Important information from PayPal regarding IPN and API Changes – September 2011

Our client forwarded the following email to us today after receiving it from PayPal.  PayPal are upgrading their services and the update mostly affects people using Payflow Pro and related services. It also accepts customers using PayPal IPN to accept payments online however if they don’t have any firewall restriction on the addresses from which they can receive PayPal IPN notification then they have nothing to worry about. I said the same thing.

We’ve let you know many times over the past few months that we have been making upgrades to our system to help improve the performance and availability of our services.  We have scheduled a few more activities which will help make our services more scalable and ensure that they’re continuously available to our growing customer base, particularly as we near the holiday shopping season.

Please be sure to share this notification with your technical resources because network configuration changes may be necessary to avoid a disruption in service.  Please note that there is also information regarding a short service interruption for Payflow on October 1st.

Date Impact Description  Customers and Products Impacted IMPORTANT – Action Required
9/29 IP Address Expansion 

PayPal Notification:


IPN Customers who have their IPN Listener script behind their firewall with hard-coding of IP Addresses or use of Access Control List management of IP addresses To avoid an interruption in IPN support, customer must either:Continue to post back to https://www.paypal.comand update access control list to allow outbound access to ANY IP address for the servers that host our IPN script.OR

Modify the IPN script to post back IPNs to the newly created URL using HTTPS (port 443) and update firewall access control list rules to allow outbound access to the IP ranges

10/1 Server upgrade that requires 3 minutes of downtime starting between 11 PM PDT – 11:05 PM PDT for Payflow Gateway customersPayPal Notification:

Customers using Payflow Pro, Payflow Link, V2 Payflow, Websites Payments Pro (3.0) using Gateway credentials and Website Payments Pro Payflow Edition (2.0) For impacted transactions that are not reattempted due to the connection being unavailable, the API calls would need to be resubmitted for processing.
11/15 IP Address ExpansionPayPal Notification:


API Customers, including Express Checkout, Websites Payments Pro (3.0) and Website Payments Pro Payflow Edition (2.0), who either hard code outbound IP addresses or use an Access Control List. You must either point to DNS or update access control list with newly added IP addresses to avoid an interruption in service.  While these changes must be made by early March, 2012, we strongly encourage you to make any necessary updates by November 15th 2011 as this will help minimize any potential disruptions during the holiday season.

If you experience communication or transaction processing issues outside of the scheduled maintenance times above, you can file a ticket via  For your reference, there’s information about all of our maintenance activities and system updates at, then go to: PayPal Developers àDocumentation & Tools à Site Status.

We appreciate your patience as we continue to improve our services and apologize in advance for any inconvenience.  If you have any questions, please click “Contact Us” at the bottom of any PayPal page.






How to display address details of the customer in Zencart entered on PayPal

The following applies to customers who are using Zencart with PayPal IPN payment module. Customers have the option to change their address on PayPal after leaving the merchant website. When this happens and the customer enters an address which is not covered by the Seller Protection policy the merchant is in danger of facing chargeback in case the transaction turns out to be fraudulent.

To root out any such issues PayPal provides an option of PDT Payment Data Transfer. PDT is defined by PayPal as

Payment Data Transfer is a secure method to retrieve the details about a PayPal transaction so that you can display them to your customer.

To enable PDT:

1. Login to your PayPal account and click on Profile.
2. Click on Website Payment Preferences.
3. Enable Payment Data Transfer and copy the PDT token at the end of the page.

Copy the PDT token you see on the PayPal page and paste it into the Zencart PayPal IPN page as shown in the image below.

That’s it. Now PayPal IPN will send all customer information back to the merchant website. This option is already coded in the PayPal IPN module and it fetches the information and saves it into the “paypal” table in the database.

You can then reference the order_id in the “paypal” table and display the customer information in the admin panel. You can also check whether the address is confirmed or not under the address_status column.

Hope the above helped.

Why shipping address not being passed to PayPal using Zencart PayPal IPN

Zencart provides a number of payment modules by default. One of those is PayPal IPN (Instant Payment Notification) which you can enable from the Zencart admin panel. PayPal IPN works like PayPal Website Payments Standard with the added benefit that PayPal notifies the merchant website when the customer has successfully completed the transaction on the PayPal website. This allows the merchant to update relevant tables in the database in case the customer does not return to the merchant’s website.

By default, the Zencart PayPal IPN module does not pass the shipping address of the customer to the PayPal website. This does not affect the payment transaction of the customer but it does put the merchant in a vulnerable state. PayPal provides “Seller Protection” in case the shipping address of the customer is verified to be safe. If the shipping address is not passed over from the merchant website to PayPal then PayPal will not provide “Seller Protection” to the merchant in case the transaction is found out to be of fraudulent nature.

