Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Do not expose Payment metadata in Shop API
See original GitHub issueIs your feature request related to a problem? Please describe.
The Payment GraphQL type includes the metadata field in both the Admin and Shop APIs. This metadata field can be used (depending on the specifics on the PaymentMethodHandler) to store potentially sensitive data returned by the payment provider. This should not be accessible publicly over the Shop API, even to the owner of that payment.
Describe the solution you’d like Only include it in the Admin API.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For some payment providers exatly those metadata are needed for handling the payment on client-side (e.g. URL to gateway, lang, available methods of payment… that we got from server-provider communication but want to pass along to user).
Describe the solution you’d like change metadata object to hold properties
private(accessible only over AdminAPI) andpublicJSONs so resulting object looks likeThen developer can decide where each subset of metadata belongs to and the terminology makes clear statement on accessibility.
@chladog thank you for the clear explanation.
For reference, here are some more examples of similar flows where data from the provider is required in the storefront: