Closed sheffield-nolan closed 6 years ago
Thanks for the PR, @sheffield-nolan. Can you elaborate on the defensive measure you've put in place with the payment_method
argument? I'm not sure I fully understand the situation we're protecting against.
Otherwise this looks great!
@sds - I made the payment_method required as a safeguard, as the current buy method in the API is akin to having an empty (optional) field for the funding source on the CB website for buys, with no confirmation dialog.
Here is the scenario that happened to me and would like to prevent for other developers:
There is no recourse or rollback from this scenario and it could have all been prevented by having the developer explicitly indicate the payment_method.
Thanks for clarifying!
The 'currency' param is required by the API endpoint, while the 'payment_method' param is not, but should be to avoid unintended funding from linked accounts.
Updated the unit tests to support the additional required params.