Paypal Update Requires Fix for Websites to Keep Working

full-screen

 

paypalWe got a notification from Paypal recently that they are updating their API on October 7th 2013, which may cause your website’s ecommerce to stop working if you are  using Paypal to accept payment online.

This will affect sites running OSCommerce, X-Cart, older versions of WooCommerce (make sure to update your install!) and other shopping cart systems as well as custom solutions.

If you think you may be affected by this update by Paypal, you will need to get a developer to address this issue assuming you continue to use Paypal. We are more than happy to address this for you.

Contact us if you would like us to implement the fix/update for you.

You can see Paypal’s email notice below with the details:

In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site’s performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting October 7, 2013.
We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” or “Host: ipnpb.paypal.com” header in the HTTP request.


Additional Details

Starting October 7, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors afterOctober 7, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.


Action Required before October 7, 2013

Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” and “Connection: close” HTTP header in the IPN postback script.
Example with Host as www.paypal.com (please make necessary changes if you are usingipnpb.paypal.com):


ASP

//Set values for the request back
req.Method=”POST”;
req.Host=”‘www.paypal.com‘”;
req.ContentType=”application/x-www-form-urlencoded”;

Perl
$req=HTTP::Request->new(‘POST’, ‘https://www.paypal.com/cgi-bin/webscr’);
$req->content_type(‘application/x-www-form-urlencoded’);
$req->header(Host=> ‘www.paypal.com‘);
$req->header(Connection=> ‘close’);
PHP
// post back to PayPal system to validate
$header=”POST /cgi-bin/webscr HTTP/1.1\r\n”;
$header .=”Content-Type: application/x-www-form-urlencoded\r\n”;
$header .=”Host: www.paypal.com\r\n”;
$header .=”Connection: close\r\n\r\n”;


Java

HttpsURLConnection  uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty(“Content-Type”,”application/x-www-form-urlencoded”);
uc.setRequestProperty(“Host”, “www.paypal.com“);
uc.setRequestProperty(“Connection”, “Close”);
The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to http://www.paypal.com/pdt andhttp://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal’s Merchant Technical Support team via https://www.paypal.com/mts.
Sincerely,

PayPal



 
 

Get our
monthly tech
tips FREE!

email
 
site feed
 
 

recent posts

tagged topics

 

Why choose Page Progressive?

Page Progressive is an answer to prayer. After using several web "helpers" and being either disappointed or ripped off, I had the good fortune of finding Daniel and his company. They are prompt, efficient, knowledgeable and fair. He has even given me advice on how to save money when it cost him personal business. Anyone who employs him or his people will not be disappointed.

Katherine Fabrizio M.A., L.P.A.
CounselingbyKatherine.com

Client Access

back to top
   

Free Estimates!

Still not convinced? Contact us for a free estimate and we’ll examine everything up and down and show you how we can develop a solution for you and even help you market your idea online.

Our estimates are always free,
so why wait?

Call us now at
919-374-3014 or fill out our
contact form to get started!