Hi, I am following the PayPal smart button integration guide (https://developer.paypal.com/docs/checkout/integrate/#6-verify-the-transaction). I have question about step "6. Verify the transaction -> 5. Validate the transaction details are as expected". The Node SDK example seems to be the only example that actually does any kind of validation. // 2a. Get the order ID from the request body
const orderID = req.body.orderID;
// 3. Call PayPal to get the transaction details
let request = new checkoutNodeJssdk.orders.OrdersGetRequest(orderID);
let order;
try {
order = await payPalClient.client().execute(request);
} catch (err) {
// 4. Handle any errors from the call
console.error(err);
return res.send(500);
}
// 5. Validate the transaction details are as expected
if (order.result.purchase_units[0].amount.value !== '220.00') {
return res.send(400);
} But I think just validating the amount (also with the currency) is not enough to handle payments securely. Couldn't a client simply replay an old orderID and get through this checks? What do I need to verify on the server side to be sure that I am handling transactions correctly? Greetings, Ingo
... View more