The following question refers only to the "live" configuration, and not to the "sandbox" configuration:
I'm re-writing a php post back endpoint in java. The existing PHP was using this example, without any credentials, and with this url: https://ipnpb.paypal.com/cgi-bin/webscr
This above endpoint seems to return a "VERIFIED" response every time.
On the other hand, the Java Core SDK has this method for making a post back
IPNMessage::validate()
With url https://www.paypal.com/cgi-bin/webscr, and (maybe) with credentials (username, password, token and AppId).
The above API always returns false, due to an "INVALID" response.
My questions are:
- Is that the correct way to make a "post back" verification in Java?
- Do I need credentials to make this post back verification?