I am working on an app that requires payment to be collected from customers. I have few questions related to braintree integration with my app. I am actually struggling a bit with the workings of the braintree so thought of checking here.
The PCI compliance is critical so i do not want to store anything in my app or the backend server. Can I achieve this with braintree? I also don’t want customer to retype the credit card information when they come back to the app. As I understand there is a Vault functionality which can do this but I was not sure.
Do I invoke the braintree API from iOS app directly or do I need to first send the credit card information to my backend layer and then invoke the Braintree APIs from backend. I don’t want to transmit anything to my server due to the PCI compliance so I am hoping that I can just invoke the braintree API directly from the iOS APP and when user comes back, again invoke the braintree Vault API from the APP and pull the previously used credit card.
appreciate if anyone can pls. direct me to some kind of architecture / white paper/best practice on this. I went thru the APIs document on braintree site which provides and good API documents but i could not find the high level architecture document on this.
Thanks in advance..
Yes. https://articles.braintreepayments.com/control-panel/vault/overview
Yes use from iOS. https://developers.braintreepayments.com/ios+ruby/start/hello-client
for number three... I'm not sure where to find that. Definitely ask support
Related
Just wondering if someone can clear this up for me as its kind of a grey area and not sure what to do.
I have a website that is split into frontend and api and has a subscription service provided by stripe on the api. I am now making apps in ionic for both apple and google stores but Im unsure of how the payments will work on the platforms, ideally i would like to just stick to using stripe but Ive been reading about both stores and this is where I need guidance.
From what I have read it seems to be that I have to use google play billing and apples alternative. Do I have to use these for the apps going into their respective stores or can I continue to use stripe within the apps? As i see it its a multi platform saas. So why cant I just send the card info to my api for charging?(I know theres alot of security involved and its not as trivial as I make it out to be)
Ive been reading conflicting statements from multiple sites and Im just not sure which is correct and the docs on google play billing make no reference to this. Its a multiplatform service so can I just send on the card details to my api
But what I have found is that apple have this
3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewhere, including consumable items in multi-platform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.
Which to me states that I have to use Apple Pay and make no reference to my other payment methods for fear of being refused from the store.
I can't comment for Apple. For Google Play the best place to answer this sort of question is the Developer policy center. In the Monetization and Ads section it says
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
Payment is solely for physical products
Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).
You should read all of the linked page and decide what category the stuff you are selling falls into.
I'm using braintree and their hosted fields solution to be applicable for the easiest to qualify PCI level of compliance - SAQ A.
Google recently announced their PaymentRequest API which provided a great user experience, however it makes available sensitive card details to my website's js, which will make me ineligible for SAQ A.
Is there a way to use PaymentRequest API with Hosted fields, or should I become SAQ A-EP to be able to take advantage of the new feature?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
Braintree does not officially support the PaymentRequest API with Braintree's Hosted Fields at this time. This could change in the future.
I want to build something similar to a poll service for mobile but it doesn't need Facebook.
After Facebook's acqusition, is Parse.com still a viable option if your web app does not need Facebook integration? Could app developers (customers) log in to my backend without a Facebook account?
Is it possible to build premium features with Parse and then charge for them?
Do you own your data when using Parse.com? I.e., can you export it in case you decide to move to another service in the future?
I am hoping someone with experience can shed some light on this. Thank you!
After Facebook's acqusition, is Parse.com still a viable option if
your web app does not need Facebook integration? Could app developers
(customers) log in to my backend without a Facebook account?
yes,for now.
Is it possible to build premium features with Parse and then charge
for them?
yes
Do you own your data when using Parse.com? I.e., can you export it in
case you decide to move to another service in the future?
yes
I'd suggest you always have a backup plan,when using a BAAS.I pity Stackmob users that didnt.You dont know if parse will still be there in 3 years or their features and pricing will change.Never rely on a BAAS on the long run.
Yes parse has standalone login features with username, and password, in addition to twitter, and facebook. They even handle lost password reset's via email as long as the user has the email field entered. You can check if the user's email has been verified via the emailVerified field.
I'm using stripe.com's payment system via parse's cloud code. I will admit this is not a complete drop in feature for parse yet, but maybe in the future. stripe is made for developers, and I find it to be a very powerful payment system. I can answer some basic stripe/parse questions as I have written myself basically a semi-complete API for handling customers, card, and charges.
I am learning UPS address validation API for my PHP application. Going to use web service version for my integration. However I am not sure whether UPS address validation will work for mobile app or not like iPhone or Android app. Can someone answer me this question in details?
Thanks in advance.
To add to Matt's comment, UPS address verification and official postal (e.g. USPS, Canada Post) addresses can be different so, in addition to the terms of service, make sure you are pulling from the right data.
I was wonder if it's possible to use PayPal mobile checkout directly in my wp7 app, as in-app payment gateway.
My concern it’s Microsoft marketplace application policy 2.1:
“Your application must be fully functional when acquired from Windows
Phone Marketplace (except for additional data as permitted below).
Unless you have a pre-existing billing relationship with the user,
your application may not require the user to provide payment
information,within the application experience, to activate, unlock, or
extend usage of the application. “
Does this means I’m not allowed to use PayPal to make in-app purchasing?
Thank you,
Alex
I think this policy only applies to your app. If you want to use PayPal
to activate, unlock, or extend usage of the application
than it's not allowed. If you want to do other things which require PayPal the policy allows you to do so.
The marketplace requirement menas that you must have that "pre-existing billing relationship with the user". It doesn't put any restriction on how you bill your users. You could, therefore use PayPal or any ither method available to you.
This requirement is partly to enforce the prevention of apps which have no functionality when downloaded from the marketplace, without paying for the content.
I would suggest contacting app hub support to further discuss your specific requirements if you need to or to confirm the exact meaning around what qualifies as a "pre-existing billing relationship".
You can use Paypal. If you study the clause carefully, it states "Unless you have a pre-existing billing relationship with the user, your application may not require the user to provide payment information,within the application experience, to activate, unlock, or extend usage of the application."
f you do not have a pre-existing billing relationship with new users, all they need to do is to complete the payment information outside the app, for example get redirected to an external browser (Paypal) to input their details.
Hope this helps.