A workshop on monetization with PayPal Payments Platform

1. www.x.com Show me the money! A workshop on monetization with PayPal Payments Platform Praveen Alavilli, Aalap Parikh, Carolyn Mellor PayPal Developer Network Feb, 24th 2010

2. agenda Monetization Payments 101 PayPal Services and APIs Development Process PayPal API Basics SDKs and Tools Implementation walk through eCommerce Subscriptions and Recurring Payments Disbursements mCommerce Advanced Use cases with Adaptive Platform Instant Payment Notifications (IPN) Going Live Tips on Security and Fraud

3. Building and running an app is cheap

4. a successful and profitable company needs Good Monetization Strategy

5. Advertising ? What else ?

6. eCommerce Virtual Goods Premium Content Value added Services Memberships Subscription License of Content, Brand and Services

7. Before we get our hands dirty A quick overview of what payments are.

8. Payments 101 exchange of value from one party to another As a developer, the sender and receiver may have many different names, depending on their role and objective.

10. different technology to interfaceAs a developer, you select the forms of payments that best fit your application and target the consumer experience.

11. Credit Cards usage of the card is authorized by the issuer in real time PaymentSystem Acquirer Issuer Consumer Merchant

12. How the Money moves authorizations are captured immediately and settled in batch PaymentSystem Acquirer Issuer Consumer Merchant

13. Chargebacks Consumers have the right to chargeback transactions. PaymentSystem Acquirer Issuer Consumer Merchant

14. Chargebacks Consumers have the right to chargeback transactions. The funds are withdrawn from the merchant’s account and credited to the consumer’s account. PaymentSystem Acquirer Issuer Consumer Merchant

15. Debit Cards PaymentSystem Acquirer Issuer Consumer Merchant

16. Debit Card differences PaymentSystem With debit cards, processed as a debit card, the authorization transaction and the settlement (capture) transaction are the same. Money movement is in real time. Acquirer Issuer Consumer Merchant

17. Bank Accounts & ACH PaymentSystem ODFI RDFI Consumer Merchant

18. PaymentSystem With Automated Clearing House (ACH), there is no authorization transaction. Money movement is batch. ODFI RDFI Consumer Merchant Bank Accounts & ACH

19. PayPal X Payments Platform

20. Pay Anyone and Receive from Anyone Really ! (an email address or a phone number)

21. Facilitate Payments Manage Accounts Information and Reporting

22. Simple to Advanced enabling different kind of payments…

23. Simple/Parallel/Chained Payments Preapprovals Subscriptions Reference Transactions Disbursements Micropayments Rewards Donations Digital Goods Gift Certificates

24. (while taking care of things that you don’t want to manage yourself) Risk and Fraud Management Security Compliance Settlements Refunds/Charge backs

25. How simple can it go ?

26. Email Payments (old school) invoice over email from PayPal Virtual Terminal POS terminal on the Cloud ! accept payments over phone, mail, & fax Website Payments Standard (aka WPS or “cut & paste payments”) buttons, buttons, buttons

27. Simple but Powerful Sell Single/Multiple Items (cart) Subscriptions Donations Inventory Control UI Customization Fraud/Risk Controls

28. Express Checkout “all it takes is 3 API Calls” a checkout solution & BML Payflow a payment gateway Website Payments Pro Direct Payments + Express Checkout Mass Payments disbursements

29. Adaptive Platform (Adaptive Payments & Adaptive Accounts) for Web 2.0 and Web.Next applications Parallel and Chained Payments

30. chained Parallel Primary Sender Visibility Sender Visibility

31. Adaptive Platform Pre-approvals Disbursements Simplified Account Creation Flexible APIs allow tighter integration

35. Submit for application review (only AP/AA) Get API credentials Go Live Design and build application Create Sandbox account Get APP ID Signup on x.com

