is HTTP 200 response actually necessary for IPN paypal protocol?

3
votes

I'm going to implement the IPN protocol in my website, using php.

Paypal documentation note that the protocol goes as follows:

  1. The user clicks the button.
  2. Paypal posts my IPN listener an IPN message.
  3. My listener has to send an empty HTTP 200 OK response.
  4. My listener has to send the message gotten from paypal (with a preceding string) back to paypal.
  5. Paypal sends my listener a "VERIFIED" or "INVALID" response.

Can anyone explain why the protocol demands this [3] step?

Why can't it be fulfilled just with the [4]th step?

Also, I noticed that in another chapter of paypal documantation, they skip this [3]rd step themselves (see their implementation). So I wonder, is it really necessary??

1
phppaypalpaypal-ipn

1 Answers

2
votes

The 200 OK response will happen automatically as long as your IPN script completes successfully. This let's the PayPal server that it did indeed complete.

If PayPal's IPN server gets something other than 200 OK back from your web server it will assume your script failed and will place that IPN in a que to be re-sent. It will resend after 30 seconds, then 60 seconds, then 120 seconds, etc. until it gets that 200 OK.

This is why sometimes people end up with duplicate IPN's. If you've got something at the very bottom of your script, for example, that's failing, but all of your email notifications, database updates, etc. actually did work prior to that point, you'd end up seeing those things happen again and again because PayPal kept re-sending the IPN. This can be very messy, of course, so you want to make sure that's not happening.

Again, though, the response code gets sent back to PayPal from your web server automatically. It's not something you actually have to do within your code.