How can a server know a payment was truly made via PayPal client side REST API?

Question

I was looking the PayPal interactive integration demo link.

At some point after the user complete the payment flow, the client reach the code:

 // onAuthorize() is called when the buyer approves the payment
            onAuthorize: function(data, actions) {

                // Make a call to the REST api to execute the payment
                return actions.payment.execute().then(function() {
                    window.alert('Payment Complete!');
                });
            }

In a real scenario, instead of an alert, I would probably like to send the server a instruction to ship a product or update the user plan. And it would probably be done via an HTTP POST request.

How can the server know that indeed a payment was made and it was not a result of an hacker sending an http post request manually?

Answer 1

After actions.payment.execute() you can call your server and have it make a GET call to verify the payment has been completed: https://developer.paypal.com/docs/integration/direct/express-checkout/integration-jsv4/advanced-payments-api/show-payment-details/