At present, I have encountered a problem. I am working on an e-commerce APP that can buy things. I would like to ask some experienced friends about the security of order generation. The APP process is like this (there is no shopping cart concept). On the product page, click buy directly, enter personal information, and submit... at present, I have encountered a problem. I am working on an e-commerce APP that can buy things. I would like to ask some experienced friends about the security of order generation.
The APP process is like this (there is no shopping cart concept). On the product page, click buy directly, enter personal information, and submit the generated order. My current idea is that when the APP clicks buy, it will call the server to obtain the order token, and then bring the token when submitting the order. Whether to generate an order depends on whether the token in the form is consistent with the token stored by the server. In addition, oauth is encrypted on the order url (the server and the APP agree to a KEY for encryption ). Please share your thoughts in a broad sense. Thank you.
Reply content:
At present, I have encountered a problem. I am working on an e-commerce APP that can buy things. I would like to ask some experienced friends about the security of order generation.
The APP process is like this (there is no shopping cart concept). On the product page, click buy directly, enter personal information, and submit the generated order. My current idea is that when the APP clicks buy, it will call the server to obtain the order token, and then bring the token when submitting the order. Whether to generate an order depends on whether the token in the form is consistent with the token stored by the server. In addition, oauth is encrypted on the order url (the server and the APP agree to a KEY for encryption ). Please share your thoughts in a broad sense. Thank you.
Use POST for submission. You can use HTTPS if necessary.
The total price must be calculated on the server to check whether categories, products and related fields exist. You can also use symmetric encryption to encrypt the transmitted data.
First, you need to know what security you want.
Transmission Security-https
Correct content-server-side Verification
Do not submit repeatedly-Add a token to the process, and the server will ensure that the token can be used at most once.
You can refer to the unified order creation interface for the next payment, which contains detailed order creation procedures. I personally think it is safe. The token is obtained in advance before the order is created, and then encrypted together with the parameters and passed to the server to create an order.