fix: remove hardcoded credentials from source code

- Move PayPal live/sandbox API keys to env variables - Move hardcoded API token in isAuthorized middleware to env variable - Add api_token key to config/app.php - Update .env.example with new required env vars - Fix isAuthorized response code from 503 to 401
2026-04-24 10:45:54 +08:00
parent 62b8ab44b2
commit d1976045db
4 changed files with 18 additions and 9 deletions
--- a/config/app.php
+++ b/config/app.php
@@ -80,6 +80,8 @@ return [

 	'key' => env('APP_KEY', 'SomeRandomString'),

+	'api_token' => env('API_TOKEN'),
+
 	'cipher' => MCRYPT_RIJNDAEL_128,

 	/*