Stripe 应该集成在前端还是后端? (反应+Django 休息)
should Stripe be integrated in frontend or backend ? (React+Django Rest )
经过一天的研究,我找到了两种解决方案,这让我有点困惑。
有人建议使用“pip install dj-stripe”并在“settings.py”中添加密钥和其他选项。然后前端的脚本获取重定向按钮
有人建议使用“npm install --save @stripe/react-stripe-js @stripe/stripe-js”,在“app.js”或指定的js文件中添加密钥。
我想知道它是否有所不同(安全性、效率、..明智),或者是否有具体的方法(最佳实践方法)以及如何,
谢谢。
两者都有,具体取决于您指的是哪个键。
Publishable API keys are meant solely to identify your account with
Stripe, they aren’t secret. In other words, you can safely publish
them in places like your Stripe.js JavaScript code, or in an Android
or iPhone app.
Secret You must keep your secret API keys confidential
and only store them on your own servers. You must not share your
secret API key with any third parties. Your account’s secret API key
can perform any API request to Stripe without restriction. If Stripe
believes that your secret API key has been compromised, we may cancel
and reissue it, potentially resulting in an interruption to your
Stripe services.
经过一天的研究,我找到了两种解决方案,这让我有点困惑。
有人建议使用“pip install dj-stripe”并在“settings.py”中添加密钥和其他选项。然后前端的脚本获取重定向按钮
有人建议使用“npm install --save @stripe/react-stripe-js @stripe/stripe-js”,在“app.js”或指定的js文件中添加密钥。
我想知道它是否有所不同(安全性、效率、..明智),或者是否有具体的方法(最佳实践方法)以及如何,
谢谢。
两者都有,具体取决于您指的是哪个键。
Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. In other words, you can safely publish them in places like your Stripe.js JavaScript code, or in an Android or iPhone app.
Secret You must keep your secret API keys confidential and only store them on your own servers. You must not share your secret API key with any third parties. Your account’s secret API key can perform any API request to Stripe without restriction. If Stripe believes that your secret API key has been compromised, we may cancel and reissue it, potentially resulting in an interruption to your Stripe services.