How does e-junkie protect us from false IPNs

handshake

sending

protect

fraudulent

detail

ipns

outsiders

false

stolen

portected

lemonbar 2007-12-02 21:11:51 UTC #1

How does e-junkie protect false IPNs from being sent?

I see that the handshake is the same for all of the messages. How does this protect us?

Also what does the verify_sign do for us?

Can you please detail how we are portected from outsiders sending fraudulent IPN's to you and causing our product to be stolen?

lemonbar 2007-12-03 08:38:46 UTC #2

bump - this is important

E-junkie_Chef 2007-12-03 17:48:32 UTC #3

IPNs are sent to PayPal's interface. PayPal uses verify_sign to validate the IPN. verify_sign is essentially an hash calcualted from the ipn body.

Hanshake and IPN don't have a relation. handshake is the name of the variable which contains the shared secret that we sent to you if you are using our integration or code generation features.

That way you can make sure that it's E-junkie which is posting data to your url.

lemonbar 2007-12-03 17:56:38 UTC #4

I think I need a little more detail if possible. I dont understand why you send IPN's to paypal.

I think they send you IPNs.

Can you list the transaction stetps between you and paypal when something is bought from eBay?

Step 1:

Step 2:

Step 3:

Step 4:

etc, etc.

Thanks

E-junkie_Chef 2007-12-03 18:03:10 UTC #5

PayPal sends use the IPN
We take all the variables and send them to PayPal
PayPal's supposed to send us VERIFIED or INVALID
If we don't get INVALID, we proceed (we used to check for VERIFIED rather than checking the absence of INVALID but there was an issue:

http://www.pdncommunity.com/pdn/board/message?board.id=ipn&message.id=6024

)
We check is the account which is paid, the item name (for ebay sales) item number (for website sales) , currency (for both) and price (for website sales) etc.

If that all is in order, we process the transaction.

SOLUTIONS FEATURES PRICING DISCOVER PRODUCTS CONTACT HELP DOCS DASHBOARD

Forum

E-junkie Community Forum

Share and learn in the E-junkie community.