I'm using braintree and their hosted fields solution to be applicable for the easiest to qualify PCI level of compliance - SAQ A.
Google recently announced their PaymentRequest API which provided a great user experience, however it makes available sensitive card details to my website's js, which will make me ineligible for SAQ A.
Is there a way to use PaymentRequest API with Hosted fields, or should I become SAQ A-EP to be able to take advantage of the new feature?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
Braintree does not officially support the PaymentRequest API with Braintree's Hosted Fields at this time. This could change in the future.
Related
There is an API listed in Google APIs (oAuth2) that can be enabled with the service name invoice.googleapis.com. As per the description, it supposedly allows you to fetch Billing invoices for products like Google Adwords, Enterprise etc.
However, there does not seem to be any documentation available online. The PHP client (the one I'm using) also doesn't have an implementation for this.
Does anyone have any more information about this? Is this still in development?
Currently, I have been tasked to utilize the Google People API to ask for a user's basic Google information along with their public phone numbers. So far the results have been positive.
The solution my team and I have incorporated the Google People API integration in has the capacity to be utilized across thousands of domains. As a result, my question is simply, How can my team members and I ensure that any our clients that utilize our solution with their own particular domain get our new functionality built with the Google People API?
Keep in mind, our clients have the flexibility to have http/https and any subdomain on their site. Entering each domain possibility for our client base one by one would not be an easy task. I'm seriously hoping there is a solution around the single, explicit origin entries.
Thank you for your time and help.
Warning:
You must remember that if this is source code you are giving your clients that you are not allowed to release your client id and client secret. This includes plugins and scripts.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
So if your clients could view the code of your application and see your client id and secret you should not be giving it to them.
Read more about this issue Can I really not ship open source with Client ID?
Recommendation:
The best solution for you will be to instruct your users now to create there own project on Google Developer Console and create their own JS origins.
You may just have to provide your own wrapper around the target API where you authorize the client request yourself and then do the request from Google using your own credentials.
I have used googles youtube api in the past which offers an easy way to check how many api calls you have made in a set period e.g one month and i was wondering if stormpath provide any similar service. I can't seem to find it in my account settings?
Stormpath doesn't currently expose this information publicly -- this is something we are working on and will release in the future =)
If you need detailed API reports, you can email us: support#stormpath.com, and we can send you your usage stats.
I am working on an app that requires payment to be collected from customers. I have few questions related to braintree integration with my app. I am actually struggling a bit with the workings of the braintree so thought of checking here.
The PCI compliance is critical so i do not want to store anything in my app or the backend server. Can I achieve this with braintree? I also don’t want customer to retype the credit card information when they come back to the app. As I understand there is a Vault functionality which can do this but I was not sure.
Do I invoke the braintree API from iOS app directly or do I need to first send the credit card information to my backend layer and then invoke the Braintree APIs from backend. I don’t want to transmit anything to my server due to the PCI compliance so I am hoping that I can just invoke the braintree API directly from the iOS APP and when user comes back, again invoke the braintree Vault API from the APP and pull the previously used credit card.
appreciate if anyone can pls. direct me to some kind of architecture / white paper/best practice on this. I went thru the APIs document on braintree site which provides and good API documents but i could not find the high level architecture document on this.
Thanks in advance..
Yes. https://articles.braintreepayments.com/control-panel/vault/overview
Yes use from iOS. https://developers.braintreepayments.com/ios+ruby/start/hello-client
for number three... I'm not sure where to find that. Definitely ask support
We are upgrading our SagePay protocol from v2.23 to 3.0 to support surcharge fees. In v3.0 transaction registration post there are CreateToken and StoreToken which was not in the earlier version. What is the reason for create and store tokens? I went through the document but couldn't find a clue.
The link provided in the above post links to advice by one of our Sage Pay Partners so take a look at it.
Token allows shoppers the option of storing their card details (as a token) to their account on the payment page during their first purchase instead of having to set it up manually afterwards. Single click purchases for repeat customers will become much simpler and quicker to set up.
To view the Token Guide go to here, scroll to the bottom of the screen and select the Download the Documents option within your preferred method of integration (server, server inframe, direct). Within the guide it explains creating and storing a token.
If this is a service you would like enabled on your Sage Pay account our New Business team are available 0900-1800 on 0845 111 4466. Prices for Token are available via here. If you have any other questions, our 24/7 Support team can assist to on 0845 111 4455.
Sage Pay Support.
I believe this is related to their token system, allowing you to store and send card details as a token.
If you don't use their token system you don't need to worry about it.
Sage Pay have destroyed their content recently so it's hard to find anything, here's a quick article on their token system - http://www.metakinetic.com/blog/2013/09/sage-pays-token-system-and-advancements-in-payment-gateways/