- homelinkAsked on December 11, 2013 at 09:51 AM
I received the following email from PayPal. Will JotForms do what is necessary? Or do I have to make some changes?
---------- Forwarded message ----------
From: PayPal <email@example.com>
Date: Tue, Dec 10, 2013 at 7:52 PM
Subject: Important system maintenance information
PAYPAL SERVICE UPGRADES
Dear Karl Costabel,
***Please do not disregard this email. Failure to make necessary changes to your PayPal integration may result in an inability to make API calls and/or receive payments through PayPal.
PayPal continues to make significant investments and improvements to its infrastructure to improve our performance, scalability and availability to our customers. These improvements sometimes require us to perform necessary site maintenance upgrades. These upgrades sometimes require merchants to make changes to or update their existing integration.
Please make sure you are ready for this event by consulting with your technology team or individual(s) responsible for your PayPal integration.
Because of a system upgrade, the following API endpoints are being updated:
When is this happening?
This event is scheduled for the following date(s) and time(s):
Date: March 25, 2014
Time: 11:00 p.m. Pacific Daylight Time (PDT)
Why is this happening?
We are performing this upgrade to ensure more efficient services for PayPal API users.
What do I need to do?
Merchants integrated in the following non-standard ways with PayPal’s API calls will be impacted when we update the API endpoints:
Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution. See section A below.
Merchants using HTTP methods other than GET, POST, DELETE and PUT. See section B below.
Merchants using the HTTP 1.0 protocol. See section C below.
Merchants whose firewall is configured to allow incoming and/or outgoing traffic from only a specific set of IP addresses will need to reconfigure their integration. See section D below.
***If you are integrated with a partner or a cart, please visit this FAQ for more important information.
Your technical team or individual(s) responsible for your PayPal integration will need to examine your current integration and make necessary changes.
Below are merchant action items for each of the impacts listed above:
Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution
Impact to your business: API calls will timeout or the merchant will encounter an internal error from their system
Your call to action: Use DNS resolution to access our API endpoints and/or open your firewall to the new IP addresses which will be communicated
Merchants using HTTP methods other than GET, POST, DELETE and PUT:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request or HTTP Error 405 Method not allowed
Your call to action: Send the API requests using one of the allowed methods. Heartbeat calls using the HEAD method will not be allowed
Merchants using the HTTP 1.0 protocol:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request
Your call to action: Merchants should update their code to HTTP 1.1 and include the Host header in the API request
Merchants needing firewall changes to allow new IP addresses:
Impact to your business: API calls will error out for merchants whose system responsible for making API calls to PayPal is behind a firewall that uses Access Control List (ACL) rules, and restricts outbound traffic to a limited number of IP addresses.
Your call to action: You need to update your firewall ACL to allow outbound access to a new set of IP addresses we will be publishing. Test your integration on Sandbox (the IP addresses for Sandbox API endpoints are listed here). The list of new IP addresses for our Live API endpoints will be posted here when available in January.
To assist with any questions you may have, we have an FAQ available here.
For additional details of this event, please refer to this blog. Please note that maintenance events can be postponed, rescheduled or cancelled so it’s important that you review this information periodically.
If you have any questions, please contact PayPal Merchant Technical Services by filing a ticket; refer to LIVE API integration change in preparation for March 25. For real time system updates, please go to www.paypal.com/sitestatus.
Thank you for your understanding.
Keep up-to-date with the latest technical information on our new portal www.PayPal-Notify.com. The portal will give you everything you need to know about planned site maintenances, unplanned events, and site changes. Just sign up using your PayPal, Google, Yahoo or Facebook account login details.
Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Centre by clicking "Help" at the top of any PayPal page.
Copyright © 1999-2013 PayPal All rights reserved.
- KadeJMAnswered on December 11, 2013 at 12:17 PM
Karl, thank you for pointing that out to us. Provided that this is Actual Official PayPal Information that was realistically sent to your email I think you are fine for now since according to the Scheduled Date mentioned in the message this won't take full effect until March 25th, 2014 if that is truely the case. Either way though, to my knowledge our Development Team already keeps track of these sorts of things involving changes and hotfixes for our Integrations and will do what is necessary when it is necessary to make sure it stays up-to-date and working accordingly on our end so that you do not lose out on using your PayPal Pro Account with the PayPal Pro Payment Integration.
I did a search but at the moment I am not finding much information about this scheduled maintenance at the moment. I am also signed up with paypal along with having a paypal developer account but I did not receive notice about this yet. So in all honesty at the moment this makes me slightly suspicious of this message but I could be wrong though it's better to be safe than sorry.
To protect yourself some things that you may want to check from the message to make sure it is Actually and Officially from PayPal. Click on the From/To/Sender and see what it says. Check to see if there is an Official Logo that matches the PayPal Logo on PayPal's Website. If it varies even the slightest bit that should be a red flag. If there are any links included in it, don't click on them but just hover over them to see if the hoverlink shows in the bottom-left corner of your browser showing where the Links go to. If it seems suspicious or does not contain anything related to paypal.com especially if its random letters in it then DO NOT click on it.
I will contact paypal and find out more about this myself and pass along the information to our developers if it becomes necessary. But for now I think you should be fine. :)