Link to home
Start Free TrialLog in
Avatar of Paul Konstanski
Paul KonstanskiFlag for United States of America

asked on

Best way to Build PHP Embedded Payment Frame

I need recommendations for how to build a form/frame that could be embedded within any website that could be used to process a registration and payment.

I know at one time iFrames were designed for this purpose but there are much better ways of doing this and that's where I'm looking for insight.

Here's the back story.
I have a stand-alone registration website that handles very complex needs (housing, group payments, custom questions, multiple payment methods, etc.). For complex events, they really need to come to my site. But for some events that are quite simple, I could write a basic API that would allow interaction between the client site and my site by means of an API.

How I envision it working.
What I would like is that I could give some simple code to a client who would place that code on their page. That code would initiate a command that would read the data from my site via an API interface. Any interaction on the client side would be processed back to my site. So it would look like they never left the client site.

I'm not a javascript expert but I would expect that is how this would be done.

Any expert advice for how I should proceed with this would be appreciated. Thanks.
SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paul Konstanski

ASKER

Thanks for that insight. The API won't even work without an https connection, but thanks for the reminder.
Smart!
SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here is a page that talks about a FEW factors to consider, in seting up a browser comm (ajax in this case) to REST api server -
      http://security.stackexchange.com/questions/19620/securing-a-javascript-single-page-app-with-restful-backend

this just talks about a few of the security factors to consider, for the questioners specific requirements.

It really does not mention other factors, that may or may not matter to your REST exchange (depending on how you do it).

But keep in mind, that coders that try profitable attacks, are very experienced in this sort of thing, and may set up two or more (fake) accounts in your User system, so that they can access your exchanges with proper credentials, to try and "recognize" holes in your security, from the methods employed in the stages of your operations.
I was able to figure out a solution, but I still need to do some work before I finally publish it. I may come back and update this answer once I have it figured out. The security solutions presented are all important.

Thanks.