Best Practices
To ensure a Web Checkout integration and a smooth overall payment experience, consider adopting these recommended best practices.
1. Always create order from Backend
Please ensure that order creation is handled from your backend server, as this approach safeguards sensitive information such as your Cashfree secret key, customer data from exposure. The create order API also cannot be called from a browser as CORS is blocked for this API.
2. Always implement Return URL
To enhance the customer experience, it's essential to include a return URL when creating an order. This ensures that your customers are redirected to the intended page and do not land on broken or duplicated pages.
You should always add your order_id
in your return_url
using either path or query parameter. This will help you identify the order once the payment has been completed.
Example of a good return url would be
{
"return_url": "https://example.com/cashfree/order/return?order_id=my-order-id"
}
3. Always Verify Order Status
Prior to delivering your services to customers, it is crucial to verify the status of your order. Order should be verified using the Get Order API. When the order_status
is PAID you can consider that payment was successful.
4. Implement Data Tamper Prevention
To prevent data tampering, it is advised that you should include some sort of signature in your return_url
along with order_id
Example
{
"return_url": "https://example.com/cashfree/order/return?order_id=my-order-id&signature=some-signature"
}
/*
PHP Code
$sig = hash_hmac('sha256', "my-order-id", "yoursecretkey");
Compare $sig with $_GET["signature"]
*/
5. Monitor the Integration
We recommend you to constantly monitoring your APIs for any potential errors. To assist you in this regard, we've developed a range of Developer Tools such as Webhook Logs, API Logs, Rate Limiting, and Integration Usage tracking.
6. Always Implement Webhook
You should always configure all the payment related Webhooks from your Cashfree Merchant Dashboard. Implementing webhooks can add resiliency to your payment flows, refund flows etc.
7. Test Integration in Multiple Browsers
You should view your payment flow in multiple browsers. You can use a tool like BrowserStack for testing purposes.
8. Use order expiry time
While creating order using Create Order API, pass an order expiry time so that you do not accept payments for that order after some given time.
Updated about 1 year ago