[QUESTION] I didn't understand why you have asked to pass PAYTM_MERCHANT_KEY

mrdishant / Paytm-Flutter-Plugin

A Flutter plugin to use the Paytm as a gateway for accepting online paymnets in Flutter app.

Other

10 stars 6 forks source link

[QUESTION] I didn't understand why you have asked to pass PAYTM_MERCHANT_KEY #16

Closed omishah closed 4 years ago

omishah commented 4 years ago

I didn't understand why you have asked to pass PAYTM_MERCHANT_KEY to the checksum generator URL from the app? Isn't that unsafe to do so instead of storing the PAYTM_MERCHANT_KEY on our server?

ankurpandeyvns commented 4 years ago

Storing any credentials on the app is unsafe and even using the provided url for generating checksum isn't safe at all. You must always use your backend to generate the checksum for you.

mrdishant commented 4 years ago

@omishah and @ankurpandeyvns This checksum generation url is just for testing and exploring Paytm. I strongly agree to @ankurpandeyvns comment. I am not storing any credentials on my server...

omishah commented 4 years ago

@omishah and @ankurpandeyvns This checksum generation url is just for testing and exploring Paytm. I strongly agree to @ankurpandeyvns comment. I am not storing any credentials on my server...

I am not saying that you're storing any credentials on your server. Since you have mentioned in the readme/description part so I just said.