PayPal IPN https changes 2016

0
votes

Received information today from PayPal:

IPN Verification Postback to HTTPS

If you are using PayPal’s Instant Payment Notification (IPN) service, you will >need to ensure that HTTPS is used when posting the message back to PayPal for >verification. After Sept 30, 2016 HTTP postbacks will no longer be supported.

I am using IPN and the live site is working but our DEV IPN listener which is using the sandbox at: https://www.sandbox.paypal.com/cgi-bin/webscr is broken.

I am confused about what I need to do to fix it. I added this code and the listener page loads without error again.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

But when I try to test a transaction the listener never receives anything from PayPal. Is this because the server of the listener now has to be "https"? Does PP sandbox now refuse to notify a non SSL address?

I got my c# code originally from a PayPal example but it is no longer on their site.

var useSandbox = Convert.ToBoolean(ConfigurationManager.AppSettings["UsePayPalSandboxYn"]);
var server = useSandbox ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr";

var req = (HttpWebRequest)WebRequest.Create(server);

// set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";

//added today
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };


byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest += "&cmd=_notify-validate";
req.ContentLength = strRequest.Length;

// send the request to PayPal and get the response
var streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
var streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();

switch (strResponse)
{
case "VERIFIED":
                {

I do my debugging with a static IP address and a home router set up as a web server. It's going to be even harder if I have to set up ssl.

Can anyone point me in the right direction?

2
paypalhttpslistenerpaypal-ipn

2 Answers

2
votes

The only thing you need to do is make sure you're sending your verification POST back to PayPal to https:// instead of http://. You don't have to have an SSL installed on your site for your IPN listener to run on.

0
votes

I just want to share my code that is working... hope that it can help you to make a little improvements on your code:

private void VerifyTask(HttpRequestBase ipnRequest, bool useLiveAccount = true)
{
            string verificationResponse = string.Empty;
            var request = (HttpWebRequest)WebRequest.Create(useLiveAccount
                ? WebConfigurationManager.AppSettings["PaypalURL"] 
                : WebConfigurationManager.AppSettings["SandboxURL"]);

            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";
            var param = ipnRequest.BinaryRead(ipnRequest.ContentLength);
            var strRequest = Encoding.ASCII.GetString(param);
            strRequest += "&cmd=_notify-validate";
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            using (var writer = new StreamWriter(request.GetRequestStream(), Encoding.ASCII))
            {
                writer.Write(strRequest);
                writer.Close();
            }

            using (var reader = new StreamReader(request.GetResponse().GetResponseStream()))
            {
                verificationResponse = reader.ReadToEnd();
                reader.Close();
            }

            if (verificationResponse.Equals("VERIFIED"))
            {
               //Make the validations here
            }
}

Edit: WebConfigurationManager.AppSettings["PaypalURL"] = "https://www.paypal.com/cgi-bin/webscr" WebConfigurationManager.AppSettings["SandboxURL"] = "https://www.sandbox.paypal.com/cgi-bin/webscr"