What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?

During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.

What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?
A . Add a customer number in the callback URL and match the customer number against the one stored on the order.
B. Add HTTPS restriction to the controller start node.
C. Add an order token in the callback URL and match the token against the one stored on the order.
D. Add a session attribute and validate it on the callback.

Answer: C

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments