close ad
Help us test the new Databridge BETA with MySQLi support
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

New PayPal IPN requirements

Thread began 11/10/2012 5:23 pm by davidvoegtli363232 | Last modified 8/09/2013 2:59 pm by Ray Borduin | 9666 views | 8 replies |

davidvoegtli363232

New PayPal IPN requirements

PayPal has recently informed customers using PayPal standard that Instant Payment Notification may not work staring February 1, 2013. See explanation below. They have supplied the following PHP code as a remedy:

// post back to PayPal system to validate
$header .="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n";

On what page would I paste this code and what code needs to be deleted?

Thank you,

David

We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” header in the HTTP request.

Additional Details
Starting February 1, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.1 400 Bad Request” errors after February 1, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

Action Required before February 1, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the "Host: www.paypal.com" and "Connection: close" HTTP headers in the IPN and PDT scripts.

For examples, please refer to 320404.

The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with a HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.

For more information on PDT and IPN, please refer to pdt and ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via mts.

Sign in to reply to this post

Jason ByrnesWebAssist

you will need to update the WA_eCart/WA_eCart_Definition_PHP.php file, and change:

php:
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";

  $header .= "Content-Type: application/x-www-form-urlencoded\r\n";




to:

php:
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n";

  $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
  $header .= "Host: www.paypal.com\r\n";
Sign in to reply to this post

tkendrickmail32213

Thanks for the quick reply. This addressed the Paypal issue, but what about the USPS issue?

Thanks,

Sign in to reply to this post

Jason ByrnesWebAssist

??? need more information.

Sign in to reply to this post

tkendrickmail32213

Here is what they sent:

Web Tools Customer,

USPS will release updates to the Web Tools APIs on 28 July 2013. The staging environment is currently open for testing your updated applications. You may review staging information and the release notes at the USPS Web Tools site here for more details. https://www.usps.com/business/web-tools-apis/welcome.htm

If you rely upon a third-party developer (e.g. software or ecommerce/cart provider) for USPS products and services on your website or your shipping application, please direct any application-specific questions to them.

For questions and concerns, please contact our customer support at 1-800-344-7779 or uspstechsupport@esecurecare.net.

Regards,
Web Tools Program Office

Sign in to reply to this post

Jason ByrnesWebAssist

I dont see anything in the message that will effect the rate lookup service used by eCart.

Sign in to reply to this post

Patrice

My client keeps sending me paypal's notices. Copied below. Since his powerstore has not seen any problems, can I assume that this didn't affect them or am I misunderstanding the dates?


In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site’s performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting October 7, 2013.

We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” or “Host: ipnpb.paypal.com” header in the HTTP request.

Additional Details
Starting October 7, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after October 7, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

Action Required before October 7, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” and “Connection: close” HTTP header in the IPN postback script.

Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):

ASP
//Set values for the request back
req.Method="POST";
req.Host="'www.paypal.com'";
req.ContentType="application/x-www-form-urlencoded";

Perl
$req=HTTP::Request->new('POST', ' https://www.paypal.com/cgi-bin/webscr%27) ;
$req->content_type('application/x-www-form-urlencoded');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection => 'close');
PHP
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.1rn";
$header .= "Content-Type: application/x-www-form-urlencodedrn";
$header .= "Host: www.paypal.comrn";
$header .= "Connection: closernrn";

Java
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.paypal.com");
uc.setRequestProperty("Connection", "Close");

The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.

For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via https://www.paypal.com/mts.

Sincerely,

PayPal

Sign in to reply to this post

Ray BorduinWebAssist

This is only an issue for people using paypal standard and IPN, and it has already been addressed in eCart and the latest version of Powerstore doesn't support Paypal standard since Express Checkout only is available in its place.

This shouldn't be a concern for most customers. If you are using IPN and think this does apply to you, then you should just have to update the: WA_eCart/WA_eCart_Definition_PHP.php to the latest version and it will be fixed.

Sign in to reply to this post

Patrice

Thank you for the clarification.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...