PAYTM_MERCHANT_KEY should be hidden in all cases and it must be at server end only

mrdishant / Paytm-Flutter-Plugin

A Flutter plugin to use the Paytm as a gateway for accepting online paymnets in Flutter app.

Other

10 stars 6 forks source link

PAYTM_MERCHANT_KEY should be hidden in all cases and it must be at server end only #10

Closed vikramaggarwal13 closed 5 years ago

vikramaggarwal13 commented 5 years ago

Currnently we are sending PAYTM_MERCHANT_KEY parameter from app end while this should not be required as this reduces security

currently this code need PAYTM_MERCHANT_KEY

final response = await http.post(url, headers: {
  "Content-Type": "application/x-www-form-urlencoded"
}, body: {
  "mid": "ParloS79006455919746",
  "CHANNEL_ID": "WAP",
  'INDUSTRY_TYPE_ID': 'Retail',
  'WEBSITE': 'APPSTAGING',
  'PAYTM_MERCHANT_KEY': '380W#7mf&_SpEgsy',
  'TXN_AMOUNT': '10',
  'ORDER_ID': orderId,
  'CUST_ID': '122',
});

mrdishant commented 5 years ago

Hi Vikram, I understand your concern and I want to tell you that this is just for getting started so that developers not just stuck on checksum generation. In Real Scenario, you have to setup checksum generation at your server where you can use Merchant Key in a secure fashion.

Hope this solves the issue.

vikramaggarwal13 commented 5 years ago

Hi,

Okay , I have a doubt when i use your api for generating checksum then i got success response but when I use my own then i am geting error

Please can you give me your api code so that i can see what wrong i am doing

Thanks

mrdishant commented 5 years ago

Here is the link to Paytm's official Nodejs Github Repo https://github.com/Paytm-Payments/Paytm_Web_Sample_Kit_NodeJs

Have a look. and use this for checksum generation