0

We develop a mobile app with backend on Firebase. Backend logic is encapsulated within cloud functions. We would like to use single Yandex money account to transfer money to Yandex wallets of different users of the mobile app. Could you recommend a scenario for Yandex money authorization from cloud functions for this case? Is it possible at all? If so, then could it be done securely?

I would appreciate any help

OL.
  • 201
  • 3
  • 13
  • Could you talk about the scenario more, so that we can better assess whether or not it would be secure? You can certainly make it happen though. – Tukan Jan 11 '18 at 13:50
  • Thanks! Here is the scenario. A user of mobile app perform some kinds of activity and receives points as a reward for that. Points could be exchanged for money. It implies that a user should have a possibility to receive money into his Yandex money wallet from certain single Yandex wallet. That single Yandex wallet we want to use to transfer money to all users of the mobile app. We use React native to develop mobile app and Firebase real-time database and cloud functions as backend part – OL. Jan 11 '18 at 14:11
  • 1
    You can create a cloud function that takes a user's id and points to be transformed into money, deducts the points from user and afterwards pays him. Only potential issue I can see is a race condition, to solve that you might want to limit transactions to every minute. – Tukan Jan 11 '18 at 14:14
  • I quickly checked and [Yandex wallet has a node.js API](https://tech.yandex.com/money/apps/), so as @H.TugkanKibar also said, that should be possible. If you get stuck while implement the function, please show the code that reproduces where you got stuck. – Frank van Puffelen Jan 11 '18 at 14:20
  • Thank you @H.TugkanKibar and @ Frank van Puffelen. Yep, we saw a node.js API. The question is how to implement authentication within cloud function by means of Yandex API. If I'm not mistaken in order to do it a Yandex web page should be mandatorily shown to input Yandex wallet credentials and to receive 'access_token'. But a mobile app user should not know anything about that credentials. – OL. Jan 11 '18 at 14:38

0 Answers0