Posted by John Siefer on 16 May 2012 04:50 PM
**This is an advanced topic. This is only recommended for vendors with advanced programming knowledge or those that have the assistance of a programmer.
JVZIPN offers an integration solution for membership sites and other products that require information about Payment Notifications.
JVZIPN will send data via HTML FORM POST to a URL you specify, which will be the script using the information. The information will POST for any of the following reasons:
Whenever one of these actions is triggered in the JVZoo system, JVZIPN creates a notification. That form data is then sent to your URL as a POST. Your script will then analyze that data and use it in the way you program it to. The cverify field is used to ensure the other fields contain valid entries and can be used to check that the information is coming from JVZoo.
What You Need to Know
In order to use the JVZIPN, there is some basic knowledge you (or your programmer) will need to know:
If you are unclear on any of these concepts, it is advised that you hire an experienced programmer or don’t attempt to use the JVZIPN system at this time.
These are parameters currently used in JVZIPN:
These are the types of transactions (found in the “ctransaction” field of the IPN):
These are the values you can receive in the ctranspaymentmethod field:
Response Code Monitoring (Retry Logic)
JVZIPN will expect a response code from your script of 200. If it receives anything other than a code of 200, the program will resend the data once an hour, for 72 hours, until a code of 200 is returned. .
Cipher (Preventing Fraud)
A cipher is used to determine that the information being sent is from a trusted source. Your script will contain a secret key that will also be the seed for the data encryption JVZIPN uses to send the information to your script. If this key is not the same on both ends, the encryption will not be able to be read by your script.
After gaining a sound understanding of the previous section of this document, we recommend that you test the feature before implementing. After completing a successful test, you can set up your account for the Instant Notification service.
Now that you have been granted access to the feature and have conducted a successful test, it’s time to complete the account setup of the Instant Notification service. Setting up the service is straightforward and involves the following steps.
Once the setup is complete, the Instant Notification transmissions will begin immediately.
If you no longer wish to use JVZIPN, simply remove the forwarding URL from your listing.
Q: Is it possible for the Instant Notification service to deliver more than one POST on a single receipt?
A: Yes. There are many scenarios where this is true. For instance, you will receive multiple POSTs for a single transaction if a refund is given and then reversed. This would result in delivery of a RFND action POST and then a SALE action post. The first action is a result of the original sale being refunded. The second action is a result of the sale being reinstated.
Q: Will I always receive all the Parameters or only when they contain values?
A: You will always receive all the parameters. When a parameter contains no value, the Instant Notification string will contain the parameter tag without a value.
Q: Why do some of the Parameters have a 0 in the number of characters to expect?
A: These Parameters may not contain any value during the post, which is why they are listed with the possibility for 0 characters.
Q: Am I required to use Cipher with JVZIPN?
A: It is required. You must add a secret key to your account to enable Instant Notifications.
Q: Are the code samples provided by JVZoo fully functional and ready to go?
A: No. The code sample you see is only a snippet of code to be used in a larger program or script.
Q: Will JVZIPN work with a self-signed SSL certificate?
A: No. A valid certificate is required.
Cipher (Validation Processing Code)
This PHP snippet will create the cverify value and verify if it is correct using the plain text values in the HTTP POST and your secret key (e.g. not URL-encoded).