Linn Systems Solutions link Linn Systems Products link Linn Systems Community forums and development documents Linn Systems Products downloads link Linn Systems Software and Systems support

  Overview

  Downloads

  Support

  Documentation

  Register

sharp Software Series

  sharpGraphica

  sharpResponse

  sharpMail

sharpResponse brief

14.03 New version specification is now ready and will delivered through version control in 5 steps. Expect version 1.2 by June.


03.03 sharpResponse official release. New version specification is being verified


23.02 sharpResponse implements Linn Knights Web services protocol for secure HTTP comms


12.02 Initial public product relase


21.12 Beta version is release and distributed to 82 users. Lets wait on the response

sharpResponse - Documentation - How to set up Instant Payment Notification service

This article describes how you can set up instant payment notification service and link it with your PayPal account. We also discuss the security of the service to reassure the user of the privacy and reliability of the service. The discussion section answers some of the questions you may have about linking the PayPal account to the service.


Description

Service setup.

To set up new account go to Manage Instant Payment Notification . You must be connected to the internet to access the services as there is software and subscription verification takes place.



Once your subscription is verified, you will see basic account information and the list of all defined IPN services (or we call them accounts in some places, there is really no difference). To set up new account click Create New.


Here you are required to enter title of the account you are creating (this is for your own reference, it can be any name you want).


Unique encryption key is generated automatically, which includes versus vector (don’t worry too much about it). Also 8 byte token is generated automatically.


You then need to enlist all email addresses you receive payments to. If no addresses defined service will simply accept any payment notification, which leaves you open for fraud, as somebody can create IPN via PayPal directing PayPal to your service, which will create an impression that you have received an authentic payment. It is a good security measure and generally a good practice to list email addresses, this way the service will only accept payments originated to defined email addresses. You can edit list of email addresses any time.


Click Create, the information will be sent to the service provider. The provider then responds with a message stating the result of the


If the account has been created successfully, you will be given a unique IPN service link address, in the screenshot above you can see the address as:


https://web76.secure-secure.co.uk/linnsystems.com/ipns/41/ipn.php


Save this address somewhere, and proceed to PayPal website as you will need to link this IPN service to your Paypal account.


Go to http://www.paypal.com and login to your PayPal account. The open Profile Tab, from the top menu. As shown in the screenshot below.


Then select Instant Payment Notification from the Selling Preferences menu. Note, that your account must be verified for this option to be available.


If you haven’t had IPN services defined before, click Edit and then enter the link address that was given to you by the service provider.


Click Save and you can log off from PayPal account. You are now all set, from now on every time you receive a payment, the notification will be passed on to the service and sharpResponse can then reclaim the notification.


Discussion – Security

Here we will try to elaborate a little more about the security measures utilized by sharpResponse and LinnKnights (service provider) web services to protect your data and guard you from fraud. Since we cannot possibly discuss all the aspects of Internet security, in great details due to time it would take us. We will use quite a lot of jargon and comment on the meaning of certain phrases where appropriate.


First, it when PayPal initiates the instant Payment Notification Message it connects to the service via secure protocol which guarantees secure communication between two entities on the network. This protocol is called SSL. LinnKnights uses signed SSL service, propagated to second level with 512Bit encryption. This basically ensures that PayPal sends us encrypted message that only LinnKnights can decrypt and LinnKnights sends encrypted message back to PayPal that only PayPal can decrypt. There is no way anyone can spy out this transaction. (Read about Public and Private key encryption for more information, if you are interested )


When the LinnKnights service receives Instant Payment Notification, this notification contains a security code which is sent back to PayPal. Which PayPal attempts to validate, only if the code is real and matches the transaction details, PayPal will respond and to confirm the transaction. This ensures that no one will be able to send Instant Payment Notification posing as PayPal and try to pass it as an authentic payment.


LinnKnights deal will then encrypt the received message with your encryption key, that was selected when account is set up. This key is then encrypted with token. LinnKnights services use TripleDES for encrypting standard account and 64bit vectors for encrypting volume accounts. This guarantees that even if somebody captured the information anywhere between you and PayPal, it means absolutely nothing unless you have a key and vector to decrypt it.


When you connect to LinnKnights to retrieve notifications, SSL is used again. Now the service provider will decrypt your IPN prior to sending it and create a vector identifier and hash key which will verify that you have received the message intact.


This whole arrangement of security standards covers pretty much all aspects of secure communication, data storage and retrieval.


Discussion – Some questions and answers

Does this mean that you can now access my PayPal account?

No. By specifying the IPN service address in PayPal, you simply tell PayPal to send a simple message to this address when payment is received. In fact, service provider wouldn’t even know who has set up the service and which PayPal account is linked to it.


Can anybody read my IPNs while they are unclaimed?

No. Not even service provider admins. Since messages are encrypted.


What if I loose encryption key?

IPNs that are currently in the database on the service side, would be lost for ever. You can still access this information from PayPal website. If you have lost the encryption key, simply delete the account and create a new one.


Why linking my PayPal account this way?

This is the simplest and most accessible way to receive instant payment notifications from PayPal. There are other ways, such as using API, but these methods require special PayPal subscription and additional PayPal verification and not normally available for everyone to use.


Is security measures are a standard?

Yes. LinnKnights use latest standards and technology to maintain the security of the services and application communication.


What if web service goes down, would I be able to receive my IPNs?

Yes. We use redundant network of servers, which stay up 24/7.


<< Back | Next >>

Home       About Us       Support       Services       Contacts      

Copyright ©2005-2007 Linn Systems. Linn Knights Web Services. All rights reserved.