A lot of times there's a parameter in a partner API endpoint like success_url where you provide the partner API with an endpoint on your internal API to redirect the client.
For example, on Stripe you can create a checkout session using POST /v1/checkout/sessions. In the body you send Stripe a success_url. You redirect the client to Stripe where they make their payment. After they complete their payment successfully, Stripe will redirect the client to that success_url you included.
Since you are only sending a URL aren't all of these requests only GET requests? And if so, a GET is defined in the HTTP protocol as idempotent and safe. So I couldn't use this request to make changes to data on my server. But after a successful purchase, I will want to make changes like updating or creating an Order on my server, updating stock left for the Item, etc.
How can I make changes after these success, refresh, return, or cancel URL's if they are all GET requests?
