some good ideas here....
This is what I've come up with after some thought.
PayPal (which is what I currently use) has a system called IPN. When someone purchases through PayPal and the payment goes through, PayPal calls a custom web script that you can specify. Using HTTP Post, PayPal sends the purchaser details, and I have a custom field in PayPal for the users Owner Name, so I get that also. The script calls back PayPal servers and authenticates that the first message actually did originate from PayPal.
The next step would be for my script to add the PayPal details to a database, and generate a key code based on the Owner Name. There would be a special section of my website where only authorized usere (ie users in the aforementioned database) would be able to access to download the full version, as well as see their key.
This is the sequence of events:
1) Customer clicks on paypal button and sends payment. The custom field include the Owner Name.
2) At the end of the payment process, customer is redirected to secure section of my website, where they are presented with a logon screen.
3) If everything goes well, customer enters their PayPal Name and e-mail address to log onto secure section of my website, where they are able to download the full version, and are able to see the unlock key.
How does this sound to everyone ? Anyone see any security holes in the above process ? This seems to me to be pretty easy on my customers, and (more importantly :)) far easier for me, since the process should be 100% automatic.