PayPal Buttons Subscribe and Add to Database

Question

I have a PayPal Subscription Button set up on my website. I want to make it so on a successful subscription, I add the buyers subscriptionID to my database.

  paypal.Buttons({
      createSubscription: function(data, actions) {
        return actions.subscription.create({
          'plan_id': 'P-PLANID'
        });
      },
      onApprove: function(data, actions) {
        $.ajax({
            url: 'subscription_capture.php',
            type: 'post',
            data: { subid: data.subscriptionID},
            async: false,
            success: function(d) {
                location.reload();
            },
        });
      }
  }).render('#paypal-button-container');

subscription_capture.php

if(isset($_POST) and isset($_POST['subid'])){
    include 'db.php';;
    $query = $db->prepare("INSERT INTO `subscription` (`user_id`,`subscriptionID`) VALUES(?,?)");
    $query->bind_param('ss', $user_id, $_POST['subid']);
    $query->execute();
}

However this is not secure because anyone looking at the code could just manually send a POST request to subscription_capture.php to potentially bypass a subscription. Is there a better way to handle a successful subscription and add the subscription ID to my database?

I read that Paypal's Button is a much more simple way to handle payments rather than setting up PayPalIPN.

Answer 1

To receive a secure notification of a subscription being activated, register for webhook events such as BILLING.SUBSCRIPTION.ACTIVATED (profile activated) or PAYMENT.SALE.COMPLETED (payment made)

Webhooks are a successor to the very old IPN service.