Paypal的Payment REST API调用的随机信用卡数据
[英]Random Credit card data for Paypal's Payment REST API call
问题描述
Has anyone yet dabbled with Paypal's REST API call for Direct credit card payments ? 
有没有人涉足Paypal的REST API调用直接信用卡付款?
This resource resides here: 该资源位于此处:
https://api.sandbox.paypal.com/v1/payments/payment https://api.sandbox.paypal.com/v1/payments/payment
The typical way to process this account is: 处理此帐户的典型方法是:
- Get access token by making an API call that includes the Client_ID and Secret. 通过进行包括Client_ID和Secret的API调用来获取访问令牌。
- Using the access token, I make a call to the payment API with the necessary card specific data. 使用访问令牌,使用必要的卡特定数据调用付款API。
In point number 2, the line 'necessary card specific data' is important. 在第2点中,“必要的卡特定数据”行很重要。 So far, I had been testing using one of my test/sandbox business accounts. 到目前为止,我一直在使用我的测试/沙盒业务帐户之一进行测试。 That is, the credit card data that was specifically generated for this account. 也就是说,专门为此帐户生成的信用卡数据。 However, it seems like I can manipulate the name, change the expiry date (as long as it's a valid date), the CVV2 number. 但是,似乎我可以操纵名称,更改到期日期(只要它是有效日期),CVV2号即可。 As long as the credit card passes a MOD 10 check, the response object shows the payment as processed (state: approved) . 只要信用卡通过MOD 10支票,响应对象就会显示付款已处理(状态:已批准)。
My question is, is this a loophole (unlikely) or just by design that paypal allows any random card related data to verify payments. 我的问题是,这是一个漏洞(不太可能)还是仅是设计使Paypal允许与随机卡相关的任何数据来验证付款。 (as long as they are valid credit card numbers). (只要它们是有效的信用卡号)。
If it is the earlier, then I wonder why Paypal wants me to create a business account and generates credit card data for me, when all I really need is the REST API client id and secret that is provided when I sign up as a developer. 如果是较早的版本,那么我想知道为什么Paypal希望我创建一个企业帐户并为我生成信用卡数据,而我真正需要的只是我注册为开发人员时提供的REST API客户端ID和密码。
Disclaimer: The documentation does not state anywhere that random card related data can be used. 免责声明:本文档未声明可以使用随机卡相关数据的任何地方。
1 个解决方案
解决方案1
3 已采纳 2013-03-13 21:48:58
Correct, this is by design. 正确,这是设计使然。 We'll accept any credit card number in the Sandbox environment as long as it adheres to MOD-10. 只要符合MOD-10,我们将在沙盒环境中接受任何信用卡号。 This is done specifically to allow for easier testing in the Sandbox environment. 专门这样做是为了在沙盒环境中进行更轻松的测试。
If it is the earlier, then I wonder why Paypal wants me to create a business account and generates credit card data for me, when all I really need is the REST API client id and secret that is provided when I sign up as a developer.
I'm not quite sure what you mean here though? 我不太确定您的意思是什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.