I've been building a Solana checkout flow. The core challenge: the server needs to control the terms of every payment — the amount, the recipient, the audit trail — without ever holding a private key.
This post documents the pattern I landed on:
- Checkout session with TTL and CSRF protection
- Atomic token invalidation to prevent TOCTOU race conditions
- A server-side pending record (similar to Stripe's Payment Intent) written before the wallet is ever involved
- Webhook authentication and idempotent confirmation
The server constructs the unsigned transaction, the wallet signs it, and confirmation happens via webhook rather than client reporting. Solana-specific in implementation but the architecture applies to any chain.
Already got a good question in the HN thread about meta-transactions and commit-reveal schemes.
Full post: https://blauenlabs.com/blog/web3-checkout-pattern/
HN discussion: https://news.ycombinator.com/item?id=47821168
Happy to discuss the tradeoffs.
Top comments (0)