During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.
What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?
A . Add a customer number in the callback URL and match the customer number against the one stored on the order.
B. Add HTTPS restriction to the controller start node.
C. Add an order token in the callback URL and match the token against the one stored on the order.
D. Add a session attribute and validate it on the callback.
Answer: C
Latest B2C Commerce Architect Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund