The following question refers only to the "live" configuration, and not to the "sandbox" configuration: I'm re-writing a php post back endpoint in java. The existing PHP was using this example, without any credentials, and with this url: https://ipnpb.paypal.com/cgi-bin/webscr The above endpoint seems to return a "VERIFIED" response every time. On the other hand, the Java Core SDK has this method for making a post back IPNMessage::validate() with url https://www.paypal.com/cgi-bin/webscr, and (maybe) with credentials: username, password, token and AppId. The above API always returns false, due to an "INVALID" response. My questions are: 1. Is that the correct way to make a "post back" verification in Java? 2. Do I need credentials to make this post back verification?
... View more