The website integrates the Alipay interface for order payment and member balance recharge. There is no doubt about the order payment because the order is generated in advance, but when I make the balance recharge, when I submit the request to Alipay, do I need to save the generated order request data first? database, and then perform order processing in Alipay's callback return and notify to change the member's balance. However, if the member submits a recharge but does not complete the payment, a lot of useless orders will be generated.
If the member submits a request, the order information is not saved, and the payment success is determined directly in the callback synchronous and asynchronous function, the recharge record is saved and the member balance is changed. Is there any security risk in this way? I read the Alipay interface document, "Merchant It is necessary to verify whether the out_trade_no in the notification data is the order number created in the merchant system, and to determine whether the total_fee is indeed the actual amount of the order (that is, the amount when the merchant order was created)" In this case, I cannot do such an operation.
Please give me some advice from someone who has done it, thank you very much! ! !
The website integrates the Alipay interface for order payment and member balance recharge. There is no doubt about the order payment because the order is generated in advance, but when I do the balance recharge, when I submit the request to Alipay, do I need to save the generated order request data first? database, and then perform order processing in Alipay's callback return and notify to change the member's balance. However, if the member submits a recharge but does not complete the payment, a lot of useless orders will be generated.
If the member submits a request, the order information is not saved, and the payment success is determined directly in the callback synchronous and asynchronous function, the recharge record is saved and the member balance is changed. Is there any security risk in this way? I read the Alipay interface document, "Merchant It is necessary to verify whether out_trade_no in the notification data is the order number created in the merchant system, and to determine whether total_fee is indeed the actual amount of the order (that is, the amount when the merchant order was created)" In this case, I cannot do such an operation.
Please give me some advice from someone who has done it, thank you very much! ! !
Of course you must save the order when submitting it. Are those "useless" orders more important than reliability
As an additional benefit, you can also look at the payment churn rate based on the ratio of orders you consider "useless" to orders actually paid, to prepare and reference data for optimization of the payment process
The plan you started with is correct
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
