What is txn_id of paypal api and why it should be checked and how?

Question

I'm currently using the paypal's api for checking payments using the IPN checking. In the method where paypal is checking if the payment is verified , there's a comment saying :

//check that txn_id has not been previously processed

But I can't understand what is ths txn_id , what it does and why do I need to check it and how .

Thanks in advance,

Answer 1

This is a Unique Transaction ID, that is generated by PayPal.

You connect that with your order, and paypal report that back to you with the results of this order.

You use it to prevent fraud , for example what you do, when you verify that your order is OK, you read that number and search your database to see if this is connected to some other order. If you find it again, means that a potential fraud is on progress, some is buy something from you, lets say 5 euro items, and after some months, is try to order from you 100 euro items, and some how is replay to you with an old verify status id - trying to reuse an old complete transaction . But because that status id is unique you catch him.

To use it, connect that id, with the unique id of your order, and keep that connection for check.

Answer 2

txn_id is the PayPal-assigned unique identifier for the original transaction.

All subsequent IPN messages for that transaction will use that txn_id so that you can tie them to the original message. Make sure you save it with the data for the order to which it applies.

The Completed IPN message is the only one you MUST process, as it is THE message that confirms that a payment has been completed. Otherwise, why do you need to worry about IPN at all? The POST variables with that message will have enough customer details for you to use to generate an invoice and delivery docket/label.

You may choose to process other IPN messages, but that is up to how much you want to program for. Basically, the bulk of your sales will be smoothly handled by processing just the Completed messages. Any other messages will be in parallel with the normal emails you will receive, and you will probably have to manually chase up anything else, like refunds or disputes.

Why they ask you to check that it has not been previously processed, is not for fraud, but simply to make sure you do not process a Completed IPN message again, as up to five may be sent to you, up to a day later, as part of the resilience of the IPN process.

For example, if you send out goods when a Completed IPN message is received, you do not want to send them out again if you get another IPN Completed message with the same txn_id .

Basically, when you get a Completed IPN message, you need to check your orders for one using that txn_id , and if found, and if the order is already marked as paid and has been processed, then you can ignore the message, otherwise, process it as the payment for the order, and do what you normally do upon payment.

Refunds and the like will have their own txn_id , but their IPN messages will include parent_txn_id , which holds the txn_id for the original transaction being refunded.

Note that PayPal wants you to check other returned values for correctness, and these are for fraud. Some are:

1. receiver_email field matches the main email address you use to access your PayPal account. It is not necessarily the one used with the payment button.
2. Make sure that the item cost and other details returned in the message are correct for the item. This prevents the customer giving themselves a discount.