You are viewing a single comment's thread from:

RE: STEEMPAY.IO v1.0.1 LIVE! Accept Steem/SBD anywhere! Button generator included!

in #steempay8 years ago

Payment verification after the callback should not be considered recommended but rather mandatory, since you don't know who is actually making the callback request. Furthermore, the verification URL needs to use HTTPS, otherwise a man-in-the-middle attack can be used to tell the merchant the payment was a success even when it wasn't.

Sort:  

Agreed that HTTPS is better

verification is using SSL but need to update my certificates since they block external requests for being selfsigned ;)

https://steempay.io/payment/verify?payid=Re3Hbl1ekAeSwVtzKS&receiver=steve-walschot&amount=0.001&currency=SBD

works just fine, but once your curl it, it's getting blocked. Should be resolved in max 24h from now.

you can get a letsencrypt certificate for this. dont pay for certificates from big corporations. letsencrypt is free and open!