Setting up ClickBank Instant Notification Url (Java/JSP)

It is easy to set-up ClickBank instant notification url. The Instant Notification service that notifies you of transactions within the ClickBank system for your account. It sends data in a near real-time fashion for the following action types:
Sale
Rebill
Refund
Chargeback
Cancel Rebill
Test

The service attempts to post information via HTML FORM POST to a URL specified by you. Each post contains a group of URL Parameters relevant to the transaction. To prevent fraud, one of the parameters, the cverify field, is used to verify the validity of the other fields.
 
Check this url for more details on this service.
 
Now, how do you differentiate a request from ClickBank and from a hacker? ClickBank sends us a parameter "cverify" which is a sha1, or a hash of the values passed, including your Secret Key. Generate sha with the parameters received and compare it with the one received from the request. If they are identical, the request is valid else ignore the request.
 
Find below the code written in Java which sends a mail on successful SALE.
 
public boolean isIpnValid(HttpServletRequest request) throws Exception{
   String secretKey = "YOURSECRETKEY";
   String mySha = org.apache.commons.codec.digest.DigestUtils.shaHex(request.getParameter("ccustname") + "
" + request.getParameter("ccustemail") + "
" + request.getParameter("ccustcc") + "
" + request.getParameter("ccuststate") + "
" + request.getParameter("ctransreceipt") + "
" + request.getParameter("cproditem") + "
" + request.getParameter("ctransaction") + "
" + request.getParameter("ctransaffiliate") + "
" + request.getParameter("ctranspublisher") + "
" + request.getParameter("cprodtype") + "
" + request.getParameter("cprodtitle") + "
" + request.getParameter("ctranspaymentmethod") + "
" +request.getParameter("ctransamount") + "
" + request.getParameter("caffitid") + "
" + request.getParameter("cvendthru") + "
" + secretKey);
mySha = mySha.substring(0, 8);
mySha = mySha.toUpperCase();
String expectedCVerify = request.getParameter("cverify");
return mySha.equals(expectedCVerify);
} 
If this function returns true, send a mail to the customer else ignore the request.
Feel free to post your comments and suggestions. All the best with your ClickBank account!

1 Comments

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to our feed and get articles like this delivered automatically to your feed reader? Like our Facebook Page.

  1. Nice information. I was searching for the same. It helped me alot and saved my time. Thanks alot. servicenow training in hyderabad ,splunk training in hyderabad

    ReplyDelete
Post a Comment
Previous Post Next Post