Hello,
I need some instruction on how I may be able to create a secure form post to a PayPal site to allow a customer to complete their transaction. For the past 4 days I have been Google'ing articles on form post security and PayPal integration (this site has many good PayPal articles), but I am not understanding the big picture. I am having a bit of a disconnect in connecting the dots. Here are a couple of concerns I have and don't know how to overcome them.
1. How do I ensure that the transaction was initiated on the seller's site? Such that it was not on a person's local machine by copying the form post and making adjustments to the form post i.e. decrease price amount to a negative value and purchase the product?
2. Is there a way that the server side can handle the form post by the client giving an id of the product they want and have the server send them to a PayPal site with all the information about the product i.e. product description, price, quantity, etc? Maybe by an Ajax call?
Currently, I am able to go through the developer tools (F12) and modify my form values and PayPal is accepting the modified values. I don't want this. What do I need to do to create a secure form post?
Can someone point me in the proper direction? If you need me to clarify anything just let me know. Thanks in advance.