37. SDKs and Sample code

38. Forums – non-moderated content

39. Blogs – PayPal and developers

40. Connected with PayPal Site

41. Docs rating and commenting

42. Instant feedback from developers

44. Manage Sandbox API Credentials

45. Monitor Sandbox payment confirmation emails

46. IPN Simulator<browser walk through>

48. SOAP

49. NVP

50. XMLPay

51. Adaptive Platform APIs

52. SOAP

53. NVP

55. Traditional PayPal NVP API - example

56. Traditional XMLPay API Basics

57. Traditional XMLPay - Example <?xml version="1.0" encoding="UTF-8"?> <XMLPayRequest Timeout="30" version = "2.0” xmlns="http://www.paypal.com/XMLPay"> <RequestData> <Vendor>vendor</Vendor> <Partner>partner</Partner> <Transactions><Transaction><Authorization> <PayData><Invoice><BillTo><Address> <Street>123 4th street</Street><City>San Jose</City><State>CA</State><Zip>95032</Zip> <Country>USA</Country> </Address></BillTo> <TotalAmt>24.97</TotalAmt> </Invoice> <Tender><Card><CardType>visa</CardType> <CardNum>5105105105105100</CardNum> <ExpDate>200911</ExpDate> <NameOnCard/></Card> </Tender> </PayData> </Authorization></Transaction></Transactions> </RequestData> <RequestAuth><UserPass> <User>user</User> <Password>password</Password> </UserPass></RequestAuth> </XMLPayRequest>

58. Traditional XMLPay - Example <?xml version="1.0" encoding="UTF-8"?> <XMLPayResponse> <ResponseData> <Vendor>vendor</Vendor> <Partner>partner</Partner> <TransactionResults><TransactionResult> <Result>0</Result> <AVSResult> <StreetMatch>Service Not Available</StreetMatch> <ZipMatch>Service Not Available</ZipMatch> </AVSResult> <CVResult>Service Not Requested</CVResult> <Message>Approved</Message> <PNRef>V63A09910356</PNRef> <AuthCode>747PNI</AuthCode> <HostCode>00</HostCode> <OrigResult>0</OrigResult> </TransactionResult></TransactionResults> </ResponseData> </XMLPayResponse>

59. All SOAP API Basics – Request Format

60. Adaptive API Basics – API RESPONSE FORMAT - SOAP

62. X-PAYPAL-SECURITY-USERID

63. X-PAYPAL-SECURITY-PASSWORD

64. X-PAYPAL-SECURITY-SIGNATURE

65. X-PAYPAL-SECURITY-SUBJECT

66. Data Format

67. X-PAYPAL-REQUEST-DATA-FORMAT (NV, XML, JSON)

68. X-PAYPAL-RESPONSE-DATA-FORMAT (NV, XML, JSON)

69. Application and Device identification

70. X-PAYPAL-APPLICATION-ID

73. Minimize integration complexity

74. Offer stable interface

75. Focus on application logicPayPal Services PayPal SDK Your Application

77. Source code included

78. Bundled with test token and API credentialsSSL Connection SOAP JSON NVP Authorization Setup Logging Error Handling Configuration API 1 API 2 API 3 Other .NET Java PHP Your Application

79. MERCHANT SDKs APIs AddressVerify BillOutstandingAmount CreateRecurringPaymentsProfile DoAuthorization DoCapture DoDirectPayment DoExpressCheckoutPayment DoNonReferencedCredit DoReauthorization DoReferenceTransaction DoVoid GetBalance GetBillingAgreementCustomerDetails GetExpressCheckoutDetails GetRecurringPaymentsProfileDetails GetTransactionDetails ManageRecurringPaymentsProfileStatus ManagePendingTransactionStatus MassPayment RefundTransaction SetCustomerBillingAgreement SetExpressCheckout TransactionSearch UpdateRecurringPaymentsProfile Express Checkout & WPP SOAP SDK Language Support Java, .NET, PHP NVP SDK Language Support Java, .NET, PHP, Ruby, ColdFusion Bindings SOAP, NVP Download: www.x.com/sdks

80. PAYFLOW PRO SDK Credit card processing Language support Java, .NET Bindings NVP, XML Download: www.x.com/sdks APIs DoDirectPayment Sale Authorization Void Delayed Capture Credit SetExpressCheckoutGetExpressChedout DoExpressCheckoutReferenceTransationRecurringPayment

81. WEBSITE PAYMENTS STANDARD TOOLKIT Payment buttons for your websites Language support Java, .NET, PHP, Ruby Download: www.x.com/sdks Utilities Button Encryption Payment Data Transfer Instant Payment Notification

82. ADAPTIVE API SDK Adaptive Payments Setup preapproval agreements Simple Send Money Split payments Refund Currency conversion Adaptive Accounts Create account Language Support Java, .NET, PHP Internal Binding SOAP Download: www.x.com/sdks APIs PreapprovalDetails PaymentDetails Pay Preapproval CancelPreapproval Refund ConvertCurrency CreateAccount

83. Design and build !

85. Subscriptions

86. Disbursements

87. mCommerce

88. Split Payments

90. Multiple Items

91. Donations

93. Website Payments Standard (WPS) Programmatically create, manage, edit, and delete buttons Hosted buttons Encrypted buttons Clear text buttons Inventory Management Physical Goods (button wizard and API) Digital Downloads (with API) Low inventory alerts

94. WPS – How it works ?

95. WPS - Implementation Go to www.paypal.com Business  Products and Services Select Website Payments Standard Click on “Try it Now” button

96. WPS –HTML <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <!-- Identify your business so that you can collect the payments. --> <input type="hidden" name="business" value="herschelgomez@xyzzyu.com"> <!-- Specify a Buy Now button. --> <input type="hidden" name="cmd" value="_xclick"> <!-- Specify details about the item that buyers will purchase. --> <input type="hidden" name="item_name" value="Hot Sauce-12 oz. Bottle"> <input type="hidden" name="amount" value="5.95"> <input type="hidden" name="currency_code" value="USD"> <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" alt="PayPal - The safer, easier way to pay online"> <img alt="" border="0" width="1" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" > </form>

98. For handling thousands & millions of products

99. For tighter integration with their app

100. Ex. “Buy Now” might not make sense for use case

101. better control on payment process

102. more customization of UI

104. Express Checkout (EC) “all it takes is 3 API Calls” user convenience reduces friction in buyer’s experience only PayPal accounts recurring payments multiple settlement options issue refunds programmatically The shortest path with the least hassle for PayPal users to checkout.

106. Users are familiar with the button and expect it in the flow.

108. customize the look and feel

109. information displayed

110. return/cancel urls

111. total amount

112. GetExpressCheckout – returns information about the buyer from PayPal, including shipping information

113. DoExpressCheckoutPayment - Completes the Express Checkout transaction

115. eCommerce with Payflow A payment gateway

117. Submit transactions and manage your payments

119. Cut and paste HTML code onto your websiteYou need your own Internet Merchant Account Variety of payment options - PayPal, credit cards, purchase cards, debit cards search, reports, and virtual point-of-sale terminal

120. Payflow Link – How it works ? Checkout Page Thank You! Pay PayPal Hosted Pages

121. Payflow Link – Implementation <form method="POST" action="https://payflowlink.paypal.com"> <input type="hidden" name="LOGIN" value=“login"> <input type="hidden" name="PARTNER" value=“PayPal"> <input type="hidden" name="AMOUNT" value="1.00"> <input type="hidden" name="TYPE" value="S"> <input type="hidden" name="DESCRIPTION" value=“Hat"> <p><input type="submit" value="Click Here to Checkout"></p> </form>

122. Payflow Pro– How it works ? Your Application NVP-XMLPay/HTTPS Payflow API Server

125. HostAddress, HostPort, Timeout, Proxy Info, ParmList

126. User parameters

127. User, Vendor, Partner, API Password

128. Parameters specific to the type of the transaction, such as a sale or an authorization

130. eCommerce with Website Payments Pro accept both credit cards and PayPal payments

131. Website Payments Pro (WPP) Direct Payment lets you accept credit cards on your website Express Checkout lets you accept PayPal payments on your website

132. WPP – How it works ?

134. PaymentAction: Authorization or Sale

135. IPAddress

136. ReturnFMFDetails

137. CreditCard Fields:

138. CreditCardType, Acct, ExpDate, CVV2, StartDate, IssueNumber

139. Payer Info Fields:

140. Email, PayerID, PayerStatus, CountryCode, Business

141. Payer Name Fields:

142. Salutation, FirstName, MiddleName, LastName, Suffix

143. Address Fields

144. Payment Details Type Fields:

146. WPP – Sample Request/Response Request: https://api-3t.sandbox.paypal.com/nvp POST Parameters: METHOD=doDirectPayment&VERSION=60.0&PWD=QFZCWN5HZM8VBG7Q&USER=sdk-three_api1.sdk.com&SIGNATURE=A.d9eRKfd1yVkRrtmMfCFLTqa6M9AyodL0SJkhYztxUi8W9pCXF6.4NI&PAYMENTACTION=Sale&AMT=1.00&CREDITCARDTYPE=Visa&ACCT=4032193587292399&EXPDATE=012012&CVV2=962&FIRSTNAME=John&LASTNAME=Doe&STREET=1+Main+St&CITY=San+Jose&STATE=CA&ZIP=95131&COUNTRYCODE=US&CURRENCYCODE=USD Response: TIMESTAMP=2010%2d02%2d22T07%3a22%3a52Z&CORRELATIONID=d64bd3c9ac968&ACK=Success&VERSION=60%2e0&BUILD=1195961&AMT=1%2e00&CURRENCYCODE=USD&AVSCODE=X&CVV2MATCH=M&TRANSACTIONID=3L887465VP729712C

148. an agreement to receive or be given access to content/services online

149. value added services

150. Premium content

152. WPS – How it works ?

153. WPs– Implementation Go to www.paypal.com Business  Products and Services Select Website Payments Standard Click on Try it Now button <Demo>

154. WPs– HTML <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <!-- Identify your business so that you can collect the payments. --> <input type="hidden" name="business" value="alice@mystore.com"> <!-- Specify a Subscribe button. --> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <!-- Identify the subscription. --> <input type="hidden" name="item_name" value="Alice's Weekly Digest"> <input type="hidden" name="item_number" value="DIG Weekly"> <!-- Set the terms of the regular subscription. --> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="a3" value="5.00"> <input type="hidden" name="p3" value="1"> <input type="hidden" name="t3" value="M"> <!-- Display the payment button. --> <input type="image" name="submit" border="0" src="https://www.paypal.com/en_US/i/btn/btn_subscribe_LG.gif" alt="PayPal - The safer, easier way to pay online"> <img alt="" border="0" width="1" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" > </form>

155. Subscriptions with Express Checkout Recurring payments

156. EC – How it works ? 3 1 4 2 Merchant sets up recurring payment items. Customer selects Express Checkout and agrees to payment terms. At subsequent billing cycles, PayPal charges customer on behalf of merchant. Merchant can view, modify, or suspend payments.

158. customize the look and feel

159. information displayed

160. return/cancel urls

161. total amount

162. Recurring payment agreement

163. GetExpressCheckout – returns information about the buyer from PayPal, including shipping information

165. EC – Sample Request/Response Request: METHOD=CreateRecurringPaymentsProfile&VERSION=60.0&PWD=QFZCWN5HZM8VBG7Q&USER=sdk-three_api1.sdk.com&SIGNATURE=A.d9eRKfd1yVkRrtmMfCFLTqa6M9AyodL0SJkhYztxUi8W9pCXF6.4NI&AMT=1.00&CREDITCARDTYPE=Visa&ACCT=4781568468637361&EXPDATE=012011&CVV2=962&FIRSTNAME=John&LASTNAME=Doe&STREET=1+Main+St&CITY=San+Jose&STATE=CA&ZIP=95131&COUNTRYCODE=US&CURRENCYCODE=USD&PROFILESTARTDATE=2010-03-21T00%3A00%3A00Z&DESC=Welcome+to+the+world+of+shopping+where+you+get+everything&BILLINGPERIOD=Week&BILLINGFREQUENCY=4&TOTALBILLINGCYCLES= Response: PROFILEID=I%2d8STY14R2YVVJ&PROFILESTATUS=ActiveProfile&TIMESTAMP=2010%2d02%2d22T07%3a34%3a07Z&CORRELATIONID=967863e017837&ACK=Success&VERSION=60%2e0&BUILD=1198898

166. Disbursements PayPal disbursement products allow you to send payments to multiple customers at the same time. Who is target customer? Businesses who disburse money to their customers or clients Product is a replacement for payouts via check, direct debit, and gift cards Some key segments

167. Disbursements with MassPay

169. Two ways to use: MassPay API (250) or upload (5000)

170. Sender pays the transaction fee, not the receiver

171. 2% per payment with a maximum $1.00 per payment

173. Great way to send payments cross-border

174. Low cost to disburse money

175. Provide a payout choice to your customer

178. n is the counter of the request (starting with 0 (zero))https://api-3t.sandbox.paypal.com/nvp?{VERSION & CREDENTIALS}& METHOD=MassPay& RECEIVERTYPE=EmailAddress& CURRENCYCODE=USD& L_AMT0=5.00& L_EMAIL0=masspay1%40mikeblanton.com& L_AMT1=5.00& L_EMAIL1=otheraccount%40me.com& L_AMT2=5.00& L_EMAIL2=friend%40hotmail.com

