Error/Vuln. in JS Overlay SDK | Dodo Payments | Page 1

tender silo · 2025-09-23T04:57:35.837Z

Let's address your concerns one by one: 1. **Payment Completion Event**: The documentation for payment events in Dodo Payments does not explicitly list an event that captures the completion of a payment with a detailed response. However, the `payment.succeeded` event is triggered when a payment is successfully processed. This event can be used to handle post-payment logic and capture payment details【4:8†source】. 2. **Redirect with Subscription ID and Status**: The redirect URL behavior, including appending `subscription_id` and `status` parameters, is not explicitly documented. This seems to be an implementation detail rather than a formalized part of the API. For handling such redirects, it's essential to ensure your application correctly parses these parameters from the URL【4:5†source】. 3. **ProductLink Error**: Although the documentation states that `ProductLink` is optional, you have encountered an error when using it without providing product information. This could be due to a requirement for additional data when creating a subscription or payment link. It's advisable to provide product details to ensure consistency and avoid mapping issues【4:10†source】. 4. **Vulnerability Concern**: The potential to map any subscription to any payment ID suggests a need for stronger validation in your integration. Ensure that your implementation checks the integrity and validity of IDs received from the API to prevent incorrect associations【4:10†source】. If you believe these issues are due to undocumented features or bugs, consider reaching out to Dodo Payments support for further clarification and assistance. **Helpful Links:** - [Payment Events](https://docs.dodopayments.com/developer-resources/webhooks/intents/webhook-events-guide) - [Overlay Checkout Integration](https://docs.dodopayments.com/developer-resources/overlay-checkout)

Let's address your concerns one by one:

Payment Completion Event: The documentation for payment events in Dodo Payments does not explicitly list an event that captures the completion of a payment with a detailed response. However, the payment.succeeded event is triggered when a payment is successfully processed. This event can be used to handle post-payment logic and capture payment details【4:8†source】.
Redirect with Subscription ID and Status: The redirect URL behavior, including appending subscription_id and status parameters, is not explicitly documented. This seems to be an implementation detail rather than a formalized part of the API. For handling such redirects, it's essential to ensure your application correctly parses these parameters from the URL【4:5†source】.
ProductLink Error: Although the documentation states that ProductLink is optional, you have encountered an error when using it without providing product information. This could be due to a requirement for additional data when creating a subscription or payment link. It's advisable to provide product details to ensure consistency and avoid mapping issues【4:10†source】.
Vulnerability Concern: The potential to map any subscription to any payment ID suggests a need for stronger validation in your integration. Ensure that your implementation checks the integrity and validity of IDs received from the API to prevent incorrect associations【4:10†source】.

If you believe these issues are due to undocumented features or bugs, consider reaching out to Dodo Payments support for further clarification and assistance.

Helpful Links:

#Error/Vuln. in JS Overlay SDK