Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

NodeJS package for verifying Paypal IPN messages

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib Changed the response handling to allow data to arrive in parts March 26, 2012
Octocat-spinner-32 tests Added README May 30, 2011
Octocat-spinner-32 .gitignore Initial import May 30, 2011
Octocat-spinner-32 README.md Add res.send(200) to the README example October 13, 2013
Octocat-spinner-32 index.js Initial import May 30, 2011
Octocat-spinner-32 package.json Bumped up revision number June 08, 2011
README.md

Paypal IPN Verification

A simple NodeJS package for verifying Paypal IPN messages.

Installation

npm install paypal-ipn

Usage

There is only one function, verify, which is used to verify any IPN messages you receive:

ipn.verify(ipn_params, callback);

ipn_params is the dictionary of POST values sent to your IPN script by Paypal. Don't modify the dict in any way, just pass it directly to ipn.verify to check if the IPN message is valid.

Example code:

// Must respond to PayPal IPN request with an empty 200 first, if using Express uncomment the following:
// res.send(200);

var ipn = require('paypal-ipn');

ipn.verify(params, function callback(err, msg) {
  if (err) {
    console.error(msg);
  } else {
    //Do stuff with original params here

    if (params.payment_status == 'Completed') {
      //Payment has been confirmed as completed
    }
  }
});

Note that all the package does is confirm that the IPN message is valid. After this, you will still need to make some more checks:

Confirm that the payment status is Completed.

Use the transaction ID to verify that the transaction has not already been processed, which prevents duplicate transactions from being processed.

Validate that the receivers email address is registered to you.

Verify that the price, item description, and so on, match the transaction on your website.

You can find more information on the Paypal documentation for IPN.

The callback

The callback has two parameters, err and msg.

err will be set to true if the IPN was invalid or the request could not be made. If it is false, then the IPN was valid and you can continue to process the payment.

If err was set to true, you can check msg for the exact error message.

If err was false, then msg will always be VERIFIED.

ExpressJS

paypal-ipn works fine with ExpressJS or any other web framework.

All you need to do is pass in the request parameters to ipn.verify.

In ExpressJS, the request parameters are in req.body:

ipn.verify(req.body, callback_function);
Something went wrong with that request. Please try again.