I am implementing a Google Checkout Notification API for my personal use.
Two questions:
1) As mentioned here:
http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#notification_response_handshake
How should I send the "_type=notification-acknowledgment&serial-number=85f54628-538a-44fc-8605ae62364f6c71" as a notification handshake to confirm the processing? Should I just output/print it on my script or should I send it to a particular url with curl? if so, then which url should I send it?
2) I am not going to implement Order Processing API and I'll do it manually in my account, I just want to receive the notification API just something like PayPal IPN.
I guess the Basic Authentication is only for Order Processing API which I don't need. So how should I verify if the received notification data like http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#new_order_notifications
are genuine and not posted fakely?

1. Use their other acknowledge method (http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#notification_response_http_response_code). Using this method all you will do is send an HTTP/1.1 200 OK response. Consult your language documentation on how to send HTTP headers.


2. Google allows (maybe requires...) you to send an base64 encode XML "cart" containing the order, along with a hash that is composed of various elements of the order cart including a secret key which only you and google know. You validate the hash sent to you from google after an order is placed by recreating the hash from the XML "cart" data also supplied by google. If it doesn't match it is fraud, otherwise it is either a new order or an exact duplicate of a previous order.

1. What do you mean by language documentation? Isn't it a simple:
header ("HTTP/1.1 200 OK");
?
Anyway I believe there is no need to have this line in code as default of each reachable page is 200, I think just if we could not process it we need to have:
header ("HTTP/1.1 500 Internal Server Error");
? Isnn't it that correct?

Any IF I want to use their handshake method how should I send How should I send the "_type=notification-acknowledgment&serial-number=85f54628-538a-44fc-8605ae62364f6c71" and where should I send it?

2. Are you talking about Basic Authentication mentioned here?
http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#Receiving_and_Processing_Notifications
It sounds complicated, paypal just requires a url to notify you, but when you send your clients to Google for payment via button or server-to-server thing, at the same time you need to send a XM request to google to get notified for payment status? Got I it correctly? so ONE XML request you send to them at payment time is enough to get all four notification stated here:
http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#Overview
? If I am correct until here then how should I make the xml cart containing order?

any answer yet.

Okay, I did read the docs further and I was able to use their XML request to send order info to checkout to receive a link to redirect clients to checkout for payment and I was able to implement notification api using handshake confirmation method too.

But about notifications:

Notifications contain lots of useless garbage and lack usefull key/value pairs. For example I use merchant.id to send the invoice number to checkout to receive it back that my code would know this payment is for which invoice. But this merchant.id is only available in new_order_notification and not in amount_charge_notification. so the only way is matching these two notifications with google_order_id (which is equivalent to paypal txn_id) but why merchant_id or merchant_private_data are not available in all notifications instead of
those nonsense garbage in them?

Or is there any better way that my code understand that amount_charge_notification relates to which invoice/order that I am not aware of? Can someone advice please?

What you have to do is store the original payment notification request in your database, then update it as google sends you updates.

You should use the following snippet to send custom fields to google in the shopping cart XML.


<merchant-private-data>
<foo>hello</foo>
<bar>world!</bar>
<invoid_id>123</invoice_id>
</merchant-private-data>

Thank you very much helpful friend! :)

Just one more thing, I appreciate your advice:

I cannot use handshake system.
for api method I did choose html in my account then in script I do
use:

$data = array();
foreach ($_POST as $key=>$val) {
$data[$key] = $val;

}


so now serial-number is available as: $data['serial-number'] so for
html method I do print this handshake:
print("_type=notification-acknowledgment&serial-number=".$data['serial-
number']);


and I did test it by submitting a form with serial-number field name
and a fake value number to the script and the line above was outputed
correctly. but in integration console I get the xml parsing error! as I
did choose html why should it be xml and why the line above should not
be recognized by checkout?

anyway, I decided to output the xml however this is still in html
method.

if (!empty($data['serial-number'])) {
header('Content-Type: text/xml');
header('Content-Disposition: inline;
filename=googlecheckout.xml');
echo '<?xml version="1.0" encoding="UTF-8"?>';
echo '<notification-acknowledgment xmlns="http://
checkout.google.com/schema/2" serial-number="'.$data['serial-
number'].'" />';

}


again I posted a form with serial-number field name and a correct xml
was outputed and the serial-number was shown too as that element.


But I get the error: Expected serial number was not contained in
request. But when I submit a form the serial-number was shown.
so what wrong I am doing? please advice.