I've recently been working to integrate Amazon Simple Pay into an application. In general, this has been pretty straightforward, thanks to the simplepay gem, which was recently bumped to version 0.2.0. (Amazon also has their own Ruby sample for ASP integration, which came in handy for a first smoke test - though unfortunately at the moment the Amazon site is having trouble delivering that file).

For the most part, using the simplepay gem is quite straightforward. There's a helper to build a payment form:

[sourcecode language='ruby']
Click here to send us $120 every year
:amount => 120.00,
:description => "Annual Subscription",
:recurring_frequency => "1 year",
:abandon_url => amaz_abandon_customers_url,
:collect_shipping_address => false,
:immediate_return => false,
:ipn_url => amaz_ipn_customers_url,
:process_immediately => true,
:reference_id => @customer.id,
:return_url => amaz_return_customers_url
}) %>
[/sourcecode]

When Amazon executes callbacks, it sends a signature parameter along so that you can verify that the request is legitimate. This is the only spot where I ran into a little gotcha. The simplepay gem includes a helper to validate the parameters of a request to see if they match the signature, but you have to be sure to take out the parameters that Rails inserts before you call it:

[sourcecode language='ruby']
def amaz_ipn
params.delete('controller')
params.delete('action')
if AWS::SimplePay::IpnValidator.valid_ipn_post?
(Simplepay.aws_secret_access_key, params)
# save the results somewhere
render :action => 'show'
else
logger.info "bad request from Amazon Simple Pay"
render :nothing => true, :status => 200
end
end
[/sourcecode]

Also note that you should send back a 200 response even if you're unable to verify the signature. This will prevent Amazon from sending the same request to you over and over again.