"Challenge: bulletproof payment form", Lev Davydov
fwdays
292 views
38 slides
Oct 19, 2024
Slide 1 of 38
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
About This Presentation
Millions of daily users, hundreds of clients, one embeddable widget. How did we build it and what could possibly have gone wrong?
Slide Content
和 vv
BULLETPROOF
PATENT FORM
Solidgate
BULLETPROOF
PATENT FORM
Solidgate
lo | noBEphycb |
CET
CET
KOLO
t= | Aouo
superhumans Center |
superhumans Center |
About me El solidgate
Frontend Guildmaster
at Solidgate
8 years in IT
Wanna you to learn
from our mistakes
Frontend Guildmaster
at Solidgate
8 years in IT
Wanna you to learn
from our mistakes
Agenda El solidgate
1. Company intro.
2. Payment form iterations
3. Public API
4. Race conditions
5. Q&A
1. Company intro.
2. Payment form iterations
3. Public API
4. Race conditions
5. Q&A
About us El solidgate
2.8 billions USD
processed annually
2x YTY growth 125 businesses
using Payment form
2.8 billions USD
processed annually
2x YTY growth 125 businesses
using Payment form
Tech numbers El solidgate
6k+ RPS on balancer Payment Form
A
+ Add query © Queryhistory © Query inspector
Graph
6k+ RPS on balancer Payment Form
A
+ Add query © Queryhistory © Query inspector
Graph
Initial requirements EJ solidgate
Payment form 1 EY 시 8
Embeddable into other apps |! で |
We are controlling updates @
Restrict client data access O@
=> iframe
Payment form 1 EY 시 8
Embeddable into other apps |! で |
We are controlling updates @
Restrict client data access O@
=> iframe
Initial solution
Your iframe
Card Number
1234 1234 1234 1234
Expiration Date
MMIYY
Subscribe for 120,00 EUR/30 day:
Ask iframe url
Returns url
Pass sensitive
info
回 solidgate
Your backend
Your iframe
Card Number
1234 1234 1234 1234
Expiration Date
MMIYY
Subscribe for 120,00 EUR/30 day:
Ask iframe url
Returns url
Pass sensitive
info
回 solidgate
Your backend
Initial problems EJ solidgate
its looks so
you do something’
Merchant website
| Draws
1 Uh, sorry, could you set a 300px
Your iframe fixed heigh, we are updating our
documentation ATM?
Card Number
its looks so
you do something’
Merchant website
| Draws
1 Uh, sorry, could you set a 300px
Your iframe fixed heigh, we are updating our
documentation ATM?
Card Number
回 solidgate
3D-Secure ve En
CKACYBA TA
AlnpusarBanx VISA
Mepuawr: LQ
wa
Bara:
Kaprea:
Niareepaite onnary a honangy Npusar24,
ori Harwcuire xHonky pogosxcinn
3D-Secure ve En
CKACYBA TA
AlnpusarBanx VISA
Mepuawr: LQ
wa
Bara:
Kaprea:
Niareepaite onnary a honangy Npusar24,
ori Harwcuire xHonky pogosxcinn
Workarounds EJ solidgate
Uh, sorry, could you set a 300px
Your iframe fixed heigh, we are updating our
documentation ATM?
Card Number
Expiration Date
and there is a 3D redirect from
BigPopularBank with scrollbar
Sorry again, it should be 400px.
Your QA
store.soldgate.com 1 charge your You
nature payments in accesar
Uh, sorry, could you set a 300px
Your iframe fixed heigh, we are updating our
documentation ATM?
Card Number
Expiration Date
and there is a 3D redirect from
BigPopularBank with scrollbar
Sorry again, it should be 400px.
Your QA
store.soldgate.com 1 charge your You
nature payments in accesar
Workaround trap Elsolidgate
// publish, inside iframe
window. parent. postMessage({
type: "resize",
height: 400,
por);
// subscribe, outside iframe
window. addEventListener("message", e => {
if (e.type == "resize") て
iframe.height = e.height;
Ej
3)
// publish, inside iframe
window. parent. postMessage({
type: "resize",
height: 400,
por);
// subscribe, outside iframe
window. addEventListener("message", e => {
if (e.type == "resize") て
iframe.height = e.height;
Ej
3)
More requirements
Extra fields
Apple pay
3D-Secure in modal
回 solidgate
4242 4242 4242 4242 vsa
«Pay
Your customer will proceed to the Apple
Pay to complete payment
Extra fields
Apple pay
3D-Secure in modal
回 solidgate
4242 4242 4242 4242 vsa
«Pay
Your customer will proceed to the Apple
Pay to complete payment
Silver Bullet Elsolidgate
Requests SDK
Returns SDK
ñ
1 Your SDK | ER — |
Your iframe
Cord Number
Handles 별
non-sensetive info 1!
