checkout.js validate transaction

CuriousIngo
New Community Member
Posted on
‎Apr-08-2019 01:14 AM

Hi,

I am following the PayPal smart button integration guide (https://developer.paypal.com/docs/checkout/integrate/#6-verify-the-transaction).

 

I have question about step "6. Verify the transaction -> 5. Validate the transaction details are as expected".

 

The Node SDK example seems to be the only example that actually does any kind of validation.

// 2a. Get the order ID from the request body
  const orderID = req.body.orderID;

  // 3. Call PayPal to get the transaction details
  let request = new checkoutNodeJssdk.orders.OrdersGetRequest(orderID);

  let order;
  try {
    order = await payPalClient.client().execute(request);
  } catch (err) {

    // 4. Handle any errors from the call
    console.error(err);
    return res.send(500);
  }

  // 5. Validate the transaction details are as expected
  if (order.result.purchase_units[0].amount.value !== '220.00') {
    return res.send(400);
  }

But I think just validating the amount (also with the currency) is not enough to handle payments securely. 

Couldn't a client simply replay an old orderID and get through this checks?

 

What do I need to verify on the server side to be sure that I am handling transactions correctly?

 

Greetings,

Ingo

Labels:
Login to Me Too
Login to Reply or Kudo
0 REPLIES 0

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.