Menu
I'm developing a PHP app and I want to use Paypal Checkout Client Integration as a mode of payment for my website. However, the integration requires to put your "client ID" in the script which will totally be exposed on the browser's console. Is it ok to expose your client id to the public?
screenshot- implementation
Also, the price is in the script as well, what if people will change the price on the fly?
Any advice on this?
568
Client ID is okay to be public, Client SECRET on the other hand must never be placed into anywhere public, that's just for you.
FrankerZ mostly answered this in the comments, the validation that occurs after is the important aspect.
Consider your Client ID like your real life driving license. If someone steals your license they still can't use it as ID to get into a club, the bouncer will just say "That's obviously not you".
In the analogy above PayPal is the bouncer. Your client ID is your driving license and your client secret is your face.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
