录制充值api整合 [英] Regording recharge api integration

问题描述

How can i redirect to my website or page after getting payment success or failure in mobile recharge API

我的尝试：

What I have tried:

Response.Redirect("http://www.mydomain.com/api/recharge.php?userid=76757123343434&pinno=2323232434343&number=" + txtmobileno.Text + "&operator=" + ddloperator.SelectedItem.Value + "&circle=" + ddlcircle.SelectedItem.Value + "&amount=" + txtamount.Text + "&usertx=YOUR_TRANSACTION_ID123345&format=Json&version=4 ", false);

推荐答案

这个合作de会正常工作，但它有一些安全漏洞，因为你可以看到它包含的URL和查询字符串中的数量。这对用户也是可见的。所以用户可以随时随地改变这一点。这将是用户已支付10美元，并可以获得100美元的充值。

更好地遵循以下方法。

在您的数据库中保存用户充值请求并获得用于识别该请求的UniqueId。

检查bookingId是否未提前处理。



现在确认付款后，将用户重定向到BookingConfirmation页面与UniqueId
查询字符串中的
。现在您可以从这个uniqueId获取预订请求并调用API的BookingConfirmation方法并更新已经处理的预订请求。

这将避免安全漏洞。



PaymentPage

hi chap, this code will work fine, but it has got some security flaws, as you can see your URL it contains &amount in query string. this is also visible to user. so user can easily change this on the go. it will be like user has paid 10 bucks and can get the recharge of 100 bucks.
Better to follow below approach.
Save the users recharge request in your DB and get the UniqueId to identify that request.
Check that bookingId is not processed earlier.

Now when payment is confirmed then redirect user to BookingConfirmation page with UniqueId
in query string. Now you can get the booking request from this uniqueId and call the API's BookingConfirmation method and update the bookingrequest as processed.
This will avoid the security flaw.

PaymentPage

MakePayment(long bookingId)
{
//call payment confirmation
Response.Redirect("BookingConfirmation?bookingId"+bookingId);
}

BookingConfirmation页面

BookingConfirmation page

ConfirmBooking()
{
var bookingId = Request.QueryString["bookingId"];

var bookingRequest = GetBookingDetail(bookingId);

ThirdPatryAPI.bookingConfirm(bookingRequest.mobileNo,...);

//Redirect to your desired page here

}

这篇关于录制充值api整合的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！