So I am trying to create a ecommerce website with paypal api. I am new to paypal php sdk and I wanted to know how to secure the transaction and avoid that the user changes the amount paid. I saw this exemple code on the paypal docs:
paypal.Buttons({
createOrder: function(data, actions) {
// This function sets up the details of the transaction, including the amount and line item details.
return actions.order.create({
purchase_units: [{
amount: {
value: '0.01'
}// I am searching for a way to get this
}]
});
},
onApprove: function(data, actions) {
//call api to verify the order
}
}).render('#paypal-button-container');
It works fine but I know that using javascript is not a good idea because the user can edit the informations of the order. What is the technique to use a mix of javascript and php to verify that the user is not going to change the order ?
To use PayPal Checkout from a server, create two routes, one for 'Create Order' and one for 'Capture Order', documented here. These routes should return/output only JSON data (no other HTML or text)
Pair your two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server