In my application I use the routers that preserve order in the database. But the router is available at any time and if we set the necessary parameters, you can do without pay, which is certainly not desirable for my business. This is the first problem. The second problem is that if you press F5, then the base is added to another record and come one more email.
http://127.0.0.1:5000/order/checkout/success?InvId=25&OutSum=233&SignatureValue=8bc8bb0c8916b7896b3d6b57fa17f96c&Culture=ru
How to protect yourself from unwanted orders?