Client Integration Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using Client Integration with checkout.js and it all works fine.
What I don't understand is how to verify that something has been paid for. It appears that all the order information, URLs, and credentials are exposed in the client javascript. How do I know for sure that payment has been credited and the callback, redirect, or whatever is coming after an actual payment, rather than being falsely provided by an attacker who read the javascript, dropped the payment page, and manually redirected to the confirmation page?
Basically I'm asking if it's possible to secure Client Integration to the degree that I know I've been really paid before I fulfill the order. Is Client Integration fundamentally insecure in this way -- do I have to use Server Integration, or Webhooks to achieve fulfillment security?
- Labels:
-
Payments REST APIs
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Error: "Unable to change shipping method. Please try again." in PayPal popup in REST APIs
- Simple Paypal button integration results in 404 error in Sandbox Environment
- Need Help Upgrading to PayPal complete payments in PayPal Upgrade Community
- "duplicate typename 'AuthorizationStatus' detected" error while using oapi-codegen in REST APIs
- I am trying to use Payments Standard and having trouble... in PayPal Payments Standard