Please ensure that order creation is handled from your backend server, as this approach safeguards sensitive information such as your Cashfree secret key, customer data from exposure. The create order API also cannot be called from a browser as CORS is blocked for this API.
To enhance the customer experience, it's essential to include a return URL when creating an order. This ensures that your customers are redirected to the intended page and do not land on broken or duplicated pages.
Example of a good return url would be
Prior to delivering your services to customers, it is crucial to verify the status of your order. Order should be verified using the Get Order API. When the
order_status is PAID you can consider that payment was successful.
To prevent data tampering, it is advised that you should include some sort of signature in your
return_url along with
$sig = hash_hmac('sha256', "my-order-id", "yoursecretkey");
Compare $sig with $_GET["signature"]
We recommend you to constantly monitoring your APIs for any potential errors. To assist you in this regard, we've developed a range of Developer Tools such as Webhook Logs, API Logs, Rate Limiting, and Integration Usage tracking.
You should view your payment flow in multiple browsers. You can use a tool like BrowserStack for testing purposes.
While creating order using Create Order API, pass an order expiry time so that you do not accept payments for that order after some given time.
Updated 3 months ago