PX

PayXor

Sign InGet Started
Back to Blog

Backend-Authoritative Pricing: Why It Matters

January 29, 2024•PayXor Team

Backend-Authoritative Pricing: Why It Matters

One of the most critical aspects of any payment system is ensuring that prices cannot be tampered with. In traditional web applications, this is handled server-side, but in Web3 applications, this becomes more complex.

The Challenge

In Web3, transactions happen on-chain, which means they're public and verifiable. However, this also means that if pricing logic is entirely on-chain, it can be expensive to update and inflexible. On the other hand, if pricing is handled entirely off-chain, users could potentially manipulate prices before submitting transactions.

The Solution: EIP-712 Signatures

PayXor solves this problem using EIP-712 structured data signing. Here's how it works:

1. Backend Generates Quote: Your backend creates a quote with the price, product details, and other relevant information 2. Backend Signs Quote: The quote is signed using EIP-712 with your private key 3. User Receives Quote: The signed quote is sent to the user's frontend 4. User Pays: The user submits the payment transaction with the signed quote 5. Smart Contract Verifies: The smart contract verifies the signature before processing the payment

Benefits

Security

  • Users cannot modify prices before payment
  • All quotes are cryptographically signed and verified on-chain
  • Your backend maintains complete control over pricing

Flexibility

  • Update prices without deploying new smart contracts
  • Implement dynamic pricing, discounts, and promotions
  • Handle complex pricing logic in your backend

Trust

  • Users can verify that quotes come from your authorized backend
  • On-chain verification provides transparency
  • No need to trust centralized price oracles

Implementation

Implementing backend-authoritative pricing with PayXor is straightforward:

// Generate a quote on your backend
const quote = await generateQuote({
  appId: "your-app-id",
  productId: "product-123",
  amount: "1000000", // 1 USD (6 decimals)
  mode: "session",
  duration: 86400 // 24 hours in seconds
});

// Sign the quote using EIP-712
const signedQuote = await signQuote(quote, privateKey);

// Send to frontend
return { quote: signedQuote };

The frontend can then use this signed quote to initiate the payment, and the smart contract will verify the signature before processing.

Best Practices

1. Keep Private Keys Secure: Your signing key should never be exposed to the frontend 2. Validate Inputs: Always validate product IDs, amounts, and other parameters before signing 3. Set Expiration: Include expiration times in your quotes to prevent replay attacks 4. Monitor Usage: Track quote generation and payment completion to detect anomalies

Backend-authoritative pricing is a core feature of PayXor that ensures your payment system is both secure and flexible.

Back to Blog