I am using PayPal Smart buttons, with JS code like: paypal.Buttons({
// Set up the transaction
createOrder: function(data, actions) {
return actions.order.create({
purchase_units: [{
amount: {
value: amount
}
}]
});
},
// Finalize the transaction
onApprove: function(data, actions) {
return actions.order.capture().then(function(details) {
jQuery('input[name="paypal_id"]').val(details.id);
jQuery('button[type="submit"], .paypal_confirmation_notice', 'form.order_confirm').show();
});
}
}).render('#paypal_button_container'); However, since the payment amount is sent via JavaScript, it is not secure. To rectify this, I would like to check the amount on the server side when the token is submitted. When the user submits the form, the server-side script confirms the payment via a call to https://api.sandbox.paypal.com/v2/checkout/orders/<token from buttons> . From the response, I can check the payment amount against the amount from our server. If there is a discrepancy, how do I revert the payment at that point?
... View more