All geek questions in one place

How to save PayPal variables

I try to link my third-party basket to PayPal, and in the process I find that my variables are extremely exposed, so if someone uses, say, Firebug to control the values โ€‹โ€‹of my variables, they can change the value of the elements in the transaction.

I am very new to online carts and shopping, so my question is: how do I keep this layer of exposure from users and is protected for the website?

+4
source share
3 answers

The answer is in the Instant Payment Alert service.

Upon completion of the transaction, PayPal notifies you in a separate process of the payment details for the last transaction.

You can check this data for data stored locally. If they match, everything is in order. If they do not match, you will need to examine the problem.

I never understood why PayPal does not allow data to be signed with some kind of hash + shared secret ... but this will not help you in the future.

If you send variables to PayPal, you can encrypt the data. Unfortunately, this is not possible for a GET request caused by a redirect.

+2
source

Use the PayPal NVP or SOAP API to create an encrypted button. You basically install all the information using PHP, and then the API gives you HTML. Alternatively, if you have only a few products, you can create custom buttons.

The API is well documented and easy to use. Personally, I used NVP, as recommended for less experienced programmers. You can also use both inputs in the IPN system (Instant Payment Notification) so that, for example, digital products can be automatically sent by e-mail.

+1
source

There is a way to get PayPal to place variable buttons on its side. Pay attention to the buttons posted in PayPal in your documentation:

https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ButtonMgrAPIIntro#id093VD0JE0Y4

Otherwise, check with IPN , as mentioned, bu Jacco.

+1
source

Source: https://habr.com/ru/post/1311314/

More articles:


All Articles