My scenario:
My web server:
What I need to do:
Because web server can not access outside internet, I am using Javascript on the browser side to get the wallet address info by getting https://api.blockcypher.com/v1/btc/test3/addrs/miedePxMt4SDQHjWJyfhbCWvXcm33vzDa1/full and/or https://api.blockcypher.com/v1/btc/test3/txs/681b16b4de3676a5865a85e0bba3097afcc195d928f3167e4d5591c388c1e474?includeHex=true ... and sending that data to my webserver using a Ajax call to check for the received bitcoins.
Note: I have sent testnet bitcoins to that wallet.
Everything works except 1 problem: The browser user can easily change the bitcoin amounts and trick the web server into thinking more bitcoin were sent.
My question is: What methods can I use on the webserver to verify that the transaction data was not changed by the browser user. The web server has the pub/priv key of the receiving wallet. The webserver has the "bx" libbitcoin-explorer program available and I could potentially install other software.
Can I use the commands in this diagram at all? https://github.com/libbitcoin/libbitcoin-explorer/wiki/Transaction-Commands