I'm trying to integrate with Braintree using the javascript SDK and the dropin plugin, but there is something I find hard to understand. It seems that the user gives a free permission with his "payment_method_nonce" to charge his credit without him knowing how much he is being charged for. let me explain:
Looking at the flow overview:
1. Client request an authorization token from my server.
the server then creates a new token using his unique "Braintree SDK and credantials",
the sever send the token back to the client.
- The User enters his credit card number and submits -> client sends a request to Braintree server.
- Braintree server returns an "payment_method_nonce" to the client.
- The Client send the "payment_method_nonce" to my server.
- Using the "payment_method_nonce" my server create a transaction, set a price to charge and send a request to Braintree server. The user doesn't knows how much he was charged since the request was sent from the server.
When I worked with Paypal directly (without Braintree SDK) the user was redirected to the "paypal domain" to complete the transaction. there he was presented with all the details about the transaction, price and all, but with "Braintree" this step is missing.
what am i missing here?
