You are viewing a single comment's thread from:

RE: Updates to SC2 Pay - Enhanced Security & Integration with Vessel!

in #steemdev7 years ago

I have a quesiton:

You should NEVER trust a front-end callback as a completed purchase.

That means if I want to integrate with a service, I have to call "checkSteemTransfer" in backend again. Is that duplicated? Why don't I just keep calling an api in which I check the transfer? Usually when we use a payment service, like stripe, they provide both "callback" and "webhook" api. I hope we can change to that.

7 years ago in #steemdev by
$Na
  • Past Payouts $0.56, 0.00 TRX
  • - Author $0.56, 0.00 TRX
  • - Curators $0.00, 0.00 TRX
1 vote
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Yes, this is only a front-end SDK right now, it is not a full end-to-end payment service and requires additional validation on the server-side.

    $Na
      Reply