If the purchase is valid (and has not been altered), the purchase will be marked as complete. EDD then uses this transaction ID to look up the payment in PayPal to verify everything was valid.
When this is enabled, the transaction ID is sent in the redirect URL when the customer returns to your site from PayPal. Payment Data Transfer (PDT) is enabled in Downloads > Settings > Payment Gateways > PayPal. A site manager manually changes the status from Pending to Complete.ģ. The PayPal IPN is processed and validated, resulting in the status changing to Complete.Ģ. In EDD, there are three ways a purchase through PayPal Standard can be marked as complete:ġ. The purchase receipt is sent only once the payment is marked as Complete.
Note: in order for the IPN verification system to work, IPN needs to be turned on inside of your PayPal account.
If you’d like to see the exact code that handles this, you can find it here: Īlong with using the IPN data to validate the purchase, EDD also validates the that the IPN data itself has not been modified. If a change is detected (such as the currency or amount of payment), the payment record is immediately set to Revoked and the customer never receives access to the files. EDD takes the IPN data and then validates it to ensure nothing was changed. When a purchase is submitted through EDD and then completed on, PayPal sends all of the purchase data back to your site as a separate POST request. The IPN system is used for a number of purposes, but one of its primary purposes is specifically to prevent malicious manipulation of purchases. PayPal uses a system called “Instant Payment Notifications” ( IPN) to send data about events happening in your PayPal account back to your website that Easy Digital Downloads is installed on.
Now, that being said, your concern that anyone can modify the purchase data is completely valid, except that there are behind-the-scenes systems in place specifically to prevent that. You can refer to PayPal’s API documentation here for details and examples: That is the standard and correct implementation method for PayPal Standard. Hi are correct that the purchase details are sent to PayPal in the URL.