179. MassPay– Implementation <code>

180. MassPay– Sample Request/Response Request: METHOD=MassPay&VERSION=60.0&PWD=QFZCWN5HZM8VBG7Q&USER=sdk-three_api1.sdk.com&SIGNATURE=A.d9eRKfd1yVkRrtmMfCFLTqa6M9AyodL0SJkhYztxUi8W9pCXF6.4NI&L_EMAIL0=user1%40paypal.com&L_Amt0=1.00&L_UNIQUEID0=&L_NOTE0=&L_EMAIL1=user2%40paypal.com&L_Amt1=1.00&L_UNIQUEID1=&L_NOTE1=&L_EMAIL2=user3%40paypal.com&L_Amt2=1.00&L_UNIQUEID2=&L_NOTE2=&EMAILSUBJECT=You+have+money%21&RECEIVERTYPE=EmailAddress&CURRENCYCODE=USD Response: TIMESTAMP=2010%2d02%2d22T07%3a35%3a36Z&CORRELATIONID=b72f8f569219&ACK=Success&VERSION=60%2e0&BUILD=1205804

181. mCommerce Comparison shopping applications are the top downloads. Number of Mobile Transactions 10X Red Laser 4 million downloads $380 million in sales (Jan-Sep 2009)

182. The mobile way Clients (Mobile Embedded Payment Toolkit) Mobile Web Pre-approval (Apple) Entirely client-based experience leveraging APIs and plug & play interface Utilized WAP infrastructure and reskinning techniques for seamless integration Web onboarding for a mobile billing agreement

183. Mobile Checkout Similar to Express Checkout but with Mobile UI Supports Phone/Pin login (User sets phone/pin with PayPal) To access mobile checkout, a device, mobile carrier, and browser must support the following: WAP 2.0 phones (not WAP 1.0) xHTML or HTML markup language SSL connections Cookies enabled No carrier "WAP gap"

184. Mobile Checkout – How it works ?

187. Agreements can then be used on the phone.

189. MEP – How it works ?

190. MEP – API (PayPal*)initializeWithAppID:(NSString*)PayPalApplicationID (Optional:) forEnvironment:PAYPAL_ENVIRONMENT)env; -(void)setPayButton:(UIViewController *)target buttonType:(PayPalButtonType)buttonTypestartCheckOut:(SEL)payWithPayPal withLeft:(int)left withTop:(int)top; -(void)Checkout:(NSString*)currency Amount:(NSString*)inAmount Description: (NSString*)inItemDesc Recipient:(NSString*)inRecipient Tax:(NSString*)inTax Shipping:(NSString *)inShipping PaymentType:(PayPalPaymentType)paymentType;

191. MEP – Implementation // initialize paypalMEPppMEP = [PayPal initializeWithAppID:@"APP-80W284485P519543T" forEnvironment:ENV_SANDBOX];[[PayPalgetInstance] setPayButton:self buttonType:BUTTON_294x43 startCheckOut:@selector(payWithPayPal) withLeft:10 withTop:352]; -(void)payWithPayPal {[ppMEPEnableShipping]; //setting whether the payment type is hard goods or servicePayPalPaymentTypepaymentType = HARD_GOODS; NSString *desc = [NSStringstringWithFormat:@"Photo Print (%@)", photoId]; [ppMEP SetSenderEmailorPhone:@"ppalav_1260941775_per@yahoo.com"]; [ppMEP Checkout:@"USD" Amount:[NSString stringWithString:@"5.0"] Description:desc Recipient:@"pd_1265515509_biz@yahoo.com" Tax:[NSString stringWithString:@"0.0"] Shipping:[NSString stringWithString:@"0.41"] PaymentType:paymentType]; } -(void)paymentSuccess:(NSString*)transactionID{ UIAlertView *alert = [[UIAlertViewalloc] initWithTitle:@"Order successful" message:@"Your picture is on it's way!" delegate:nilcancelButtonTitle:@"OK" otherButtonTitles:nil]; [alert show]; [alert release]; }

