Google App Engine – Paypal PDT Example

We have been slaving away in the cloud working on integrating paypal with a google app engine application for one our clients in Dublin. There really isn’t much information ‘out there’ on the subject of connecting to paypal from the GAE, so I have decided to write up some notes in the hope that they prove useful to others (and me when I forget all about it!)

 

I am going to start at the ‘end’ while the information is fresh in my head, when using ‘Paypal Payments Standard’ you can choose to get Paypal to pass you back transaction outcome information when it redirects back to your website after a transaction – they call this PDT. You can use this information to update the transaction/order status on your website (once you verify it).

 

Here is some more information on PDT:

 

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_html_paymentdatatransfer

 

With PDT enabled paypal adds some arguments to the return url, these arguments contain information about the transaction, however you shouldn’t really trust this info as the HTTP POST could have been spoofed by somebody else. So to check the transaction information you pull out the ‘tx’ argument and pass it back to paypal which will return a verification message that contains the transaction details.

 

So to verify a PDT transaction we must:

 

(a) Get the ‘txt’ argument from the paypal return request.
(b) Perform a HTTP POST back to paypal specifying ‘tx’
(c) Check the response from Paypal, check for ‘SUCCESS’, check ‘payment_status’ and possibly other transaction details.

 

In Python on the Google App Engine the python code could look like this:

 

[code lang=”python”]
import urllib
from google.appengine.api import urlfetch
import re
#
class paypal_pdt_handler(RequestHandler):
def get(self):
# Get the transaction id, tx=blahblahblah
trans_id = self.request.get(‘tx’)

# Confgure POST args
args = {}
# Specify the paypal command
args[‘cmd’] =’_notify-synch’
args[‘tx’] = trans_id
args[‘at’] = _identity_token

args = urllib.urlencode(args)

try:
# Do a post back to validate
# the transaction data
status = urlfetch.fetch(url = _paypal_url,
method = urlfetch.POST,
payload = args).content
except:
self.response.out.write(‘POST Failed’)

# Check for SUCCESS at the start of the response
if re.search(‘^SUCCESS’, status):
# Check other transaction details here like
# payment_status etc..
# Update order status
self.response.out.write(‘OK’)
else:
self.response.out.write(‘Failed’)
[/code]

 

This is a slightly cut down example, in a real application you would need to do a bit more error handling etc. In this example the following variables need to be given values:

 

_paypal_url – The url to paypal, either sandbox or live.
_identity_token – Your “Identity Token”, see this post for info on how to find this in your paypal account:

 

NOTE: Another way to get information on transaction status is to handle Paypal IPN. I tend to use both methods as if you only use PDT and for some reason the user does not redirect back to your site, then your site won’t b able to check the transaction status whereas IPN messages will be delivered in all cases.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *