You are viewing a single comment's thread from:

RE: Updates to SC2 Pay - Enhanced Security & Integration with Vessel!

in #steemdev7 years ago

I have a quesiton:

You should NEVER trust a front-end callback as a completed purchase.

That means if I want to integrate with a service, I have to call "checkSteemTransfer" in backend again. Is that duplicated? Why don't I just keep calling an api in which I check the transfer? Usually when we use a payment service, like stripe, they provide both "callback" and "webhook" api. I hope we can change to that.

Sort:  

Yes, this is only a front-end SDK right now, it is not a full end-to-end payment service and requires additional validation on the server-side.