Server to Server Payments using Braintree - braintree

I'm currently interested in using Braintree to make payments from a server using credit card credentials that I currently hold to another payment server.
Currently, the payment nonce is generated by the Braintree Client SDK when a client enter in his credit card details.
However, I want to set it up such that my server, which already contains my credit card details, will generate the payment nonce and send it to another server which accepts Braintree payment nonces.

Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
If you already have the credit card details, you can first create a payment method from those. Once you have a payment method you can treat it just like you would a nonce to create transactions.
Just keep in mind this has additional PCI concerns with raw credit card data being present on your server.

Related

can we use payment network tokenization in the backened code?

as a part of our project we would like to implement a few more functionalities like Apple Pay,Google Pay and PayPal using autherize.net for billing payment transactions.
In our project we already implemented autherize.net for card payments.
Payment methods are implemented in the backend code side (using Laravel 5.5) with autherize.net APIs.There is no front end code interactions for card payment. User details needed for billing payments like Card details, auth_customer_id etc are fetched (today's user payment transaction due ) by running a crone job everyday.
In Autherize.net documentation it is written Apple Pay uses payment network tokenization.
We would like to know, is it possible to use payment network tokenization in the backend development(using Laravel 5.5) to implement Apple Pay,Google Pay, PayPal for billing payment transactions.

Stripe ConfirmCardPayment (frontend) vs paymentintent.Confirm (backend)

When would you choose confirmCardPayment in the front end and when would you choose paymentIntent.Confirm in the backend?
currently our app allows you to checkout as guest, save a credit card if you are not a guest or use a saved card.
All of these flows work without confirmcardpayment on the frontend and without the paymentintent.confirm on the backend
I'm guessing there will be a time where a card payment requires extra authentication and that is when we need to either confirm in the front end or conifrm in the backend? (Also, when/why would a card require extra authentication? New to this space and looking to learn)
Our code pretty much follows this: https://github.com/stripe-samples/saving-card-after-payment/blob/master/without-webhooks/server/go/server.go
PS: The TLDR from the above link is:
Front end:
Creates a paymentmethod with a given card or saved card.
Sends POST /pay API to backend
Backend:
Receives API (validates if user is auth or not - in our case)
Creates a payment intent to be sent to stripe with paymentmethodID from frontend AND customerID gotten from our backend (Stripe's customer id that we created beforehand)
Stripe returns us the paymentmethod with status.
No confirmation on either front.
If same payment method tries to get used for another customer, fails.
If same payment method gets used for same customer (Saved card behavior) it works.
I'm guessing there will be a time where a card payment requires extra authentication and that is when we need to either confirm in the front end or conifrm in the backend?
You need to do this on the frontend because of customer authentication yes. Confirming on the frontend attempts the payment, and the Stripe JS library will also present any additional UI needed like the customer's bank's 3D Secure authentication page.
That is also important for accepting other types of payment methods(which you should, as having more local payment methods in your checkout flow increases customer conversion). E.g., payments using iDEAL require a redirect to the customers bank which again is handled on the client side. https://stripe.com/docs/payments/ideal#payment-flow
(Also, when/why would a card require extra authentication? New to this space and looking to learn)
Pretty much any transaction in Europe and the UK requires 3D Secure authentication right now, and it's only becoming more prevalent worldwide
https://stripe.com/docs/strong-customer-authentication
https://stripe.com/docs/payments/3d-secure
https://support.stripe.com/questions/strong-customer-authentication-sca-enforcement-date
Our code pretty much follows this
The Github link/flow you linked is an alternative way of using Stripe where you attempt the payment on the backend and then need to do a round-trip if authentication is required , but it's generally preferred to use client-side confirmation as it's more scalable for accepting other payment methods. See the notes on
https://stripe.com/docs/payments/accept-a-payment-synchronously

Is creating Stripe Payment Backend API secure?

I want to process Stripe payment to create stripe subscription.
For that I need to pass card number, expiration date, cvc to my backend api.
Is it secure to create Stripe payment this way?
If it is not secure, what methods can I use to secure the subscription request to the backend api?
This is not recommended. Instead, you should collect payment details securely with Stripe Elements (docs)and use the safe IDs returned by that to collect payments.
If you are PCI compliant, you should contact Stripe support for assistance with enabling your account to process card details directly.

How to provide authorization for a Laravel App to charge customer from services and products availed (NOT SUBSCRIPTION OR RECURRING)

I just want to ask how to implement this process in my Laravel 7 app.
On a logged user, he will setup his payment method using Paypal account (some redirection to Paypal page)
After success registration/setup of Paypal account, the app can now charge customer with service/products he availed.
This is not a subscription or recurring payments.
I'm reading the Paypal API Docs but I don't know where should I focus since I don't know the real Paypal Terminology for that kind of process.
NOTE: I already implement this kind of process but on Stripe only where the customer setup his Card or Bank Account then the app can charge the customer.
On PayPal this used to be known as "Reference Transactions with Billing Agreements", and in very new integrations it's called Vault (v2 REST API vault, not the old v1 REST Vault which is of no use)
This functionality is only available if PayPal turns in on for your production account, so you need to contact PayPal about it, specifically the business side of PayPal via https://www.paypal.com/smarthelp/contact-us (not the MTS technical support, they don't enable new features)
If reference transactions does get enabled and approved for your live/production business account (no guarantee of this), then PayPal will guide you on which specific API to use, which could be the newest v2 Vault or something else.

Can you store credit card details in the vault, without charging them, with Braintree v.zero?

With the old Braintree API it was possible to just store credit card details in the vault to charge later (for a variable subscription model). Is it possible to do this with their v.zero API? I looked at their documentation and it wasn't clear. It mentions it can do it with Paypal accounts but I'm not sure if this includes credit cards (no Paypal).
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
Yes! When a customer fills out their credit card information in the Drop-in it is processed by the Braintree API. Once complete, the client receives the payment method (i.e. credit card) nonce which should be sent to your server. This nonce can be used for a whole variety of tasks including simply storing in the vault, as you are trying to do:
result = Braintree::PaymentMethod.create(
:customer_id => "131866",
:payment_method_nonce => nonce_from_the_client
)
Steps:
Your client embeds the Drop-in
User fills out data in Drop-in
Client receives Nonce
Client sends Nonce to server
Server uses nonce to create a payment method in the vault
Cheers!

Resources