express checkout client side REST - security and database issue

Mitsakos
Contributor
Contributor
Posted on
‎Feb-16-2018 05:54 AM

i am using express checkout client side Rest but i am running through some issues, security and database.

 

I am using codeigniter for this site to make payments.

 

the javascript code is pretty much copy paste from the site:

 

var mst = 1;

paypal.Button.render({

// Set your environment

env: 'sandbox', // sandbox | production

// Specify the style of the button

style: {
label: 'checkout', // checkout | credit | pay | buynow | generic
size: 'responsive', // small | medium | large | responsive
shape: 'pill', // pill | rect
color: 'gold' // gold | blue | silver | black
},

// PayPal Client IDs - replace with your own
// Create a PayPal app: https://developer.paypal.com/developer/applications/create

client: {
sandbox: 'AXPbipY6mGQ3KtlmG_SQyNuaz2R5ZtRC2hwgC6AaBcFcMCGfen13113rq66vNWUwMJVQLHoVWW8CN9kY',
production: '<insert production client id>'
},

// Wait for the PayPal button to be clicked

payment: function(data, actions) {

console.log(data,actions);

return actions.payment.create({
payment: {
transactions: [
{
amount: { total: mst, currency: 'EUR' }
}
]
}

 

});
},

// Wait for the payment to be authorized by the customer

onAuthorize: function(data, actions) {
// Set up the data you need to pass to your server
var data = data;


return actions.payment.execute().then(function() {

$.post("<?=base_url()?>projects/milestonetest/<?php echo $project->p_id; ?>",
{
data: data,
mst: mst,
},
function(data, status) {

$('#paypal-button-container').remove();
$('#afterpaypal').append('Milestone is payed!');
//location.reload();
console.log(data);

}
);

});
}

}, '#paypal-button-container');

 

This code helps me because i can change the amount that is going to be payed. 

 

But the thing is that the client id is exposed, i dont know if this is good or bad.

 

Also someone can rewrite the above javascript through chrome console and send an ajax request to mess up with my database.

 

I need some help, should i use the server-side Rest? But it seems little difficult to understand for me. I dont know if i can change the amount of a payment. And also i dont know what to write in CREATE_URL and in EXECUTE_URL. 

Login to Me Too
0 Kudos
Login to Reply or Kudo
0 REPLIES 0

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.