What are CreateToken and StoreToken in SagePay Server V3.0? - opayo

We are upgrading our SagePay protocol from v2.23 to 3.0 to support surcharge fees. In v3.0 transaction registration post there are CreateToken and StoreToken which was not in the earlier version. What is the reason for create and store tokens? I went through the document but couldn't find a clue.

The link provided in the above post links to advice by one of our Sage Pay Partners so take a look at it.
Token allows shoppers the option of storing their card details (as a token) to their account on the payment page during their first purchase instead of having to set it up manually afterwards. Single click purchases for repeat customers will become much simpler and quicker to set up.
To view the Token Guide go to here, scroll to the bottom of the screen and select the Download the Documents option within your preferred method of integration (server, server inframe, direct). Within the guide it explains creating and storing a token.
If this is a service you would like enabled on your Sage Pay account our New Business team are available 0900-1800 on 0845 111 4466. Prices for Token are available via here. If you have any other questions, our 24/7 Support team can assist to on 0845 111 4455.
Sage Pay Support.

I believe this is related to their token system, allowing you to store and send card details as a token.
If you don't use their token system you don't need to worry about it.
Sage Pay have destroyed their content recently so it's hard to find anything, here's a quick article on their token system - http://www.metakinetic.com/blog/2013/09/sage-pays-token-system-and-advancements-in-payment-gateways/

Related

Apple Pay in Xamarin.Forms

Help me please. How to integrate Apple Pay in Xamarin.Forms? The instruction that is on the Microsoft website does not provide a step-by-step algorithm for implementing this functionality.
Maybe there is a plugin that helps solve this problem? I tried to register at www.judopay.com, as indicated in the Microsoft manual, but no one answered my application.
There is no direct detail tutorial in Xamrarn , however Xamrin provide a Emporium sample and original document from Apple to explain that .
The sample app is comprised of several parts:
CatalogCollectionViewController - a collection view that displays a list of products (parsed from ProductsList.plist)
ProductTableViewController - a detail table view that summarizes a product, and allows the user to buy it using Apple Pay
ConfirmationViewController - a simple confirmation screen to be shown after a successful payment
Hope this sample will be helpful to create your first apple pay application .
In addition , the most important logic is Processing the Payment Token:
Once the user has authenticated to confirm purchase intent, you don’t need to handle their actual credit or debit card numbers. Instead, your app or website receives a payment object containing an encrypted payment token. This token encapsulates the information needed to complete a payment transaction, including the device-specific account number, the amount, and a unique, one-time-use cryptogram. The token can be decrypted by the merchant with the certificate private key or by the Payment Service Provider (PSP) on behalf of the merchant. Once decrypted, the token needs to be passed to the payment service provider for processing.
More info , you can refer to Apple doc here .

How to edit a card in Braintree's dropin in UI?

I'm using Braintree for my site's payments and it works well except that when a user has selected a payment card from its chrome's history and he/she mistakenly inputs a wrong CVV the Braintree will fail the transaction (when trying to verify) but it saves the credit card and the user cannot edit him/her mistake, and only thing he/she can is to delete the CC using the Braintree's vault manager and re-enter again!
Question:
How can I make drop-in to edit the selected card when the card's verification fails?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
Vault manager does not allow the ability to edit the CVV (or any values) on the cards saved to the Vault. I can certainly pass this along as a future feature request.
This does not sound like the expected behavior if you are verifying prior to Vaulting in production and have CVV rules enabled to reject if the CVV does not match. If you are running into this error in production, please reach out to our Support team with an example. If this is in sandbox, please ensure you are using a test CVV to trigger the desired response.

