|
|
|
|
|
|
by zrail
4162 days ago
|
|
|
Two things. First, you have a live key set up on this page, which seems like it's problematic if you're not actually providing anything. This should be a test key. Second, I can manipulate how much I'm paying by changing the HTML. I understand that this is a very simple backend but it's also very open to manipulation. You should, at the very least, add some sort of param signing. |
|
|
If you're doing 100s of transactions per day or automating fulfillment, it would be more appropriate to invest in a full-featured back end.