The following question refers only to the "live" configuration, and not to the "sandbox" configuration: I'm re-writing a php post back endpoint in java. The existing PHP was using this example, without any credentials, and with this url: https://ipnpb.paypal.com/cgi-bin/webscr
The above endpoint seems to return a "VERIFIED" response every time.
On the other hand, the Java Core SDK has this method for making a post back
IPNMessage::validate()
with url https://www.paypal.com/cgi-bin/webscr, and (maybe) with credentials: username, password, token and AppId.
The above API always returns false, due to an "INVALID" response.
My questions are:
1. Is that the correct way to make a "post back" verification in Java?
2. Do I need credentials to make this post back verification?