To enable passing of shipping address details from Zencart to PayPal please do the following steps.

1. Open the paypal.php in the includes/modules/payment folder of your Zencart website.
2. Once opened you will find the following line around line 238-239


3. Change the above line to

'no_shipping' == 2,

4. Save the file.

That’s it. Now the shipping address will be passed over to PayPal website and hopefully this will have resolved the problem.

Let me know how it went 🙂

PayPal IPN is disabled even though I have input all details in Zencart

I had installed Zencart 1.3.8a for a client and was enabling the Paypal IPN – Website Payments Standard payment module. I input the client email address, made the other configuration details and clicked on Update but the module was still being shown in the yellowish color in the payment modules section of Zencart. This means that the module is not active and has some configuration issues.

I started to trouble shoot the problem and found that the module enabled flag is set to false for some strange reason. I then started to debug it by printing the value of the enabled flag in the code when the module is loaded. The enabled flag is active at the start however once it crosses the following line in the includes/modules/payment/paypal.php file

if (PROJECT_VERSION_MAJOR != '1' && substr(PROJECT_VERSION_MINOR, 0, 3) != '3.8') $this->enabled = false;

the enabled flag is set to false. The above code checks that module is running on Zencart version 1.3.8 and if it’s not then disables it.

I checked the project_version table in the database and found that the minor version is 3.8a instead of 3.8. You can see how much frustrating this is.

I commented the above line as I did not feel that it did not serve any purpose for my version of Zencart. The check had probably been placed there so that if anyone tries to use it on an earlier version of Zencart then it is disabled.

After commenting out the line the module worked fine and I hope the above helped you as well.

How to integrate PayPal IPN with your website

After signing up for PayPal IPN with PayPal you have to start integration with your website. If you have worked with PayPal before and integrated PayPal Standard then most of the procedure is similar apart from minor modifications. For those of you who have just started integration with PayPal IPN then no need to panic. Its pretty simple.

First you have to write the <form> code in the file that will be submitting the order information to PayPal from your website. You can use the following code snippet and change it accordingly. Depending on your requirements you may need more fields for integration however the code below fulfills the basic requirements

<form name=”frmPal” action=”” method=”post”>
<input type=”hidden” name=”cmd” value=”_cart”>
<input type=”hidden” name=”business” value=”<merchant_email_address>”>
<input type=”hidden” name=”invoice” value=”<unique_number_to_identify_transaction>”>
<input type=”hidden” name=”currency_code” value=”<3_digit_currency_code>”>
<input type=”hidden” name=”handling_cart” value=”<handling_charges_if_applicable>”>
<input type=”hidden” name=”item_name_1″ value=”<product_name>”>
<input type=”hidden” name=”item_number_1″ value=”<product_number>”>
<input type=”hidden” name=”quantity_1″ value=”<product_quantity>”>
<input type=”hidden” name=”amount_1″ value=”<product_amount>”>
<input type=”hidden” name=”notify_url” value=”<notification_url>”>
<input type=”hidden” name=”return” value=”<success_page_url>”>
<input type=”hidden” name=”cancel_return” value=”<failure_page_url>”>

You may notice the notify_url field name in the form above. This is the URL which PayPal will call to verify that the information passed to it is correct and genuine. Please note that this URL must be accessible other wise PayPal IPN will not work. You can use the following code snippet as is. The following code receives the information posted by PayPal, saves the information to a text file and then opens a socket to PayPal and notifies it.

$req = ‘cmd=_notify-validate’;

$strFileName = ‘payapl_ipn_return_’. $timestamp.’.txt’;
if (is_writable($strFileName)) {
foreach ($_POST as $key=>$value)
fwrite($FILE, $key.”: “.$value.”\n”);
else {
echo “File could not be written”;

// post back to PayPal system to validate
$header .= “POST /cgi-bin/webscr HTTP/1.0\r\n”;
$header .= “Content-Type: application/x-www-form-urlencoded\r\n”;
$header .= “Content-Length: ” . strlen($req) . “\r\n\r\n”;
$fp = fsockopen(‘<Secure_PayPal_URL>’, 443, $errno, $errstr, 30);

if (!$fp) {
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, “VERIFIED”) == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
else if (strcmp ($res, “INVALID”) == 0) {
// log for manual investigation
fclose ($fp);

Once PayPal is notified and all other payment related matters are checked the customer is sent to the success page otherwise to the failure page.

Hope the above helps