I'm basically in the same boat, and trying to figure out how this process works. Honestly there's so much documentation and procedure, it's hard to keep it all straight. So, here's my interpretation of the process, hopefully someone will verify or correct me: The buy now button (aka Checkout, aka Smart Payment) is sitting on your website, and uses Javascript to communicate the payment to PayPal. Depending on your implementation of the button, it can either POST to your application back-end or redirect the user to a confirmation page. Either way, you want to grab the order ID received from PayPal and save it in your database or some other storage. Now here's where it gets unclear for me. You need to make sure your customer doesn't cancel the payment, so just accepting the initial payment isn't enough. Subscribe to Webhooks for event notification. In the Developer site, go to 'My Apps & Credentials' > Click the name of your app (or create one) > in the Sandbox/Live webhooks, click 'Add webhook'. Enter the URL to your listening page, and subscribe to the events you want. I subscribed to all, just to be sure. Your listening page needs to accept POST input from PayPal, and there's some good info on that here: Notification Messages The POST message could be faked, so PayPal includes a signature that needs to be validated and you use the notification event headers to do that. You're looking for three things: PAYPAL-TRANSMISSION-SIG (Generated Signature) PAYPAL-AUTH-ALGO (Algorithm used to generate it) PAYPAL-CERT-URL (Public key certificate to verify the signature) Assuming the signature validates, then the message is real. Now you need to write code that handles each of the notifications that you'll use. I'm currently working on: "event_type": "CHECKOUT.ORDER.COMPLETED" "event_type":"CHECKOUT.ORDER.VOIDED"
... View more