You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A few days ago, sure of what to propose, I made this pull request #65 . Because of the failed tests, I understood that I was wrong. The POST /api/payment_client_token endpoint is not just an extension of the API services, but is also used internally in Braintree's javascript SDK. In your opinion, what is the best and secure way to provide the AJAX call with the user api token?
Another approach is to fix the README and specs, leaving the endpoint public. In this scenario, what could be collateral damages? So far it has been public.
The text was updated successfully, but these errors were encountered:
A few days ago, sure of what to propose, I made this pull request #65 . Because of the failed tests, I understood that I was wrong. The
POST /api/payment_client_tokenendpoint is not just an extension of the API services, but is also used internally in Braintree's javascript SDK. In your opinion, what is the best and secure way to provide the AJAX call with the user api token?Another approach is to fix the README and specs, leaving the endpoint public. In this scenario, what could be collateral damages? So far it has been public.
The text was updated successfully, but these errors were encountered: