This post is to help those who have the same questions I did about how to integrate Paypal into a customer’s website, manage inventory, track orders, calculate shipping, etc.
Q: What is a Hosted Button?
Q: What is Upload Cart?
Q: What is 3rd Party?
Q: What is the API?
Q: What is IPN?
Q: What is PDT?
Q: Should I use IPN or PDT?
Q: Do I need an SSL certificate? What about Security?
Q: How is inventory managed?
Q: How is shipping calculated?
Q: How can my customers track their order?
Helpful Links:
Q: What is a Hosted Button?
A: Hosted buttons means that you log into Paypal and use a wizard to create either “Add to Cart”, “Buy Now”, and/or “Checkout” buttons. The wizard will spit out HTML to copy and paste into your website where you want the buttons to show. They are called hosted because the HTML just references code/images that are served up by Paypal and any clicks of those buttons will result in calling Paypal to perform the respective actions. This method does not require you to purchase an SSL certificate.
Q: What is Upload Cart?
A: Upload cart means that your site must have a custom shopping cart solution and must contain a “checkout” button that does a POST to Paypal to accept payment. The POST requires that you send all the items in the user’s cart along with some other variables. This solution, in my opinion, is much better than the other solutions. I say this because the you have more control over the look and feel of the cart/shop pages and this method does not require you to purchase an SSL certificate.
Q: What is 3rd Party?
A: 3rd Party means that you use a package developed by some company or organization that has already done the work to integrate Paypal. The only thing I can say about 3rd Party packages is that they are incredibly complex (they are trying to cover everything that could possibly be needed in an e-commerce solution). Configuration and customization was a nightmare. Because of that I chose not to pursue this solution.
This may depend on the 3rd Party software, but the one I attempted to use also required the user to register with the site before they could make an order.
Q: What is the API?
A: The API is a set of calls that can be made to Paypal to do a fully custom Paypal integration. This sounded like the way I wanted to go at first, however the big catch here is that you must have a SSL certificate. These are not cheap and when its a small business you want to avoid as many costs as possible. (There may be more catches but I stopped looking into this approach once I learned I would need an SSL certificate).
Q: What is IPN?
A: IPN stands for Instant Payment Notification. This is the process of notifying your site that a payment has been made. This can be used to maintain inventory, send out payment notifications, store orders in a custom database, etc.
Paypal, when a payment is made, will send a POST request to a URL you configure in your Paypal account (you must turn this feature on). The post will contain all the information about the payment except credit card information (thereby not requiring the SSL certificate). Next you need to validate that the POST is valid, meaning, from Paypal, not a duplicate, etc. After validation you can use all the payment information to perform whatever actions need to happen, inventory management, order management, email notifications, etc.
IPN is not meant to show the user anything. It’s strictly for any backend processes that need to take place after a payment.
This method should be used over PDT for any critical actions since, after a payment is made the user may not return to your site, and therefore you may never receive a PDT request.
Q: What is PDT?
A: PDT stands for Payment Data Transfer. This is the process of sending information back to your site after a payment has been made. This can be used to show a Confirmation page when the user returns to your website.
Paypal, when a payment is made, will POST the PDT information back to a configured URL. This URL can then read the information and show a confirmation page. The POST back to your website is configurable and must be turned on. PDT must also be turned as its a separate feature. Just like IPN, you must validate that the information came from paypal.
This method should NOT be used for any critical back-end actions like inventory management, order management, notifications, etc. since it’s not guarenteed that the user will return back to your site (they may close their browser or just choose not to return). Use IPN if you need to perform any critical back-end actions.
Q: Should I use IPN or PDT?
A: Most likely the real answer is: use both. You need IPN to do back-end processing and you should use PDT for when the customer returns back to your website. See the above two questions for more information about their differences.
Q: Do I need an SSL certificate? What about Security?
A: If you are using Hosted Buttons, Upload Cart, IPN, or PDT, the answer is no. If you are using 3rd Party or the API you may (I didn’t look into them enough to know for sure).
As for security, you can almost have a complete custom solution without having an SSL certificate. This is important since SSL certificates are not cheap. Security is provided by the fact that all Hosted Buttons, Upload Cart, IPN, and PDT POSTs are all over an SSL connection to Paypal.
Q: How is inventory managed?
A: Inventory management depends on the solution you choose to go with. The first is allowing Paypal to manage the inventory for you. If you use Hosted Buttons, you log into Paypal and enter in your products and how much you have in inventory. If you use Upload Cart, you must maintain inventory yourself, either manually or by implementing IPN. 3rd Party solutions already have this (so you only need to configure your Paypal account with whatever the 3rd Party solution requires). I can’t speak to the API, but if you are using the API, more than likely you are maintaining your inventory through IPN or some API call.
Q: How is shipping calculated?
A: If you are using anything other than the 3rd Party solution, shipping calculations can be setup on your Paypal account. They are setup by weight, price, or number of items and are split by International and Domestic. If you use the Upload Cart integration solution, you must pass weights in the POST to Paypal to have the shipping added if you configured shipping by weight.
Q: How can my customers track their order?
A: The answer is its really up to you. If you use IPN to save orders in some database and then update the status on your side then you must allow the user some way to track their order status and shipments. I chose not to do this. Paypal allows the seller to login and add tracking numbers to orders and print shipping labels and change order status. This was a far more robust solution than I could make (in a reasonable amount of time). The only exception here is 3rd Party solutions. They may provide order/shipment tracking so that you don’t have to require your customers to use Paypal.