Dec 2007
1 / 5
Dec 2007
Dec 2007
lemonbar
Dec '07

How does e-junkie protect false IPNs from being sent?



I see that the handshake is the same for all of the messages. How does this protect us?



Also what does the verify_sign do for us?



Can you please detail how we are portected from outsiders sending fraudulent IPN's to you and causing our product to be stolen?

  • created

    Dec '07

  • last reply

    Dec '07
  • 4

    replies

  • 1.2k

    views

  • 2

    users

  • 1

    link

E-junkie_ChefFounder
Dec '07

IPNs are sent to PayPal's interface. PayPal uses verify_sign to validate the IPN. verify_sign is essentially an hash calcualted from the ipn body.



Hanshake and IPN don't have a relation. handshake is the name of the variable which contains the shared secret that we sent to you if you are using our integration or code generation features.



That way you can make sure that it's E-junkie which is posting data to your url.

lemonbar
Dec '07

I think I need a little more detail if possible. I dont understand why you send IPN's to paypal.



I think they send you IPNs.



Can you list the transaction stetps between you and paypal when something is bought from eBay?



Step 1:

Step 2:

Step 3:

Step 4:

etc, etc.



Thanks

E-junkie_ChefFounder
Dec '07
  1. PayPal sends use the IPN
  2. We take all the variables and send them to PayPal
  3. PayPal's supposed to send us VERIFIED or INVALID
  4. If we don't get INVALID, we proceed (we used to check for VERIFIED rather than checking the absence of INVALID but there was an issue:

    http://www.pdncommunity.com/pdn/board/message?board.id=ipn&message.id=6024

    )
  5. We check is the account which is paid, the item name (for ebay sales) item number (for website sales) , currency (for both) and price (for website sales) etc.



    If that all is in order, we process the transaction.