[SOLVED] MasterCard Hosted Checkout Integration SECURITY

MasterCard Hosted Checkout Integration SECURITY

as you know, the documentation indicates tha we need a javascipt like this:

Checkout.configure({
              session: { 
                id: '<your_create_checkout_session_ID>'
                },
              interaction: {
                    merchant: {
                        name: 'Your merchant name',
                        address: {
                            line1: '200 Sample St',
                            line2: '1234 Example Town'            
                        }    
                    }
               }
        });

, as it is javascript in an HTML, everyone can see our Merchant_id and the session_id,etc.

How can we hide this info ??

thanks

Solution

In my opinion, you shouldn't use this type of information and configuration in your Front-end application/client because of the security issue that you mentioned.

Instead of that, use these steps:

remove all implementation like configuration, checkout, double-check payments, etc. from your client.
implement them into your backend-application / server (as a service or microservice)
use the usual REST API to communicate between your client and server applications

hope to be useful in your case.