Based on @brasofilo's answer, I had to do extra work for each product for the current order.
Note. I'm new to (un) data serialization, so I don't know why I had to abandon double quotes in order to get unserialize() to work. Otherwise, she threw an error. Maybe there is a better way to handle this.
function so_12967331_ipn_response( $formdata ) { if ( !empty( $formdata['invoice'] ) && !empty( $formdata['custom'] ) ) { if( $formdata['payment_status'] == 'Completed' ) { if( is_serialized( $posted['custom'] ) ) { // backwards compatible // unserialize data $order_data = unserialize( str_replace('\"', '"', $posted['custom'] ) ); $order_id = $order_data[0]; } else { // custom data was changed to JSON at some point $order_data = (array)json_decode( $posted['custom'] ); $order_id = $order_data['order_id']; } // get order $order = new WC_Order( $order_id ); // got something to work with? if ( $order ) { // get user id $user_id = get_post_meta( $order_id, '_customer_user', true ); // get user data $user = get_userdata( $user_id ); // get order items $items = $order->get_items(); // loop thru each item foreach( $items as $order_item_id => $item ) { $product = new WC_Product( $item['product_id'] ); // do extra work... } } } } }