douchuo1963 2012-06-03 10:10
浏览 25
已采纳

google checkout html api - 没有HTTPS获得付款状态?

When I log into my merchant account, in the Settings tab I can set the callback URL.

The problem is that, without HTTPS, the only option is to send back a serial number to the callback URL.

Callback contents:
[x] Notification Serial Number
e.g. serial-number=123-456-7
[ ] Notification as XML (Requires an HTTPS URL)
e.g. 123...
[ ] Notification as HTML (name/value pairs) (Requires an HTTPS URL)
e.g. google-order-number=123&...

So from this serial number, is it possible for my server-side script to get the status of the order?

I need to get the payment status of the order (paid or not, amount paid) & the order number sent back to my (custom) cart so that I can update my database.

(I can't get HTTPS at the moment because the person whose website it is doesn't want to get it)

  • 写回答

1条回答 默认 最新

  • duangu1033 2012-06-04 13:20
    关注

    I would caution you regarding your accepted answer.

    1. continue_url is not an "auto-redirect". You are fully dependent on the user actually clicking that link instead of any other link in the page - notably, Google's own link to go the user's Wallet page where he/she has access to all his/her orders.

      You are therefore risking your operations by possibly not having all the orders in your own system.

    2. All Google Checkout orders have order statuses that you should really be aware of. You are already making an assumption in #1 that the user will actually click your continue_url link - additionally, you have also opened yourself up to the possibility that you are tracking orders that may not actually be approved by Google, or fails some monetary/risk authorization or check.

      If a user does in fact click the link you provide, but Google has issues with the order, your system has "money" where it shouldn't.

    3. The only reliable method of implementing Google Checkout API and integrating it with your systems is to follow documentation/instructions - in this case you must implement Notification API.

    4. Yes, you can obtain all order data without installing/purchasing SSL cert for your server using serial number notification - which is what you describe.

      • XML/name-value notification is a "push" model - Google will "push" data to you. You will authenticate Google's basic auth request (which is why SSL is required).
      • serial number notification is "pull" model - you will "pull" data from Google (given a serial number - and that is why SSL is not required on your end - you will authenticate your pull request and send your request with SSL). Google isn't sending you any data, just a serial number. You will use this serial number to obtain data associated with it and provide authentication to Google - your request will use SSL.

    5. You will use serial number notification with Notification History API to obtain data.

    The links above should lead you to complete documentation/reference. If you have questions, comment here, or post it at Google Checkout Product Forums.

    Hth....

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?
  • ¥15 win10权限管理,限制普通用户使用删除功能
  • ¥15 minnio内存占用过大,内存没被回收(Windows环境)
  • ¥65 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案