The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

HMAC needed when using FC.client.request?

EricBEricB Member
In version 1.1, in order to prevent product tampering we needed to use HMAC.

In upgrading to version 2.0, using FC.client.request is very convenient to use.
Do you still need to provide HMAC when adding products to the cart this way? If so, how is this done?

If it is not needed, are any other precautions I need to take to prevent any possible product tampering?

The product information is being provided by a service (ajaj), which I then add to the cart via FC.client.request.

Apologies if this has been posted elsewhere already. I have searched google and the forum and didn't find the answers I was looking for.

  • brettbrett FoxyCart Team
    Hi @EricB.
    It's still needed. The FC.client.request is just a shortcut / helper to pass data, but doesn't change any of how the cart actually functions.

    So if you want to use that, you'd still need to sign the options serverside. The basic idea is to have your serverside endpoint do the signing, then you can pass things around with javascript just as you would normally.

    Does that make sense?
Sign In or Register to comment.