This question was closed Apr 13, 2023 at 01:40 PM by bryanvargas for the following reason: Other

question

ycb asked Aug 27, '19 ycb published Apr 13, '23

App billing info fail

Hi clover team,
I found a security fail on app billing info end point

/v3/apps/aId/merchants/mId/billing_info

I can get app billing infos for a merchant by providing a valid token for the app, even if the token is not for this merchant,
I think you check the token only by app not by app and merchant together.

API Token

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ycb commented · Aug 27, 2019 at 08:41 PM

Thanks for reply,

Do you have a fixed planing for fixing the issue?

because we use this end point on our app.

0 ·

Raymond Lee ycb commented · Aug 29, 2019 at 09:12 PM

We are planning on fixing the issue, but I currently do not have an time estimate on when it will be done or when it will be released.

0 ·

question

App billing info fail

0 Answers

Welcome to the
Clover Developer Community

question details

question

App billing info fail

0 Answers

Welcome to theClover Developer Community

question details

Related Questions

Welcome to the
Clover Developer Community