我已经使用 PayPal REST api 在我的网站上实现订阅(定期付款)。我必须设置一个通知 url 以通知订阅计划通过 PayPal 进行的付款(例如月度计划)。 PayPal 将其称为即时付款通知。
我的问题是,开发人员可以滥用该调用来模拟来自 PayPal 的调用吗?因为开发人员知道传递给该方法的通知 url 和参数。开发者只需要知道 recurring_payment_id。
如果它可能被滥用,那么我应该采取什么步骤来防止它。请指导我。
最佳答案
即时付款通知不适用于 Rest API,但是,Rest API 确实有自己的发回通知。
为了使用 Notifications for Rest API,开发人员需要创建 Webhook。
WebHooks and Notifications with PayPal Rest API
使用计费协议(protocol)配置文件 ID,开发人员可以取消协议(protocol)或暂停协议(protocol)。开发人员无法从 PayPal 获取信用卡数据。
以下是来自 PayPal 开发者网站的一些关于定期付款和结算协议(protocol)创建的信息:
即使有人能够从服务器得到响应,也只是计费协议(protocol)的状态。不会返回任何帐户持有人信息。
这是来自 PayPal 开发人员网站的示例响应: Retrieve an Agreement Rest API
{
"id": "I-0LN988D3JACS",
"state": "Pending",
"description": "New Description",
"plan": {
"payment_definitions": [
{
"type": "REGULAR",
"frequency": "Month",
"amount": {
"currency": "USD",
"value": "100.00"
},
"charge_models": [
{
"type": "TAX",
"amount": {
"currency": "USD",
"value": "12.00"
}
},
{
"type": "SHIPPING",
"amount": {
"currency": "USD",
"value": "10.00"
}
}
],
"cycles": "12",
"frequency_interval": "2"
}
],
"merchant_preferences": {
"setup_fee": {
"currency": "USD",
"value": "0.00"
},
"max_fail_attempts": "0",
"auto_bill_amount": "YES"
}
},
"links": [
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements /I-0LN988D3JACS/suspend",
"rel": "suspend",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/re-activate",
"rel": "re_activate",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/cancel",
"rel": "cancel",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/bill-balance",
"rel": "self",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/set-balance",
"rel": "self",
"method": "POST"
}
],
"start_date": "2015-02-19T08:00:00Z",
"agreement_details": {
"outstanding_balance": {
"currency": "USD",
"value": "0.00"
},
"cycles_remaining": "12",
"cycles_completed": "0",
"final_payment_date": "2016-12-19T10:00:00Z",
"failed_payment_count": "0"
}
}
关于 Paypal 经常性付款滥用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31697160/