Requests SDK
Returns SDK
ñ
1 Your SDK | ER — |
Your iframe
Cord Number
Handles 별
non-sensetive info 1!
回 solidgate
Why silver bullet? |
Better payment conversion |
Better clients conversion |
Better ideas conversion |
Why silver bullet? |
Better payment conversion |
Better clients conversion |
Better ideas conversion |
HOUSTON,
WE HAVE
A PROBLEM
window.on(load', () => {
window.parent.postMessage(‘its ok’, '*)
»
Credit or Debit Card Number
Expiry Date CVVCVC
Email C
r
You are engineer, [Username] ㅣ
WE HAVE
A PROBLEM
window.on(load', () => {
window.parent.postMessage(‘its ok’, '*)
»
Credit or Debit Card Number
Expiry Date CVVCVC
Email C
r
You are engineer, [Username] ㅣ
Doom picture EJ solidgate
opyao
opyao
回 solidgate
form.on("event", cb) is ugly past t> |
form.addEventListener("event", cb) is bright future &
You
Not migrating, past is OK,
gimme features 名
Merchant
form.on("event", cb) is ugly past t> |
form.addEventListener("event", cb) is bright future &
You
Not migrating, past is OK,
gimme features 名
Merchant
Liskov
Substitution
Principle
If it looks like a duck,
quacks like a duck, but needs
batteries — you probably have
the wrong abstraction
Substitution
Principle
If it looks like a duck,
quacks like a duck, but needs
batteries — you probably have
the wrong abstraction
Not perfect flow
interface Data {
containterld: string;
// rest props
‘
| Your SDK | a
Your iframe
Call backend
for iframeUrl
Find containerld
and paste iframe
回 solidgate
interface Data {
containterld: string;
// rest props
‘
| Your SDK | a
Your iframe
Call backend
for iframeUrl
Find containerld
and paste iframe
回 solidgate
interface Data {
containterld: string;
// rest props
Your SDK Draws
Your iframe
Call backend for
payment data
| 一
Continue
回 solidgate
Find containerld
and paste
static iframe
el
+
Notify error
containterld: string;
// rest props
Your SDK Draws
Your iframe
Call backend for
payment data
| 一
Continue
回 solidgate
Find containerld
and paste
static iframe
el
+
Notify error
Breaking changes? El solidgate
Before After
enum OrderStatus {
Initial = “initial”, // default
|] new status
Processing = “processing”,
Success = “success”,
Fail = “fail”
}
enum OrderStatus {
Initial = “initial”, // default
Success = "success",
Fail = “fail”
}
Before After
enum OrderStatus {
Initial = “initial”, // default
|] new status
Processing = “processing”,
Success = “success”,
Fail = “fail”
}
enum OrderStatus {
Initial = “initial”, // default
Success = "success",
Fail = “fail”
}
Somehow breaking El solidgate
/ no
function sendToApi(status: OrderStatus) {}
| / yes
ei. WOK! NANYTA HABUMBCA function readFromApi(status: OrderStatus) {
TOBOPHTH "3ANEHMTb BI] KOHTEKCTVS switch (status)
case OrderStatus. Initial {
doStuff();
に ヨ
ar
N oth di
TBHALITYBABCA IT-APXITEHTOPOM default {
/ 4 hideAllUlAndSayNO00000/): // breaking
}
}
/ no
function sendToApi(status: OrderStatus) {}
| / yes
ei. WOK! NANYTA HABUMBCA function readFromApi(status: OrderStatus) {
TOBOPHTH "3ANEHMTb BI] KOHTEKCTVS switch (status)
case OrderStatus. Initial {
doStuff();
に ヨ
ar
N oth di
TBHALITYBABCA IT-APXITEHTOPOM default {
/ 4 hideAllUlAndSayNO00000/): // breaking
}
}
Exceptions Elsolidgate
interface Error {
kind: "order_declined"
reason: "invalid_api_key"
csnwCorrelationId:
env: “sandbox
interface Error {
kind: "order_declined"
reason: "invalid_api_key"
csnwCorrelationId:
env: “sandbox
So weird environment El solidgate
