From 0a75e4b9ee9a7c2130264d004c784d928d98ec14 Mon Sep 17 00:00:00 2001
From: Kimberlee Howley <kimberlee@squareup.com>
Date: Tue, 4 Feb 2025 15:41:41 -0800
Subject: [PATCH] Remove outdated comment from server.js (#284)

Hello! The original comment implies that a `Payment` can be created by
passing `order_id` alone. This is incorrect:`amount_money` must be
passed. I suggest removing the comment to reduce confusion.

Please let me know of any questions. Thank you!

- [x] [Individual Contributor License Agreement
(CLA)](https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1)
signed

Co-authored-by: Abhishek Pillai <pillaiabhishek27@gmail.com>
---
 server.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/server.js b/server.js
index 3cefdeb..53ad5f7 100644
--- a/server.js
+++ b/server.js
@@ -34,11 +34,6 @@ async function createPayment(req, res) {
         idempotencyKey: payload.idempotencyKey,
         locationId: payload.locationId,
         sourceId: payload.sourceId,
-        // While it's tempting to pass this data from the client
-        // Doing so allows bad actor to modify these values
-        // Instead, leverage Orders to create an order on the server
-        // and pass the Order ID to createPayment rather than raw amounts
-        // See Orders documentation: https://developer.squareup.com/docs/orders-api/what-it-does
         amountMoney: {
           // the expected amount is in cents, meaning this is $1.00.
           amount: '100',