Ezypay has made 3 improvements to increase the security of our checkout page. See below for a more detailed explanation on what these improvements are.
20th September 2021
There will be 3 main changes to the current behaviour:
- A checkout ID will be automatically invalidated after a successful payment. This checkout ID will be invalidated and will no longer be used.
- Each checkout ID will now be automatically invalidated and cannot be reused after 3 failed attempts.
- Integrators will be able to use the API endpoint to disable a checkout session after it has been created.
The current behaviour of the checkout page is that:
- A single checkout session can be reused repeatedly regardless of whether there were multiple successful or failed payments for a Checkout ID
- A single checkout session can also be reused for multiple customers.
- There was no functionality to disable a checkout ID after its creation.
Link to Relevant Documentation
Documentation to API Reference Guide