How to code for website failure on API transaction

[tunnelboy]

This may not be the correct place to post this, but here goes.

 

I have a home-made e-commerce (PHP/MySQL) site that has been working fine for years. Well 99.99% of the time. Here's the problem scenario:

 

1) User checks out in this case with PayPal.

2) User is sent to PayPal to pre-authorize payment. PayPal returns user to our website.

3) User verifies address and ship methods and again is sent to PP for final authorization.

4) PP payment is approved BUT when PP forwards back to our website, our website is down or times out for whatever reason. Payment is recorded at PP, but not at our site because we never got the approval from PP due to the timeout or whatever.

 

It's happened I'd say 10 times in 5 years.

 

Any ideas how to alleviate this problem?

 

Thanks,

 

Sam

 

[requinix]

When the order initiates, store it in an incomplete form that indicates the current phase of the checkout process. The first time the user goes to PayPal you update the order to indicate that much. When they come back you verify the order is still in that "first trip to PayPal" state. Then another update that they're going back to PayPal a second time.

 

Don't use the final return from PayPal as an indication that the order completed. Instead rely on IPN, which PayPal sending you messages when stuff happens. The final page the user sees is basically just a thank you page, and the site waits for the IPN message indicating the order completed on PayPal's side before you update your own data (and do whatever processing you might need when orders complete). IPNs are generally fast so when the user returns your site may have already received the message.

 

If the site fails when they return the first time then the order is in a state where it can be resumed from. How you do that depends. If the site fails the second time, that's okay because the user is only missing a nice message. As for IPN, messages will be resent if your site doesn't respond/respond appropriately, so you can be quite sure that the order will eventually be processed - it may be minutes (most likely), hours, or even days later (worst case), but it will happen.

 

A nice benefit to using IPN is that you can receive messages for all activity. And the messages include a lot of data. If you always store every message, which I highly recommend, then that's also helpful for more administrative purposes - logging, reporting, etc.

[gizmola]

100% agree with requinix. Recode to use IPN.