cancel
Showing results for 
Search instead for 
Did you mean: 

Verify an Accept Hosted transaction server-side

I am looking at the Accept Hosted documentation and sample app, and I am not seeing a way to verify on the server-side whether or not the transResponse.authorization returned from the client via the window.CommunicationHandler is valid.

 

 

Am I missing something?  These values could be easily intercepted & changed by malicious users using browser dev tools, so we should be using server-side checks to validate that the payment transaction data is legit.

 

Yet nowhere in the documentation does Authorize.net suggest to even perform such a check.  Doesn't this seem like a rather large oversight?  If the application layer doesn't verify the client-side-provided transaction data, then anyone could run an order through such a system and potentially cause the application to think that an order has been paid when no payment transaction was actually run.

 

spacedev
Member
2 REPLIES 2

After some digging into the API, I found a getTransactionDetailsRequest method that can be used to verify a transaction.  To use this method, I had to log into the sandbox and enable the transaction details API.

 

Still seems odd to me that the documentation doesn't suggest or recommend using this to verify that payments have gone through.

 

 

spacedev
Member

Hi @spacedev

 

You can also subscribe to payment webhooks to get real time notifications for your payment events . 

 

https://developer.authorize.net/api/reference/features/webhooks.html

 

Hope it helps !!!





Send feedback at developer_feedback@authorize.net