I recently built an application that was based on a yearly subscription model. After thinking about the various payment methods available, I decided to go with PayPal subscriptions. The advantages are obvious… No need for SSL, I don’t have to assume any of the risk of storing payment information, and I didn’t have to worry about other complications like expiring credit cards.

So, the question then became “How do I handle subscription events?”

The answer, it turns out, was pretty simple. Here’s a look at the subscribe button HTML:

Now, I’ll skip over some of the standard PayPal inputs, and hit the ones that matter for processing things on the CF side.

• notify_url: The URL that PayPal sends IPN requests to (for successful subscriptions, or expirations and cancellations)
• return: The URL that PayPal redirects users to after they complete payment
• cancel_return: The URL PayPal sends users to after they cancel their subscription.
• item_number: What PayPal suggests you use to distinguish one subscription from another, which in my case was a userID.

My return and cancel_return pages were just plain HTML thanking the user for their respective actions, so I won’t waste space with that code. The interesting code is my notify_url code:

I left my queries in, but you can of course handle flagging people as paid or not however you choose. The important code is in the CFSCRIPT, which actually validates the IPN transaction, to prevent hackers from getting something for nothing. It’s an updated version of the stock PayPal code. After that, there’s a CFSWITCH statement that checks for various txn_type values that PayPal might return:

• subscr_signup: New subscription signup
• subscr_payment: Existing subscription made a payment
• subscr_failed: New subscription failed
• subscr_eot: Subscription lapsed
• subscr_cancel: Subscription canceled

It’s your responsibility to architect your application and database to handle these events, but I’m happy to pass on the research and trial and error I went through.