I am developing a WP plugin that will allow Paypal payments and billing. This plugin will allow users to use their own Paypal accounts when accepting payments.
As far as I understand, I need to use REST to enable the API invoice. Therefore, he leaves me with two options:
My concern for the first is that by storing the keys in the database and their site is somehow compromised - hackers can execute the API on behalf of their application.
The second one will show the secret keys of the plugin file itself, but again, since the application will be used only for this purpose, and Payee / Merchant will be specified only in the plugin settings, I think this is normal? Another advantage may be that the user does not need to create his own application.
Which one is better than two, or can you recommend the third option?
Thank!
source
share