GitHub User: danielsz
Three years later, and most of the information is still top notch. Thank you, Ryan.
I just finished a paypal integration for my website based on Ryan's guidelines.
This is to help out anybody who will be doing the same three years later after the initial screencast.
Two important comments were made here. Jim quoted the following:
* The 'cmd' parameter must be "_s-xclick" in the non-encrypted form, but it must also be included in the encrypted blob, as "_xclick"
Another point is that to let IPN pass through, you will need in the controller:
skip_before_filter :verify_authenticity_token, :only => [:create]
Finally, I chose to do a postback verification for IPN rather than the shared secret technique adopted by Ryan.
If you need help with this, just email me: danielsz @ sdf dot org.