If you call an API, Alipay server returns an asynchronous notification, a synchronous notification, or both. The asynchronous notification is in the format of notifyURL. The synchronous notification can be either in the format of returnURL or XML. The following table shows which kind of notification is returned for a specific API call:
|API||notifyURL (Async)||XML (Sync)||returnURL (Sync)|
After receiving a notification, you need to verify the authenticity of the signature to ensure the data contained in the notification is originated from Alipay without being modified during the transmission. Only after verifying the content, you can trust the received notification and use the data contained in the notification in your own system for further process.
- After the transaction succeeds, you might receive both asynchronous and synchronous responses. It is recommended to process the asynchronous notification. You don't need to verify both of the asynchronous notification and synchronous notification.
- Verification of the asynchronous notification involves the notify_verify method to check the sender of the notification; verification of the synchronous notification doesn't involve the notify_verify method.
For more information about different types of notifications and the verification of their signatures, see: