Paylike modal amount parameter

Question

I'm currently testing the paylike's web sdk and I can use the sandbox easy. But how can I avoid the user can change the amount on the client side? The amount parameter is required, but how can I ensure about after a success callback about the amount? Can I get it from the server side?

The following code is fine, but I have problem with the amount parameter

<script src="//sdk.paylike.io/3.js"></script>
<script>
  var paylike = Paylike('your key');
   paylike.popup({
       currency: 'DKK',
       amount: 1000,
   }, function( err, res ){
           if (err)
               return console.log(err);
       console.log(res.transaction.id);
       alert('Thank you!');
   });
</script>

Answer 1

Two steps are important regarding transactions. The first step is authorization. Authorization is done with the code you added here, on the frontend. The user can tamper with the amount, but this is merely a reservation and is not taking funds from the payer credit card.

The second step is called capture. You can only capture the funds from the Paylike dashboard, or via your server. When you do that, you generally send the same amount that you initially wanted the user to pay, and if the authorization were less, you would get an error. You can also fetch the transaction to inspect the amount that was authorized if you want to reject an order, for example. You can also send a custom parameter that you might use to validate on the server, similar to a checksum if you want to.

You have a private key, which users are not able to get, so that makes it safe. The 2 step approach is a validation on its own, but as I mentioned, you can also inspect the transaction. You can check the API docs here: https://github.com/paylike/api-docs, where you will also find links to client-side SDKs.

If you are using PHP, using the PHP library (which I maintain) you can do this to inspect a transaction:

$paylike = new \Paylike\Paylike($private_api_key);


$transactions = $paylike->transactions();
$transaction = $transactions->fetch($transaction_id);

The transaction variable will look like this:

{
   "id":"5da8272132aad2256xxxxxxx",
   "test":true,
   "merchantId":"594d3c455be12d547xxxxxx",
   "created":"2019-10-17T08:32:34.362Z",
   "amount":35,
   "refundedAmount":0,
   "capturedAmount":0,
   "voidedAmount":0,
   "pendingAmount":35,
   "disputedAmount":0,
   "card":{
      "id":"5da82743735e61604xxxxxxx",
      "bin":"410000",
      "last4":"0000",
      "expiry":"2023-11-30T22:59:59.999Z",
      "code":{
         "present":true
      },
      "scheme":"visa"
   },
   "tds":"none",
   "currency":"JPY",
   "custom":{
      "email":"[email protected]",
      "orderId":"Could not be determined at this point",
      "products":[
         [
            {
               "ID":"48",
               "name":"Hoodie with Pocket",
               "quantity":"1"
            }
         ]
      ],
      "customer":{
         "name":"John Doe",
         "email":"[email protected]",
         "phoneNo":"020 91X XXXX",
         "address":"123 Main Street, New York, NY 10030",
         "IP":"10.0.2.2"
      },
      "platform":{
         "name":"WordPress",
         "version":"5.2.4"
      },
      "ecommerce":{
         "name":"WooCommerce",
         "version":"3.7.1"
      },
      "paylikePluginVersion":"1.7.2"
   },
   "recurring":false,
   "successful":true,
   "error":false,
   "descriptor":"PHP API WRAPPER TEST",
   "trail":[

   ]
}