How to correctly organize the display of notifications to an unauthorized user about successful payment?

L

lexstile2021-10-16 13:54:23

Software design

lexstile, 2021-10-16 13:54:23

How to correctly organize the display of notifications to an unauthorized user about successful payment?

The situation is as follows:

BE redirects the user to the application URL: https://vk.com/appXXXXXX#payId-100
FE makes a request with payId and gets the required data, then shows a notification

Problem: any user can manually enter a url with any payId and see the amount of the transaction.
Question: How can I solve the problem?

Solution options:

add a flag to the database that this notification was shown and not send it again (it is not clear at what point to set this flag - before the first sending or after the user has seen the notification - then another request will be required)
add a flag on the front to localStorage, but then when you change the browser or clear the storage, the notification will be shown again

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Adamos, 2021-10-16
@lexstile

The problem of the heptagonal triangle.
How to show a notification to an unauthorized user from any browser by payId, but not show a notification to anyone who knows the payId.
Obviously, you need to enter some kind of storage, cookie or token that the user receives before payment and uses to confirm that it is him. But according to the description "BE redirects the user" everything is complicated, of course...