express checkout client side REST - security and database issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i am using express checkout client side Rest but i am running through some issues, security and database.
I am using codeigniter for this site to make payments.
the javascript code is pretty much copy paste from the site:
var mst = 1;
paypal.Button.render({
// Set your environment
env: 'sandbox', // sandbox | production
// Specify the style of the button
style: {
label: 'checkout', // checkout | credit | pay | buynow | generic
size: 'responsive', // small | medium | large | responsive
shape: 'pill', // pill | rect
color: 'gold' // gold | blue | silver | black
},
// PayPal Client IDs - replace with your own
// Create a PayPal app: https://developer.paypal.com/developer/applications/create
client: {
sandbox: 'AXPbipY6mGQ3KtlmG_SQyNuaz2R5ZtRC2hwgC6AaBcFcMCGfen13113rq66vNWUwMJVQLHoVWW8CN9kY',
production: '<insert production client id>'
},
// Wait for the PayPal button to be clicked
payment: function(data, actions) {
console.log(data,actions);
return actions.payment.create({
payment: {
transactions: [
{
amount: { total: mst, currency: 'EUR' }
}
]
}
});
},
// Wait for the payment to be authorized by the customer
onAuthorize: function(data, actions) {
// Set up the data you need to pass to your server
var data = data;
return actions.payment.execute().then(function() {
$.post("<?=base_url()?>projects/milestonetest/<?php echo $project->p_id; ?>",
{
data: data,
mst: mst,
},
function(data, status) {
$('#paypal-button-container').remove();
$('#afterpaypal').append('Milestone is payed!');
//location.reload();
console.log(data);
}
);
});
}
}, '#paypal-button-container');
This code helps me because i can change the amount that is going to be payed.
But the thing is that the client id is exposed, i dont know if this is good or bad.
Also someone can rewrite the above javascript through chrome console and send an ajax request to mess up with my database.
I need some help, should i use the server-side Rest? But it seems little difficult to understand for me. I dont know if i can change the amount of a payment. And also i dont know what to write in CREATE_URL and in EXECUTE_URL.
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Need help to integrate Advanced Checkout (PPCP) With WHMCS in PayPal Upgrade Community
- can't checkout with safari in PayPal Payments Standard
- Need Help Upgrading to PayPal complete payments in PayPal Upgrade Community
- Error: Payment gateway is unavailable in PayPal Payments Standard
- Once a user uses PayPal subscription button, how do I lock/unlock content? in SDKs