You would PayPal Instant Payment Notifications to receive a server-to-server notification from PayPal which you can subsequently verify and use to update your database.
IPN works as follows:
- You create the PayPal and incude a "notify_url". The value for this parameter will be the full URL to a script on your server, called the 'IPN script' or 'IPN handler'.
You can specify an IPN handler as follows for Website Payments Standard
<input type="hidden" name="notify_url" value="http://blah.com/ipn.php
For Express Checkout or Website Payments Pro, simply include the following in your SetExpressCheckout/DoExpressCheckoutPayment or DoDirectPayment API call respectively.
NOTIFYURL=http://blah.com/ipn.php
- A buyer completes a transaction via PayPal
- Once the buyer completes the transaction, he/she may close the browser, or return to your website
- Once the transaction is accepted and processed by PayPal, PayPal will send out a notification to http://blah.com/ipn.php
- You need to take all POST data that was sent to this script, and POST it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate
- If the data you send back matches the data PayPal sent you, a 'VERIFIED' response is returned.
- If the response is VERIFIED, it's at this point that you would look up the matching transaction/buyer on your end, and update your database appropriately.
Some sample code and documentation for PayPal IPN is available at https://www.paypal.com/ipn/
In addition, some tips on making a secure IPN script are available at https://www.x.com/developers/community/blogs/ppmtsrobertg/securing-your-instant-payment-notification-ipn-script
Note: If you want to include any custom data along with the transaction which you can read out later, use 'custom'.
<input type="hidden" name="custom" value="xxxxx">
This will also be returned in the IPN POST data sent from PayPal.
