I'm going to implement the IPN protocol in my website, using php.
Paypal documentation note that the protocol goes as follows:
- The user clicks the button.
- Paypal posts my IPN listener an IPN message.
- My listener has to send an empty HTTP 200 OK response.
- My listener has to send the message gotten from paypal (with a preceding string) back to paypal.
- Paypal sends my listener a "VERIFIED" or "INVALID" response.
Can anyone explain why the protocol demands this [3] step?
Why can't it be fulfilled just with the [4]th step?
Also, I noticed that in another chapter of paypal documantation, they skip this [3]rd step themselves (see their implementation). So I wonder, is it really necessary??