Reputation: 479
Paypal PhP api security issue
I was trying to use the express checkout php api. Everything is working well in the sandbox environment. My question is regarding security.
After payment the sample code redirects to GetExpressCheckout.php?token=...$PayerID=.....; But after clicking "confirm payment" in my site and logging in to paypal account (did not confirm payment in paypal); I directly opened the same page in another tab, and it showed payment successful (which is not the case). Is there a way to prevent this or am I missing some thing.
Upvotes: 0
Views: 124
Answers (1)
Reputation: 26036
I'm not following exactly what you're trying to say here.
The process needs to be...
1) Call SetExpressCheckout to retrieve your token and redirect to PayPal accordingly.
2) PayPal will return the user back to your ReturnURL if they confirm payment, at which point you can call GetExpressCheckoutDetails (optionally) and DoExpressCheckoutPayment to finalize the payment.
Not until DECP is completed does any transaction actually take place. The success message you're seeing probably came from GetExpressCheckoutDetails, which does nothing more than retrieve the buyer/order info so that you can finalize the payment on your site.
Upvotes: 2
Related Questions
- Paypal PHP API integration
- PayPal REST PHP SDK API is still accessing Sandbox, even with Live credentials
- Paypal php API: setting up credentials
- PayPal Sandbox API Status
- Paypal Sandbox API Internal Error
- paypal sandbox responds bad request
- PayPal sandbox API 10055 Error?
- PayPal sandbox anomalies
- PHP Curl Paypal Sandbox
- PHP PayPal API and Sandbox Issue