I am selling tickets through Google check out. The tickets are created automatically by my web site which also creates the Google checkout link, on the fly. I want my database to be updated once someone completes their transaction. I figured I could attach a link to the Google check out widget then once the transaction goes through, they are taken to that page and the page updates my database. Unfortunately, I can see the link when I view the source of the pre transaction page. So a user could just copy that link and go right to that page without completing a transaction. My system would think they bought a ticket without them paying for it. Is there a way to embed the link in the Google check out widget, that a user would not be able to see, or do I have to do this in a different way, with the more complicated Google checkout api's.
Asked
Active
Viewed 60 times
2 Answers
0
Maybe check php's $_SERVER['HTTP_REFERER'] and see if it comes from google.
Thew
- 15,789
- 18
- 59
- 100
-
HTTP_REFERER can be manipulated by the user. I figure if they are smart enough to copy the link from the source they would be smart enough to change that as well. Maybe not. – Lumpy Mar 14 '11 at 18:49
0
The Checkout Notification API is the recommend and the most secure option, if you're ok doing some programming on the server side:
http://code.google.com/apis/checkout/developer/Google_Checkout_XML_API_Notification_API.html
You could experiment with the "continue_url" parameter and take the user back to your site after the transaction has completed, however, note that the user has to click on the continue_url link and there is no guarantee that the payment has been accepted:
Mihai Ionescu
- 2,108
- 1
- 12
- 15