doDirectPayment(self, params) urlencoding params vs NVP documentation (and real world testing)

[basictheprogram]

helpers.py:306 pp_string = self.signature + urlencode(pp_params)

urlencodes all pp_params, including the notifyurl, but the PayPal NVP developer documentation does not state the NOTIFYURL needs to be urlencoded.

NOTIFYURL (Optional)
Your URL for receiving Instant Payment Notification (IPN) about this transaction. If you do not specify this value in the request, the notification URL from your Merchant Profile is used, if one exists.

Looking at my IPN History there are many IPNs that have failed and are Retrying

Notification URL: https%3A%2F%2Fb2796cd28232.ngrok.app%2Fpaypal%2F
HTTP response code: 500
Delivery status: Retrying
No. of retries: 7

The IPN history Notification URL is urlencoded and I suspect PayPal does not decode the URL and that is why it is failing.

Using curl which does not urlencode the POST params works as expected.

Things changed at PayPal around Sep 30, 2024.

Before Sep 30, 2024 the urlencoded params worked as expected /and/ curl worked as expected.

I cannot find any documentation about the change.

I cannot find confirmation that params need to be urlencoded.

My work-around has been to remove the NOTIFYURL from the params and set the IPN NOTIFYURL in the PayPal Manager. Not an ideal situation.

I can make the changes to helpers.py but I would like confirmation that what I am seeing before making a PR.

[spookylukey]

If this is a change with PayPal, can you report it to them? The only project I use this for hasn't had any payments since that date, so I can't confirm any change.

TBH, I'm so fed up with PayPal breaking stuff like this, that my most likely response to this will be:

• Move all my projects that need it to Stripe
• abandon maintenance of this library

The alternative is that I push out changes to the code, and potentially break things for other people. I just don't want to be responsible for this any more.

[basictheprogram]

Sanitized response from PayPal Global Technical Support.

Thank you for contacting PayPal Global Technical Support.

We appreciate you bringing this issue to our attention. We encountered a similar problem two weeks ago that was subsequently resolved. It appears that the issue has resurfaced, specifically with turning "://" into code.

We apologize for any inconvenience this may have caused. I will escalate this matter to the appropriate team for a swift resolution

Not very technical. turning "://" into code I assume means urlencoded or html entity codes? As of right now, it looks like a PayPal issue.

I'll post more when I learn more.

If you (or future me) are reading this, the work around I found is to define PAYPAL_WPP_NOTIFY_URL to a blank string.

PAYPAL_WPP_NOTIFY_URL=''

The NOTIFYURL gets set to what is defined in the PayPal Manager.

In my case, the blank string is important!

NOT declaring PAYPAL_WPP_NOTIFY_URL, as in no variable by that name, did not work for me.

[newearthmartin]

The alternative is that I push out changes to the code, and potentially break things for other people. I just don't want to be responsible for this any more.

Thanks for your support of this library over the years @spookylukey . It does not go unnoticed.

• Move all my projects that need it to Stripe

Sadly I live in Argentina and Stripe doesn't cover me, I'm left with PayPal.

My work-around has been to remove the NOTIFYURL from the params and set the IPN NOTIFYURL in the PayPal Manager. Not an ideal situation.

They broke NOTIFYURL many years ago when they changed to the javascript button. I didn't know that you could still use it. I've been using the PayPal manager IPN setting, which means if I get a personal payment on the paypal address it will go to my webapp also.

Clearly PayPal has gone through enshittifycation and doesn't care / has a lousy engineering team.