(I posted this same post in the Velo forum, but I haven’t received any feedback)
I have tweaked the code I found in this tutorial (https://support.wix.com/en/article/velo-tutorial-processing-payments) to send a unique serial key and password in the confirmation email sent to the purchaser … In the backend pay.jsw file, I use the first item from the collection to append a serial key and password to the name of the product, which is then appears in the confirmation email the user gets after their purchase is complete:
export async function createMyPayment(productId, nameOfCollection) {return wixData.query(nameOfCollection).find().then((product) => {let paymentInfo = ({
items: [{
name: product.items[0].title + '<br> Serial Key:<br> ' + product.items[0].serialKey + '<br>Password:<br>' + product.items[0].password,
price: product.items[0].price
}],
amount: product.items[0].price
});return wixPay.createPayment(paymentInfo);});}
Since that query takes place in the backend, I’m less concerned about it creating a vulnerability by which a hacker might steal serial keys and passwords … In the frontend file, I then delete the item in the collection that contained the serial key and password that was appended to the product name:
if (result.status === "Successful") {
wixData.query(nameOfCollection).find().then((product) => {
wixData.remove(nameOfCollection, product.items[0]._id).then((removeItem) => {let item = removeItem; //see item below}).catch((err) => {let errorMsg = err;});});
This is where I’m most concerned that there is a potential security vulnerability, should I be worried? Should I have the whole process taking place somewhere else?