CornelMihaescuRevolut
commented
3 weeks ago Hi @jakubkoje ,
We appreciate your feedback. However, please be assured that the widget is safe and the amount used for payment authorisation is picked from the BE. Frontend value can't change the order amount value created through our endpoint. The frontend totalAmount you see is used only for non-critical complementary flows in cases where an order is not yet created
Hello, I am trying to implement Revolut pay inside my SPA application. In the example, the totalAmount value is provided in the frontend and then is used to create order in the backend.
In my opinion, this is not really safe, since the price could be tampered with by some malicious user. Shouldn't we get the totalAmount from the database, not directly from the frontend? If so, will the totalAmount provided in frontend button initialization be ignored?
I may be missing something, what makes the frontend totalAmount safe, but I just want to be sure.
Thanks