Amazon Flexible Payments Service
Account Management Guide (API Version 2010-08-28)
AWS Documentation » Amazon Flexible Payments Service » Account Management Quick Start » Programming Guide » Working with Signatures » Verifying the ReturnURL and IPN Notifications
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

Verifying the ReturnURL and IPN Notifications

Amazon Simple Pay sends you outbound notifications for both the ReturnURL and IPN notification. For the ReturnURL, it is in the form of GET data, and for IPN notification, it is POST data. When you handle these notifications, we recommend you validate the signature to ensure the notification originated from Amazon Payments.

Signature version 2 security enables you to verify the signature of the response using a server-side call to the VerifySignature FPS Action. To use it, modify your returnUrl and ipnUrl pages to parse the notification. From those components, you assemble the relevant parameters for VerifySignature and sign it like any other request. The result of the call is either Success, meaning the response is valid, or Failure, indicating the response is suspect.

For more information on VerifySignature, see VerifySignature. In addition, you can use the validation samples to assist creating your own validation pages. For more information, see Understanding the IPNAndReturnURLValidation Sample.

Important

The original implementation of signature version 2 supported client-side signature validation using PKI. Client-side signature validation was deprecated on November 3rd, 2009, and as of 10 February, 2011 it is no longer supported. If you have been using client-side signature validation, you must switch to server-side validation using the FPS action VerifySignature.

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...