By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.

    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.


New Coder
I'm working on a wordpress site that has a bunch of forms. I need to send the submitted form data to an api, in return I get a product. The products are charged by credits that I have on a account. Before I request the product from the api, I have to charge the user. The checkout page is done on a subdomain using clickfunells and stripe. Once the user pays for the product he is directed to an upsell page and then a thank you page. How I made this work for now is:

1) When the user submits the form I send the form data using an iframe and postmessage and store it in localstorage for the checkout subdomain
2) Once the user pays and is directed to the upsell page I send the form data to an api point on my wordpress site and clear the local storage. From that endpoint I make a request to the product api and once it is successfull I send it via email to the user.

Can I make this process more secure? What worries me is what if the user pays and somewhere along the line either my api endpoint or the product api or the email fails, then he wont get the product.
Any help would be appreciated.
Yes, you can make this process more secure. Here are a few steps you can take:

  1. You can implement SSL encryption to secure the data being sent between your website and the user's browser.
  2. You can store the form data in a secure database instead of local storage, this way you can retrieve it if the API requests fail.
  3. You can use a payment gateway like Stripe to handle the payments securely and ensure that the payment information is not stored on your server.
  4. You can implement a retry mechanism for failed API requests so that the data is automatically sent again if the first request fails.
  5. You can also implement a confirmation page for the user after the API requests are complete, so that the user can confirm that they received the product before clearing the data from the database.
It's important to thoroughly test your system to ensure that all scenarios are covered and to minimize the risk of data loss or failure.
Top Bottom