I have a quesiton:
You should NEVER trust a front-end callback as a completed purchase.
That means if I want to integrate with a service, I have to call "checkSteemTransfer" in backend again. Is that duplicated? Why don't I just keep calling an api in which I check the transfer? Usually when we use a payment service, like stripe, they provide both "callback" and "webhook" api. I hope we can change to that.
Yes, this is only a front-end SDK right now, it is not a full end-to-end payment service and requires additional validation on the server-side.