193. First Suite of APIs

194. Adaptive Payments: Highly configurable payment APIs

197. AP – How it works ? API WEB Business Pay API Pay Key Redirect User to PayPal Return URL 109 User Name = P_Mart_admin.api Currency = USD Password = keep$secret Receiver email = Business@P_Mart.com Signature = 23KJHO5AS09I32SDROR Tracking ID = 234235986 Sender Email = john_m@mail.comCancel URL = www.P_Mart.com/home Amount = 100 Return URL = www.P_Mart.com/apstore Pay Key = PA-84HK2A57FCOP3RW Response Request 109 Confidential and Proprietary 109

198. PAYMENT APPROVAL on WEB 1. Login Payment Confirmation 2. Review Your Payment 3. Redirect

200. Pay: Transfer funds between parties. Supports simple, chained, parallel, preapproved payments, etc.

201. PaymentDetails: Get details of a payment

202. Preapproval APIs

203. Preapproval: Preapproval agreement signup

204. PreapprovalDetails: Get details of a preapproval

205. CancelPreapproval: Cancel an existing preapproval

206. Refund: Refund a payment (complete, partial, etc.)

208. Adaptive Payments – Sample Request/Response Request (NVP - formatted): actionType=PAY& requestEnvelope.errorLanguage=en_US& returnUrl=http://www.return.com& cancelUrl=http://www.cancel.com& currencyCode=USD& feesPayer=EACHRECEIVER& memo=Payment for service& receiverList.receiver(0).email=receiver@x.com& receiverList.receiver(0).amount=100.00 Response (NVP – formatted): responseEnvelope.timestamp=2010-02-20T19%3A35%3A41.368-08%3A00& responseEnvelope.ack=Success& responseEnvelope.correlationId=87b9285584b68& responseEnvelope.build=1193935& payKey=AP-1F95034641369115U& paymentExecStatus=CREATED

210. Account created can be used with any PayPal APIs, including Adaptive Payment APIs

211. Currently supports creation of Personal and Premier accounts. Business account creation to come soon.

212. Benefits:

213. Streamline user experience

216. Adaptive Accounts – Implementation <code>

217. Adaptive Accounts – Sample Request/Response Request: accountType=PERSONAL&registrationType=Web&name.salutation=Dr.&name.firstName=Bonzo&name.middleName=Simore&name.lastName=Zaius&emailAddress=bzaius@email.com&dateOfBirth=1968-01-01Z&address.line1=1968 Ape Way&address.line2=Apt 123&address.city=Austin&address.state=TX&address.postalCode=78750&address.countryCode=US&contactPhoneNumber=512-691-4160&currencyCode=USD&citizenshipCountryCode=US&preferredLanguageCode=en_US&createAccountWebOptions.returnUrl=http://www.success.com Response: responseEnvelope.timestamp=2010-02-22T21%3A47%3A09.833-08%3A00&responseEnvelope.ack=Success&responseEnvelope.correlationId=9e107273d5330&responseEnvelope.build=1149875&createAccountKey=AA-7NU425523H556874S&execStatus=COMPLETED&redirectURL=https%3A%2F%2Fwww.sandbox.paypal.com%2Fus%2Fcgi-bin%2Fwebscr%3Fcmd%3D_hostedua-flow%26encrypted_second_auth_code%3DAgPLMEgZKZSFz7ve8rViM9pjBZLK86wyV3suJtaHV4nku.Q7huKEMZms2zN6bVpWzQY%26encrypted_id%3DH24VPCELGVF4N

218. a few more important things

219. Instant Payment Notifications (IPN)

220. Instant Pay Notifications (IPN) Message service that notifies you of events related to: New transactions Updates to previous transactions Dispute management and chargebacks Provides status on pending, cancelled, or failed transactions Allows merchants and developers to integrate payments and automate back-end operations

221. COMMON IPN TYPES Instant payments, such as Express Checkout eCheck payments Pending payments Recurring payments and subscriptions Authorizations Chargebacks Disputes Reversals

222. IPN IN ACTION PayPal posts IPN to seller Seller posts back IPN message to PayPal Buyer clicks Buy Now button PayPal sends VERIFIED/INVALID response

223. IPN MESSAGE IPN is HTTP POST with POST variables consisting of: Information about Seller Information about the Transaction Information about your Buyer Information about the Payment

