then here is the https request in my servlet: private String postVerification(PayPalIPNForm IPNForm) { URL url = null; HttpsURLConnection con = null; StringBuffer sb = new StringBuffer(); try { sb.append("custom" + "=" + URLEncoder.encode(IPNForm.getCustom(), "UTF-8")); sb.append("&first_name" + "=" + URLEncoder.encode(IPNForm.getFirst_name(), "UTF-8")); sb.append("&item_name" + "=" + URLEncoder.encode(IPNForm.getItem_name(), "UTF-8")); sb.append("&item_number" + "=" + URLEncoder.encode(IPNForm.getItem_number(), "UTF-8")); sb.append("&last_name" + "=" + URLEncoder.encode(IPNForm.getLast_name(), "UTF-8")); sb.append("&mc_currency" + "=" + URLEncoder.encode(IPNForm.getMc_currency(), "UTF-8")); sb.append("&mc_gross" + "=" + URLEncoder.encode(IPNForm.getMc_gross(), "UTF-8")); sb.append("¬ify_version" + "=" + URLEncoder.encode(IPNForm.getNotify_version(), "UTF-8")); sb.append("&payer_email" + "=" + URLEncoder.encode(IPNForm.getPayer_email(), "UTF-8")); sb.append("&payer_id" + "=" + URLEncoder.encode(IPNForm.getPayer_id(), "UTF-8")); sb.append("&payer_status" + "=" + URLEncoder.encode(IPNForm.getPayer_status(), "UTF-8")); sb.append("&payment_date" + "=" + URLEncoder.encode(IPNForm.getPayment_date(), "UTF-8")); sb.append("&payment_gross" + "=" + URLEncoder.encode(IPNForm.getPayment_gross(), "UTF-8")); sb.append("&payment_status" + "=" + URLEncoder.encode(IPNForm.getPayment_status(), "UTF-8")); sb.append("&payment_type" + "=" + URLEncoder.encode(IPNForm.getPayment_type(), "UTF-8")); sb.append("&quantity" + "=" + URLEncoder.encode(IPNForm.getQuantity(), "UTF-8")); sb.append("&receiver_email" + "=" + URLEncoder.encode(IPNForm.getReceiver_email(), "UTF-8")); sb.append("&txn_id" + "=" + URLEncoder.encode(IPNForm.getTxn_id(), "UTF-8")); sb.append("&txn_type" + "=" + URLEncoder.encode(IPNForm.getTxn_type(), "UTF-8")); sb.append("&verify_sign" + "=" + URLEncoder.encode(IPNForm.getVerify_sign(), "UTF-8")); sb.append("&cmd" + "=" + "_notify_validate"); } catch (UnsupportedEncodingException e3) { e3.printStackTrace(); } try { url = new URL(PAYPAL_VERIFY_URL); con = (HttpsURLConnection) url.openConnection(); } catch (MalformedURLException e1) { e1.printStackTrace(); } catch (IOException e1) { e1.printStackTrace(); } // set up url connection to post information and // retrieve information back try { con.setRequestMethod("POST"); } catch (ProtocolException e2) { e2.printStackTrace(); } con.setDoInput( true ); con.setDoOutput( true ); con.setRequestProperty("Content-Type","application/x-www-form-urlencoded"); // add url form parameters DataOutputStream ostream = null; try { ostream = new DataOutputStream(con.getOutputStream()); System.out.println( "adding post parameters: " + sb.toString() ); ostream.writeBytes( sb.toString() ); } catch(IOException ioe) { ioe.printStackTrace(); } finally { if(ostream != null) { try { ostream.flush(); ostream.close(); } catch(IOException ioe) { ioe.printStackTrace(); } } } StringBuffer buf = null; try { Object contents = con.getContent(); InputStream is = (InputStream) contents; buf = new StringBuffer(); int c; while( ( c = is.read() ) != -1 ) { buf.append( (char) c ); } } catch (IOException e) { e.printStackTrace(); } finally { con.disconnect(); } return buf.toString(); } thoughts? thanks, steve http://www.softwarebasic.com/ I'm using this code that I basically cut and pasted from your code samples and I keep getting an invalid response from the server. Any ideas? <%@ page import="java.util.*,java.net.*,java.io.*,java.sql.*,javax.mail.*,javax.mail.internet.*" %> <%@ page session="false" %> <% // read post from PayPal system and add 'cmd' Enumeration en = request.getParameterNames(); String str = "cmd=_notify-validate"; while(en.hasMoreElements()){ String paramName = (String)en.nextElement(); String paramValue = request.getParameter(paramName); str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue); } // post back to PayPal system to validate // NOTE: change http: to https: in the following URL to verify using SSL (for increased security). // using HTTPS requires either Java 1.4 or greater, or Java Secure Socket Extension (JSSE) installed // and configured for older versions. URL u = new URL("http://www.paypal.com/cgi-bin/webscr"); URLConnection uc = u.openConnection(); uc.setDoOutput(true); uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded"); PrintWriter pw = new PrintWriter(uc.getOutputStream()); pw.println(str); pw.close(); BufferedReader in = new BufferedReader( new InputStreamReader(uc.getInputStream())); String res = in.readLine(); in.close(); // assign posted variables to local variables String FirstName = request.getParameter("first_name"); String LastName = request.getParameter("last_name"); String Address = request.getParameter("address_name"); String AddressStreet = request.getParameter("address_street"); String AddressCity = request.getParameter("address_city"); String AddressState = request.getParameter("address_state"); String AddressZip = request.getParameter("address_zip"); String AddressCountry = request.getParameter("address_country"); String Email = request.getParameter("receiver_email"); String itemNumber = request.getParameter("item_number"); String invoice = request.getParameter("invoice"); String paymentStatus = request.getParameter("payment_status"); String paymentGross = request.getParameter("payment_gross"); String txnId = request.getParameter("txn_id"); String payerEmail = request.getParameter("payer_email"); String SubscriptionStartDate = request.getParameter("subscr_date"); String PaypalID = request.getParameter("paypal_id"); String PaymentType = request.getParameter("payment_type"); boolean txnIdError = false; // check notification validation if(res.equals("VERIFIED")) { if(paymentStatus.equals("COMPLETED") && Email.equals("someone@hotmail.com")){ try{ Class.forName("org.gjt.mm.mysql.Driver"); }catch(ClassNotFoundException e){} try{ Properties props = new Properties(); props.put("mail.smtp.host","localhost"); Session S = Session.getInstance(props,null); MimeMessage message = new MimeMessage(S); InternetAddress from = new InternetAddress("Someone@hotmail.com"); message.setFrom(from); InternetAddress to = new InternetAddress("Someone@hotmail.com"); message.addRecipient(Message.RecipientType.TO,to); Connection con = DriverManager.getConnection("jdbc:mysql://localhost:xxxx/website?user=xx&password=xxxx"); Statement s = con.createStatement(); String sql = "INSERT INTO ProcessedTxnId"+" (PaypalIds)"+ " VALUES"+ " ('" + txnId+ "')"; String trans = "INSERT INTO StoredTransactionInfo" + " (id, FirstName, LastName, AddressName, AddressStreet, AddressCity, AddressState, AddressZip, AddressCountry, PaypalID, PaymentType, DateTime)" + " VALUES" + " (null,'" + FirstName + "'," + " '" + LastName + "'," + " '" + Address + "'," + " '" + AddressStreet + "'," + " '"+ AddressCity + "'," + " '"+ AddressState + "'," + " '"+ AddressZip + "'," + " '"+ AddressCountry + "'," + " '"+ PaypalID + "'," + " '"+ PaymentType + "'," + " '" + "Now()" + "')"; ResultSet rs = s.executeQuery(sql); if(rs.next()){ rs.close(); // The txnId is a duplicate. txnIdError = true; }else { rs.close(); int i = s.executeUpdate(sql); if (i==1) { //txnId insert was successful //Transaction has completed successfully txnIdError = false; s.executeUpdate(trans); message.setSubject("Subscription Complete Notice from JJC_Industries"); message.setText("This email is confirmation of successful completion of payment and signup of a new user." +"The new user is: "+ payerEmail); Transport.send(message); %> <% } } }catch(SQLException e){%> <% } catch(Exception e){%> <% } if(txnIdError){ %> " /> <% } } } else if(res.equals("INVALID")) { // log for investigation, create some log to handle all of the errors for further reviewing %> " /> <% } else { // error, something else besides verified or completed was sent. %> " /> <% } %> I put a couple of xx's in there to keep system info secure.

https://www.paypal.com/cgi-bin/webscr?cmd=_ext_enter&redirect_cmd=_xclick&business=[email removed] &item_name=1+x+Test+Item+1%0D%0A1+x+Test+Item+2%0D%0A&amount=0.0323625&invoice=23&custom=33&item_number=1 &no_shipping=1¬ify_url=http%3A%2F%2Fwww.[domain-removed].com%2Findex.cfm%3Ffa%3Dstore.finishord%2F &cancel_return=http%3A%2F%2Fwww.[domain-removed].com%2Findex.cfm%3Ffa%3Dstore.killcart%2F &email=[email removed]&first_name=James&last_name=[last name removed]&address1=[address removed] &city=[city removed]&state=TX&zip=[xxxxx]&cn=Special+Instructions+%28optional%29&submit.x=30&submit.y=18