We have a website that have a Donate functionality So we integrate with Paypal After the user donates on PayPal , Paypal sends a request to our website that confirms the truncation So how to check if the request is coming from Paypal , How to check for the certificate provided by Paypal or just check on the Request.Request.Uri Because if i did not do this check any one can spoof and send a request with the parameters sent by PayPal confirming any fake transactions
Asked
Active
Viewed 170 times
2 Answers
1
You may like to refer to PayPal Payments Standard Integration Guide. On page 344 it talks about setting up certificates. Also refer to page 347 which specially talks about what you want. You can run a command and pass PPCertFile parameter which refers to PayPal public certificate
gauravphoenix
- 2,814
- 3
- 25
- 33
0
Only thing you can do is check for REFERER, but that could be empty as well. at the end of the day you can make your page secret, but whoever donates you, they can see your return url. I am sure Paypal sends you some sort of notification via email so you know its not a spoof. even if you try to read header of incoming request..they could be spoofed as well.
Community
- 1
- 1
highwingers
- 1,649
- 4
- 21
- 39
-
is there is an option for checking the Server Certificate Provided by Paypal – Wael Said Emara Sep 10 '12 at 08:56
-
Never ever believe what REFERER says :) – gauravphoenix Sep 10 '12 at 11:36
-
Wael, you cant check the Certificate for incoming request, like we said, anyone could send you a bogus request. – highwingers Sep 10 '12 at 18:49