dorianu
New Coder
I'm working on a wordpress site that has a bunch of forms. I need to send the submitted form data to an api, in return I get a product. The products are charged by credits that I have on a account. Before I request the product from the api, I have to charge the user. The checkout page is done on a subdomain using clickfunells and stripe. Once the user pays for the product he is directed to an upsell page and then a thank you page. How I made this work for now is:
1) When the user submits the form I send the form data using an iframe and postmessage and store it in localstorage for the checkout subdomain
2) Once the user pays and is directed to the upsell page I send the form data to an api point on my wordpress site and clear the local storage. From that endpoint I make a request to the product api and once it is successfull I send it via email to the user.
Can I make this process more secure? What worries me is what if the user pays and somewhere along the line either my api endpoint or the product api or the email fails, then he wont get the product.
Any help would be appreciated.
1) When the user submits the form I send the form data using an iframe and postmessage and store it in localstorage for the checkout subdomain
2) Once the user pays and is directed to the upsell page I send the form data to an api point on my wordpress site and clear the local storage. From that endpoint I make a request to the product api and once it is successfull I send it via email to the user.
Can I make this process more secure? What worries me is what if the user pays and somewhere along the line either my api endpoint or the product api or the email fails, then he wont get the product.
Any help would be appreciated.