

I am using IPN and the live site is working but our DEV IPN listener which is using the sandbox at: https://www.sandbox.paypal.com/cgi-bin/webscr is broken.

I am confused about what I need to do to fix it. I added this code and the listener page loads without error again.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

But when I try to test a transaction the listener never receives anything from PayPal. Is this because the server of the listener now has to be "https"? Does PP sandbox now refuse to notify a non SSL address?

I got my c# code originally from a PayPal example but it is no longer on their site.

var useSandbox = Convert.ToBoolean(ConfigurationManager.AppSettings["UsePayPalSandboxYn"]);
var server = useSandbox ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr";

var req = (HttpWebRequest)WebRequest.Create(server);

// set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";

//added today
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };


byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest += "&cmd=_notify-validate";
req.ContentLength = strRequest.Length;

// send the request to PayPal and get the response
var streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
var streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();

switch (strResponse)
{
case "VERIFIED":
                {

I do my debugging with a static IP address and a home router set up as a web server. It's going to be even harder if I have to set up ssl.

Can anyone point me in the right direction?

Answers


The only thing you need to do is make sure you're sending your verification POST back to PayPal to https:// instead of http://. You don't have to have an SSL installed on your site for your IPN listener to run on.


I just want to share my code that is working... hope that it can help you to make a little improvements on your code:

private void VerifyTask(HttpRequestBase ipnRequest, bool useLiveAccount = true)
{
            string verificationResponse = string.Empty;
            var request = (HttpWebRequest)WebRequest.Create(useLiveAccount
                ? WebConfigurationManager.AppSettings["PaypalURL"] 
                : WebConfigurationManager.AppSettings["SandboxURL"]);

            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";
            var param = ipnRequest.BinaryRead(ipnRequest.ContentLength);
            var strRequest = Encoding.ASCII.GetString(param);
            strRequest += "&cmd=_notify-validate";
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            using (var writer = new StreamWriter(request.GetRequestStream(), Encoding.ASCII))
            {
                writer.Write(strRequest);
                writer.Close();
            }

            using (var reader = new StreamReader(request.GetResponse().GetResponseStream()))
            {
                verificationResponse = reader.ReadToEnd();
                reader.Close();
            }

            if (verificationResponse.Equals("VERIFIED"))
            {
               //Make the validations here
            }
}

Edit: WebConfigurationManager.AppSettings["PaypalURL"] = "https://www.paypal.com/cgi-bin/webscr" WebConfigurationManager.AppSettings["SandboxURL"] = "https://www.sandbox.paypal.com/cgi-bin/webscr"


Need Your Help

Visual Studio 2015 IntelliTest

visual-studio-2015 intellitest

Have a question on VS 2015's new IntelliTest feature. I used the "Create IntelliTest" option on one my classes. The class implements a base class, and the methods are mostly overrides. However,

Using data in classes when button pressed objective C/iOS

ios objective-c

New to iOS and I can't figure out this simple thing. (Been googling for ages)