zagat content in the Places API - ERROR

I am many errors on my Maps API Console.
I am the website owner, not the developer or webmaster.
Got an email from Google about new pricing. Below is the email.
Today we are announcing important changes, including our new name - Google Maps Platform, a simplified product structure, pay as you go pricing for all, and more. Please take a few minutes to review the announcement to familiarize yourself with the upcoming changes.
We would like to highlight a few updates that may impact your implementation. Beginning June 11th, we are launching our new pricing plan and providing all users access to support. We’ll continue to offer a free tier — all developers will receive $200 of free monthly usage of our core products.
How does this affect your current account(s)?
Based on your usage over the last 3 months and our new pricing plan, we estimate that your monthly cost will exceed the current $200 free tier.
I am trying to figure out why I have so many API calls.
I am seeing in the console, that in the "Google Places API Web Service" I have alot of "Zagat content in the Places API" calls, and they all result in error.
I am trying to figure out how this is happening, but not finding any info online. I see that the "zagatselected" parameter was discarded May of 2017. I can not figure out what is causing these errors.
Everything has been working fine, I have my own API key, and have for a long while. The only reason I am really looking into this, is because Google will now start charging me monthly.
Is it possible you expose your Maps API key to the client, don't have any restrictions on it, and someone else is calling the API/raising those errors?
If you have a snippet of code like this....
<script src="https://maps.googleapis.com/maps/api/js?key=[APIKEYHERE]&libraries=geometry,places&callback=initialize">
...on a public web page, it would be easy for someone else to take the API key and use it themselves, unless you add a IP or referrer restriction to only allow it to be used client-side from your website. You can set up restrictions on who can use your API key following these instructions.
I suspect that the new Google Maps and Places API pricing scheme (which significantly lowers the number of free Places API calls) might cause some less ethical users to use keys they can scrape off websites.

PayPal checkout options

I've been working on a secure shopping cart and checkout for a website. I'm using PayPal, and I'd read that PCI requirements aren't as much of an issue if we don't store card data on our site, so if possible I'd like to avoid that.
HTML buttons seemed like a promising option, but upon further investigation, it seems like maintaining control of active user sessions may not be possible. Below are my sources that seem to confirm this.
PayPal button return url usage
delete session variables when session id is known but not able to start session
PayPal payments pro is mentioned in the second post, but I'm wondering if it or anything else meets my 2 design constraints as they're implications for the implementation don't seem to gel very well.
If they are losing session data when returned from PayPal with a standard button then they have something else going wrong. That should not be happening.
That said, if you're comfortable working with APIs I always recommend Express Checkout and Payments Pro.
If you prefer REST APIs you can use that for PayPal payments and direct credit card payments.
If you prefer NVP / SOAP you can use the Classic API.
In any case, keeping session data alive won't be an issue, and as you mentioned, as long as you aren't storing any credit card data on your server in log files, in the database, or anywhere then you won't have to worry about PCI compliance.

windows phone ApplicationPolicy for in app payment

I was wonder if it's possible to use PayPal mobile checkout directly in my wp7 app, as in-app payment gateway.
My concern it’s Microsoft marketplace application policy 2.1:
“Your application must be fully functional when acquired from Windows
Phone Marketplace (except for additional data as permitted below).
Unless you have a pre-existing billing relationship with the user,
your application may not require the user to provide payment
information,within the application experience, to activate, unlock, or
extend usage of the application. “
Does this means I’m not allowed to use PayPal to make in-app purchasing?
Thank you,
Alex
I think this policy only applies to your app. If you want to use PayPal
to activate, unlock, or extend usage of the application
than it's not allowed. If you want to do other things which require PayPal the policy allows you to do so.
The marketplace requirement menas that you must have that "pre-existing billing relationship with the user". It doesn't put any restriction on how you bill your users. You could, therefore use PayPal or any ither method available to you.
This requirement is partly to enforce the prevention of apps which have no functionality when downloaded from the marketplace, without paying for the content.
I would suggest contacting app hub support to further discuss your specific requirements if you need to or to confirm the exact meaning around what qualifies as a "pre-existing billing relationship".
You can use Paypal. If you study the clause carefully, it states "Unless you have a pre-existing billing relationship with the user, your application may not require the user to provide payment information,within the application experience, to activate, unlock, or extend usage of the application."
f you do not have a pre-existing billing relationship with new users, all they need to do is to complete the payment information outside the app, for example get redirected to an external browser (Paypal) to input their details.
Hope this helps.

Resources