POST request to 3rd party URL from Angular/NodeJS/ExpressJS
Wow, sounds like you are very eager to write code but are really lacking some fundamentals. Do you want to have an SPA or have an old school form POST? Of course you get an CORS error when you try to send an direct API request.
I am quite worried about the outcome of this since you are actually dealing with payments and dont seem to know much about architecture - maybe i'm wrong. Did you hear about OWASP or CSRF? Did you think about storing transactions just in case something bad happens? Did you protect against users sending bad requests with i.e. negative numbers? What about
Give yourself and the pockets of your users some comfort and read up first before writing code, go through at least some examples, i.e. Angular Tour of heroes.
Here is the basic flow of how it should look like.
The backend is the translator here. It provides an API, transforms data that the user sent (after validation) into a request that the payment provider needs. After getting the result it will transform the answer into a defined response to the Angular app - something which will be a success or error message. Then the Angular app can decide what to do: Show a ok or error message to the user.
And! You always get a message from the payment provider, if really not then you should implement a timeout and react with an error message to the user.
Good luck, i really pray that you learn about and implement some security measures.
These 2 approach are seems correct:
- Option 1
- Option 4 (with nodejs server - before 4.1 where payment is successful)
However, there is a flow which seems missing. After the payment is made, the Payment API server does a post request to http://example.com/success or http://example.com/cancel and in the body you find the parameters. So, you can't directly use the url to show user the information on the screen (client side browser).
What you need to do is:
- Have the node server (or your backend API server will also work), and use app.post handle the url at the server - the way you are doing for
app.post('/myPaymentAPI',). - Update your database or get the relevant payment details or id from req.body etc.
- Make a new url like
https://yourwebsite.com/payment?status=SUCCESS&other-infoorhttps://yourwebsite.com/payment/id - Redirect user to particular url on browser
- That particular url will have the details or id. You can show the relevant details or get the id and make the API call as needed
app.post("http://example.com/success", function(req, res){ //get the req.body/params here which Payment Server will post to success url //update your backend etc about payment status etc //redirect to your custom page from here https://yourwebsite.com/payment?status=success&id=id or similar})app.post("http://example.com/cancel", function(req, res){ //get the req.body/params here which Payment Server will post to cancel url //update your backend etc about payment status etc //redirect to your custom page from here https://yourwebsite.com/payment?status=failure&id=id})Hope it helps. Revert for any doubts/clarifications