The forum looks so empty! I thought that I would start off some discussion with clarifications around credit cards.
In /purchase the fields_input (which contains credit card number, expiration, and CVV) is a hash object. Two questions:
- If I need to put the credit card number, expiration, etc, into the object that assumes that I have all that information in my database (and I'm subject to PCI). If I don't want the burden of PCI compliance and would rather use something like Stripe, can I do that or is it pretty much impossible because we're injecting orders via code?
- How does sending you a hash of the object get the credit card info to the e-commerce site? Is it hashed with the private key you assign to me, so you decode the hash and send the clear text to the e-commerce site?
Thanks for your reply! I think your API might be exactly what I'm looking for.
Thanks for reaching out.
1) Use something like Spreedly or Two Tap's wallet to store information client side. Then server-side just store & reuse the tokens you get back. Please keep in mind that storing the cvv is not allowed.
If you look at https://docs.twotap.com/docs/api / One suggested implementation flow, on the Frontend - Cart page you can push the checkout information to one of the wallet providers.
Alternatively a lot of TT customers take advantage of one time use virtual credit cards and become the merchant of record themselves.
2) Yes, inside TT's PCI DSS scope a request is made to the retailer site where information is entered just as a customer would.Reply
Thanks for the fast response Radu!
> ...and become the merchant of record themselves.
I don't want to deal with customer support emails and returns. I just want my affiliate revenue.
Question: Shopify is the only e-commerce package supported right now, is that correct? If my partner uses Shopify, I can use the API and my partner doesn't even have to install anything?Reply