224. IPN - Sample mc_gross=19.95&protection_eligibility=Eligible&address_status=confirmed&pay er_id=LPLWNMTBWMFAY&tax=0.00&address_street=1+Main+St&payment_date=20%3A12% 3A59+Jan+13%2C+2009+PST&payment_status=Completed&charset=windows- 1252&address_zip=95131&first_name=Test&mc_fee=0.88&address_country_code=US& address_name=Test+User&notify_version=2.6&custom=&payer_status=verified&add ress_country=United+States&address_city=San+Jose&quantity=1&verify_sign=Atk OfCXbDm2hu0ZELryHFjY-Vb7PAUvS6nMXgysbElEn9v- 1XcmSoGtf&payer_email=user123%40yahoo.com&txn_id=61E67681CH32 38416&payment_type=instant&last_name=User&address_state=CA&receiver_email=g pmac__biz%40gmail.com&payment_fee=0.88&receiver_id=S8XGHLYDW9T3S &txn_type=express_checkout&item_name=&mc_currency=USD&item_number=&residenc e_country=US&test_ipn=1&handling_amount=0.00&transaction_subject=&payment_g ross=19.95&shipping=0.00 https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_notifyvalidate& mc_gross=19.95&protection_eligibility=Eligible&address_status=conf irmed&payer_id=LPLWNMTBWMFAY&tax=0.00&...&payment_gross=19.95&shipping=0.00 VERIFIED or INVALID

226. Per Transaction Listener (Notify URL) can be used from buttons and API requests* Requires subscription. Contact Customer Service for access

227. IPN HISTORY: RESENDING IPN History->IPN History

228. IPN BEST PRACTICES Once IPN is received: Always validate the incoming IPN. Send the response as soon as possible. Check for duplicate IPNs. Respond to all the IPNs or the IPN will be resent. IPN is designed as an asynchronous notification. Never wait for IPN synchronously. Disable any listeners that are not in use. PayPal detects and disables malfunctioning listeners. Where necessary get, transaction information from other methods in addition to using IPN.

229. Development Process Submit for application review Get API credentials Go Live Design and build application Create Sandbox account Get APP ID Signup on x.com

232. Things to note 1. The PayPal X Developer Agreement is your friend. Clearly and concisely explains what is and is not allowed Describes confidentiality and intellectual property rights 2. Your application will be reviewed for: Compliance with payment regulations Acceptable use policy compliance Information security Risk Functionality 3. Applications using only standard functionality go through a less involved review.

233. Going Live Once your app get’s approved, you will receive your Live APP ID. Update your app to use Live APP ID and API Credentials Launch your application Start accepting payments!

234. WHEN TRANSACTIONS GO RIGHT Order Payment Shipment /Delivery

235. When Security Fails

237. Always integrate with web flows and APIs using POST, not GET.

238. Always integrate with PayPal using an HTTP(s) library, not raw sockets.

239. Pay attention to HTTP(s) error codes

240. Validate IPNs properly.

241. Use saved or encrypted Website Payments Standard buttons to prevent tampering attacks.

243. Prevent Common shopping cart attacks like Price tampering & Fake referrer header attack

244. Stay current on security vulnerabilities.

245. Harden your servers, frameworks, and applications and keep them up to date.

246. By following best practices, your applications will be both more robust and more secure.The Open Web Application Security Project (http://www.owasp.org) The Web Application Security Consortium (http://www.webappsec.org/) Security Focus (http://www.securityfocus.com)

247. Fighting Fraud Consumer fraud Merchant fraud Phishing Social engineering

248. BEST PRACTICES Be vigilant Authenticate each transaction Real-time authorizations Reduce customer errors Manual review Robust risk rules customized for your business Comprehensive and dynamic fraud scoring Bayesian filters Neural nets Cross merchant and buyer data analysis for patterns Cross channel data analysis patterns

249. Managing your Risk using PayPal

250. Watch out for illegal transactions Certain transactions are illegal. Therefore, the payment and processing of the payment is also illegal. Some examples: Sales of narcotics Child pornography Internet gambling transactions Underage alcohol/tobacco sales All payment mechanisms prohibit payments that violate law. As a developer, creating an application that violates law or enables the violation of law could subject you to criminal and civil liability.

252. API Documentation: https://www.x.com/community/ppx/dev-tools

253. SDKs & Toolkits: https://www.x.com/community/ppx/sdks

254. Business Account SignUp: https://www.paypal.com

255. Sandbox: https://developer.paypal.com/

256. IPN Simulator: https://developer.paypal.com/devscr?cmd=_ipn-link-session