Meteor and paypal integration

Question

I'm looking for a "made for meteor" payment system, basically I thought about using Paypal

I browsed the packages on atmospherejs.com and found this Paypal package one

It seems to work but I feel this is really not secure.

• The whole process is sent to the server through a Meteor.call("pay",{my credit card information in clear})
• The client only is getting the transaction callback, it's really not hard to add a server one but still, if the client pays and crash you would like the trusted server to trace the purchase.

Is actually Meteor.call secured ? Is there a more mature way of integrating a payment solution into a Meteor project ?

Answer 1

If your application is not using https then I would not recommend the use of that module.

Just have paypal handle the transaction https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/wp_standard_overview/

And make sure you check the amount paid when paypal postback to your meteor site to confirm the transaction.

Edit: Make a route for paypal to postback too. Paypal explains it here: https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNIntro/

The route you make in meteor should check if the transaction amount and stuff like that is the same as the order you have. This is to make sure people don't mess with the form and pay less then they should.