Hi guys, In our app it is possible to make a payment as anonymous user. This anonymous user creates a payment and response object with a POST request. And goes further to the payment environment. After payment is (not) done, he will be redirect to a URL back to the app. With rest services I fill the response whether the payment is made or not (GET). And after the user has made the payment there will be created an account etc. Now I want to know how to set up this the right and safe, so I can retrieve the payment, response object when the user is returning to the app and go further with the other processes. I think the question comes to this, how can I retrieve the same anonoymous user in the return url, so I can retrieve the associated payment and response?
The case you describe is:
1) anonymous user enters your app
2) user creates a payment
3) external system returns the user to the app
4) You perform a get request for the payment details
You'll need some sort of token that identifies the payment that is under control of the app and is stored temporarly.
As the user is redirected to the app the token can be used for/by the anonymous user to retrieve the payment in your app.
With a custom request handler you could set the callback uri to this handler and see if the payment site is able to include the token.
Then retrieve the payment based on the token and further process the payment info with the get request and create the account based on the result of the get request. Make sure that the token is a long unique key.