Best Practices

To ensure a Web Checkout integration and a smooth overall payment experience, consider adopting these recommended best practices.

Suggest Edits

1. Always create order from Backend

Please ensure that order creation is handled from your backend server, as this approach safeguards sensitive information such as your Cashfree secret key, customer data from exposure. The create order API also cannot be called from a browser as CORS is blocked for this API.

2. Always implement Return URL

To enhance the customer experience, it's essential to include a return URL when creating an order. This ensures that your customers are redirected to the intended page and do not land on broken or duplicated pages.

You should always add your order_id in your return_url using either path or query parameter. This will help you identify the order once the payment has been completed.

Example of a good return url would be

{
	"return_url": "https://example.com/cashfree/order/return?order_id=my-order-id"
}

3. Always Verify Order Status

Prior to delivering your services to customers, it is crucial to verify the status of your order. Order should be verified using the Get Order API. When the order_status is PAID you can consider that payment was successful.

4. Implement Data Tamper Prevention

To prevent data tampering, it is advised that you should include some sort of signature in your return_url along with order_id

Example

{
	"return_url": "https://example.com/cashfree/order/return?order_id=my-order-id&signature=some-signature"
}
/*
PHP Code
$sig = hash_hmac('sha256', "my-order-id", "yoursecretkey");
Compare $sig with $_GET["signature"]
*/

5. Monitor the Integration

We recommend you to constantly monitoring your APIs for any potential errors. To assist you in this regard, we've developed a range of Developer Tools such as Webhook Logs, API Logs, Rate Limiting, and Integration Usage tracking.

6. Always Implement Webhook

You should always configure all the payment related Webhooks from your Cashfree Merchant Dashboard. Implementing webhooks can add resiliency to your payment flows, refund flows etc.

7. Test Integration in Multiple Browsers

You should view your payment flow in multiple browsers. You can use a tool like BrowserStack for testing purposes.

8. Use order expiry time

While creating order using Create Order API, pass an order expiry time so that you do not accept payments for that order after some given time.

Updated 5 months ago

What’s Next

Go Live Checklist