正确使用Webhooks来确保付款完整性
我是Webhooks的新手,并没有真正掌握其中的某些点。吻;当前的问题是,请考虑:
- 平台
- 提供服务X来预订服务X的
- ,客户Y必须先付款,
- 首先要授权每笔付款,只有
- 收到服务后才会捕获每笔付款
从服务预订中 为了捕获相关付款,仅处理涉及客户端的授权。所有其余部分都在服务器侧处理。
对于在我的平台上预订服务的每种可能的情况,要求付款授权作为服务器端的第一个操作。该平台DB的改编只有在从前端成功授权后才能执行。
我实现的唯一后备Webhook是客户预订服务,身份验证然后失去连接的情况。因为在这种情况下,客户会预订服务,但是平台服务器无法进行相关的更新。因此,客户将付款,但不会通过平台获得他 /她的服务。
因此,我的策略是实施一个网络钩,以聆听“已完成”事件的事件,如果在内部找不到交易数据,请执行需要执行的操作。
但是,弹出了两个问题:
a)如何控制在定期执行服务器端脚本后执行Webhook?延迟执行Webhook脚本?这里最好的祭司是什么?
b)如果a)可能,只是在Webhook中取消授权付款,而不是通过Webhook编码完成每项可能的每项交易的授权付款吗?如果客户失去连接的客户(您需要在付款授权后执行服务器端任务的有效载荷),那么您已经失去了整个有效载荷的东西,因此需要通过后四分之一来传递有效载荷向您的付款API,同时确保CID加密等;这听起来对我来说就像是过度杀伤。.是否有人处于同样的情况,也决定立即取消通过Webhooks丢失的连接中刚刚授权的付款?还是Webhook通常必须执行相关服务器验证的完全相同的服务器端脚本?这意味着我必须找到一种将有效载荷传递给我的Webhook函数的方法?
I'm new to webhooks and am not really getting the hang of some points of it. KISS; the current problem is, think about:
- a platform
- that provides a service X
- to book a service X, customer Y has to pay in advance
- every payment is authorized first only
- every payment is captured after the service has been received
From the booking of a service to the capture of the related payment, only the authorization is handled involving the client-side. All the rest is handled on the server-side.
For every possible case of a booking of a service on my platform, payment authorizations is requested as the first action on the server-side. Adaptations of the DB of the platform are only executed after a successful authorization of the payment from the frontend.
The only fallback webhook I implement is for the case where a customer books a service, authenticates, and then loses connection. Because in this case, the customer would have booked the service, but the platform server could not make the related updates. So the customer will have paid, but not receive his / her service via the platform.
My strategy is thus to implement a webhook to listen for the event of a transaction authorization "completed", and, if no transaction data is found internally, execute what needs to be done.
BUT, two questions popped up:
A) How can I control that a webhook gets executed AFTER the regular server-side script should have been executed? Delay the execution of the webhook script? What are the best pracs here?
B) If A) is possible, isn't it smarter to just cancel the authorized payment in the webhook, instead of coding the completion of every possible transaction via webhook? Already the thing that you lose the entire payload in case of a client who lost connection (the payload that you need to execute the server-side tasks after a payment authorization), and the consequent need of passing the according payload back-and-fourth to your payment API, while ensuring that CID is encrypted etc.; this just sounds like overkill to me.. Was anyone in the same situation, and also decided to just immediately cancel the just-authorized payment in lost connections via webhooks? Or must webhooks generally execute the exact same server-side script that the related server-validation would do? Meaning I have to find a way to pass the payload to my webhook function?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Webhook是您事件发生的通知 - 您没有义务在那一刻或任何时候执行任何处理。
如果您将Webhooks用作主要同步流的备份(一个好设计!),则可以记录事件并升级以备后用。
在某个地方贴上唱片,指示“获得此授权。在一个小时内再次检查此录音,以确保客户做这件事。”
在上面的评论中:您可能不会不希望您的同步和异步流相同。您的异步备份可能涉及通过电子邮件与客户联系,而对于同步流来说,由于客户仍在会话中,这不是必需的。
The webhook is your notification that the event has happened - you're under no obligation to perform any processing right that moment, or ever.
If you're using webhooks as a backup to a primary synchronous flow (a good design!), then you can record the event and enqueue for later.
Stick a record somewhere indicating "got this authorization. Check this again in an hour to make sure the customer did the thing."
And to your comment above: you probably don't want your sync and async flows to be the same. Your async backup might involve contacting the customer eg via email, while that's not necessary for the sync flow since the customer is still on session.