服务器如何知道通过PayPal客户端REST API确实付款? [英] How can a server know a payment was truly made via PayPal client side REST API?

问题描述

我正在查看PayPal交互式集成演示链接.

I was looking the PayPal interactive integration demo link.

在用户完成付款流程后的某个时候，客户到达代码:

At some point after the user complete the payment flow, the client reach the code:

 // onAuthorize() is called when the buyer approves the payment
            onAuthorize: function(data, actions) {

                // Make a call to the REST api to execute the payment
                return actions.payment.execute().then(function() {
                    window.alert('Payment Complete!');
                });
            }

在实际情况下，我可能想向服务器发送一条指令以发送产品或更新用户计划，而不是发出警报.这可能是通过HTTP POST请求完成的.

In a real scenario, instead of an alert, I would probably like to send the server a instruction to ship a product or update the user plan. And it would probably be done via an HTTP POST request.

服务器如何得知确实已经付款，而不是黑客手动发送了http发帖请求的结果?

How can the server know that indeed a payment was made and it was not a result of an hacker sending an http post request manually?

推荐答案

您的想法是正确的，服务器不知道付款是否确实付款.此客户端API用于捐赠之类的事情，无需向任何服务器请求.然后，可以使用客户端回调来显示谢谢"便条或类似的用户.

Your idea is correct, the server cannot know if the payment was really made. This client API is intended for things like donations, where no request to any servers is necessary. The client callback can then be used to display a "thank you" note or similar to the user.

在大多数情况下(例如在线商店等)，您将需要使用服务器API .这样， PayPal服务器会将请求发送到您的服务器，因此您可以验证它确实是真正的付款确认.

For most cases (like online shops etc.) you will want to use the server API. That way, the PayPal server will send a request to your server, so you can validate that it really is a genuine payment confirmation.

这篇关于服务器如何知道通过PayPal客户端REST API确实付款?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！