Promise.finallyButNotAllways() Object.valuesButNotAll()
Promise.finallyButNotAllways() Object.valuesButNotAll()
Race conditions
EJ solidgate
EJ solidgate
_jn React function Like({ initialLiked }) {
const [liked, setLiked] = useState(initialLiked);
function handleClick() {
const newLiked = !liked;
// optimistic update
setLiked (newLiked) ;
// api call
fetch("/api/like", {
method: "POST",
body: JSON.stringify({ liked: newLiked }),
»
3
return (
<button onClick={handleClick}>
fliked ? "@" : won]
</button>
)3
const [liked, setLiked] = useState(initialLiked);
function handleClick() {
const newLiked = !liked;
// optimistic update
setLiked (newLiked) ;
// api call
fetch("/api/like", {
method: "POST",
body: JSON.stringify({ liked: newLiked }),
»
3
return (
<button onClick={handleClick}>
fliked ? "@" : won]
</button>
)3
Explanation 回 solidgate
Click % -> expectY —— Request 2 一 >
Backend
Click Y -> expect '— Request 2 —>
Click % -> expectY —— Request 2 一 >
Backend
Click Y -> expect '— Request 2 —>
What to do? import { Mutex } from 'asyno-mutex'
Mutexes class Liker {
private mutex = new Mutex()
async like(liked: boolean) {
// awaits release (if already in use)
const release = await mutex.acquire();
try {
await fetch("/api/like", {
method: "POST",
body: JSON.stringify({ liked: newLiked }),
»
了 finally {
// do release
release();
Mutexes class Liker {
private mutex = new Mutex()
async like(liked: boolean) {
// awaits release (if already in use)
const release = await mutex.acquire();
try {
await fetch("/api/like", {
method: "POST",
body: JSON.stringify({ liked: newLiked }),
»
了 finally {
// do release
release();
n Payment form
interface Data {
containterld: string;
// rest props
Your SDK
Your iframe
Elsolidgate
Sdk.init(data)
人
Call backend for Find containerld and
payment data paste static iframe
Y
Ensure iframe loaded
y
Pass init data and payment data to iframe
interface Data {
containterld: string;
// rest props
Your SDK
Your iframe
Elsolidgate
Sdk.init(data)
人
Call backend for Find containerld and
payment data paste static iframe
Y
Ensure iframe loaded
y
Pass init data and payment data to iframe
回 solidgate
Modal window
n Payment form
Your iframe
Card Number
1234 1234 1234 1234
Expiration Date
MMIYY
‚00 EUR/30 days
Modal window
n Payment form
Your iframe
Card Number
1234 1234 1234 1234
Expiration Date
MMIYY
‚00 EUR/30 days
What to do? Explicit ownership
Please, do work, ID
回 solidgate
!
| Your SDK Your iframe
Are you alive?
Yes
Are you alive?
Yes
Here goes result from ID
N
1
ㅣ
1
1
À
1
|
1
1
1
Card Number
1234 1234 1234 1234
Expiration Date
MM/YY
Subscribe for 120,00 EUR/30 days
Please, do work, ID
回 solidgate
!
| Your SDK Your iframe
Are you alive?
Yes
Are you alive?
Yes
Here goes result from ID
N
1
ㅣ
1
1
À
1
|
1
1
1
Card Number
1234 1234 1234 1234
Expiration Date
MM/YY
Subscribe for 120,00 EUR/30 days
回 solidgate
Iframes are good,
but not enough
How to synchronise
SDK © iframe versions?
Client-side SDK
Testing best practices
are Public API
Race conditions
are everywhere
Percentages/canary rollouts
(we can do it with Cloudfront)
Iframes are good,
but not enough
How to synchronise
SDK © iframe versions?
Client-side SDK
Testing best practices
are Public API
Race conditions
are everywhere
Percentages/canary rollouts
(we can do it with Cloudfront)
QA
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 292
- Slides 38
- Age 409 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views