BestHub
Sign in
Backend Development 7 min read

Implementing Alipay Asynchronous and Synchronous Callbacks in PHP

This article explains the roles of Alipay's asynchronous and synchronous callbacks in PHP integration, outlines step‑by‑step processing procedures, and provides complete example code for verifying signatures, updating order status, and handling both server‑side notifications and front‑end return pages.

php中文网 Courses
php中文网 Courses
php中文网 Courses
Implementing Alipay Asynchronous and Synchronous Callbacks in PHP

1. Role of Asynchronous Callback

The asynchronous callback (server notification) is the most critical step in Alipay payment, used to confirm the payment result. After a successful payment, Alipay sends an HTTP POST request to the merchant server, which must verify the message, confirm the result, and update the order status.

Specific Steps

The merchant server receives the asynchronous callback request and extracts the parameters.

Validate the parameters' legality by verifying the signature with Alipay's public key.

After successful verification, process the callback (e.g., update order status, send notifications).

Return the string "success" to Alipay; otherwise Alipay will retry the callback.

Through this process, the merchant ensures the authenticity of the payment result and promptly updates the order, preventing loss or errors.

Example Asynchronous Callback Code

<?php
// Verify signature
function verifySign($params, $publicKey) {
    $sign = $params['sign']; // signature
    unset($params['sign']); // remove signature
    ksort($params); // sort parameters
    $data = '';
    foreach ($params as $key => $value) {
        $data .= $key . '=' . $value . '&';
    }
    $data = rtrim($data, '&');
    // Use openssl_verify to verify
    $result = openssl_verify($data, base64_decode($sign), $publicKey, OPENSSL_ALGO_SHA256);
    return $result == 1;
}

// Update order status
function updateOrderStatus($orderNo, $status) {
    // business logic to update order
}

// Handle Alipay asynchronous notification
function handleAlipayNotify() {
    $params = $_POST; // get callback parameters
    $publicKey = 'Alipay public key';
    if (verifySign($params, $publicKey)) {
        $orderNo = $params['out_trade_no'];
        $tradeStatus = $params['trade_status'];
        if ($tradeStatus == 'TRADE_SUCCESS') {
            updateOrderStatus($orderNo, 'paid');
        }
        echo 'success'; // acknowledge receipt
    } else {
        echo 'fail'; // verification failed
    }
}

handleAlipayNotify();
?>

2. Role of Synchronous Callback

The synchronous callback (front‑end notification) is mainly used to display the payment result to the user. After payment, Alipay redirects the user to the merchant's return URL with result parameters, which the merchant must verify and then show the appropriate page.

Specific Steps

The merchant server receives the synchronous callback request and extracts the parameters.

Validate the parameters' legality by verifying the signature.

Determine the payment status and display the corresponding page (success, failure, etc.).

Synchronous callbacks are for user‑facing result display only and should not be used as the final payment verification because they can be forged.

Example Synchronous Callback Code

<?php
// Verify signature (same function as above)
function verifySign($params, $publicKey) {
    $sign = $params['sign'];
    unset($params['sign']);
    ksort($params);
    $data = '';
    foreach ($params as $key => $value) {
        $data .= $key . '=' . $value . '&';
    }
    $data = rtrim($data, '&');
    $result = openssl_verify($data, base64_decode($sign), $publicKey, OPENSSL_ALGO_SHA256);
    return $result == 1;
}

// Handle Alipay synchronous return
function handleAlipayReturn() {
    $params = $_GET; // get callback parameters
    $publicKey = 'Alipay public key';
    if (verifySign($params, $publicKey)) {
        $tradeStatus = $params['trade_status'];
        if ($tradeStatus == 'TRADE_SUCCESS') {
            echo '支付成功!'; // display success page
        } else {
            echo '支付失败!'; // display failure page
        }
    } else {
        echo '验签失败!'; // verification failed
    }
}

handleAlipayReturn();
?>

Conclusion

Both asynchronous and synchronous callbacks are essential in PHP‑based Alipay integration. The asynchronous callback confirms the payment result and updates the order securely, while the synchronous callback provides a user‑visible result page. Proper signature verification ensures authenticity and mitigates security risks.

SecurityPHPcallbackPayment IntegrationAlipay
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment