I'm building a site for a client that wants to enable users on the site to put ebooks for sale, which can be bought by both site members and non-members. The site itself is not involved in the transaction at all.
I've gone with adaptive payments as that seems to facilitate "peer to peer" transactions between two users where the site is not involved and does not take a cut or any payment. I'm using the guide found at https://developer.paypal.com/webapps/developer/docs/classic/adaptive-payments/integration-guide/APIntro/
Unfortunately the hosting uses php 5.2.17, which means I cant use the PHP API code on github, so i've had to roll my own using PHP. This isnt a problem, i've done similar many times before. I've managed to get the sandbox working the following way
- user initiates purchase
-
my site makes a call to https://svcs.sandbox.paypal.com/AdaptivePayments/Pay with the following json encoded array :
$payload = array( 'actionType' => 'PAY', 'currencyCode' => $currencyCode, 'receiverList' => array( 'receiver' => array( array( 'amount' => $amount, 'email' => $receiverEmail, 'paymentType' => "DIGITALGOODS" ) ) ), 'returnUrl' =>$successUrl, 'cancelUrl' => $cancelUrl, 'requestEnvelope' => array( 'errorLanguage' => 'en_US', 'detailLevel' => 'ReturnAll' ) ); This gives me a pay ID
- i then put into the form which submits to https://www.sandbox.paypal.com/webapps/adaptivepayment/flow/pay
- when the user clicks "Pay Now" the paypal light box pops up
- if the payment is completed paypal returns me to my return url
- i then display the download link
However when I look in the sandbox I see that The latest payments are under review ( apparently making my sandbox balance 10,000 has flagged me as a potential terrorist under australian law. go figure ) so this makes me think that perhaps I need to make an IPN, even though the developer documentation listed above makes no mention of it. The last thing i want to do is enable a download whos payment gets rejected.
So i guess my question is: Is the fact that paypal called my return URL enough to allow the download of a digital good or should I setup an IPN and wait for paypal to hit it before authorising the download ?
