We have a website for merchants. We offer currently currently only cash payment or payment using our own credit-card gateway to our stripe account. Now we want to add Paypal checkout, every merchant must be able to set his own Paypal account credentials. The website runs on PHP and JS. Do i see this right, that implementing "Smart Payment Buttons" using the JS SDK is kind of insecure if the buttons are not being encrypted? I mean, what stops a client(browser) from simply evoking manually the .onApprove function? Or is this a problem that does not really exist? Would EWP be the remedy for this? But EWP would require, that each of our merchants is setting up the public keys, making the whole procedure more complicated for the merchant, and for us. Am i right? For a solution that is easy to setup for our merchants and secure, what would you guys suggest using the JS SDK as described or should we use PHP SDK? Can you point me to a workflow if latter? Thank you!
... View more