Hi community,
I recently tried to purchase an item on a merchant website using Paypal one-touch button. After clicking on approval on paypal screen, I was directed back to merchant website, but the merchant website was loading/not responding, and the url of the page was something like merchant.com/token=xxx PayerID=yyyy, where i think my payerID is being displayed as part of the URL.
My question is: is this normal and best practice? if someone gets access to my payerID, will they be able to charge fund from my account?
Thank you!
