I have successfully implemented a custom payment flow using the WIX-PAY API such as the example here.
I have been paying extra attention to the architecture of my code to ensure I take all considerations as it relates to security.
Per the note at the end of the tutorial re: Security Considerations, I have ensured that I have defined my Payment Information in the backend and avoided passing those details from the client-side code, except for quantity, which is selected by the user on the UI.
How do I securely include elements such as quantity in the Payment Information when they are only available on the client-side (e.g., on the UI)?
I'm building a site for a hotel group. Here is the flow:
The user selects a hotel property they wish to book.
The user inputs their check-in, check-out dates, and the number of rooms (equate this to quantity).
The ID of the hotel is passed from the client-side to backend where I query the data collection for all the hotel information (i.e., rates, taxes, etc.).
How do I securely get the quantity to the backend in order to calculate totals and the ultimate crate Product Information?