Ezypay has made 3 improvements to increase the security of our checkout page. See below for a more detailed explanation on what these improvements are.
Release Date | 20th September 2021 |
|---|
Improvements Made | There will be 3 main changes to the current behaviour:
- A checkout ID will be automatically invalidated after a successful payment. This checkout ID will be invalidated and will no longer be used.
- Each checkout ID will now be automatically invalidated and cannot be reused after 3 failed attempts.
- Integrators will be able to use the API endpoint to disable a checkout session after it has been created.
|
Current Behaviour | The current behaviour of the checkout page is that:
- A single checkout session can be reused repeatedly regardless of whether there were multiple successful or failed payments for a Checkout ID
- A single checkout session can also be reused for multiple customers.
- There was no functionality to disable a checkout ID after its creation.
|
Link to Relevant Documentation | Documentation to API Reference Guide
https://developer.ezypay.com/reference/disable-a-checkout-session |
