https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16024#M9075 <P>but how would i grab the profile from authnet that was JUST created, pragmatically?&nbsp;</P> Fri, 12 Aug 2011 02:37:08 GMT dadamssg 2011-08-12T02:37:08Z https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/15876#M9005 <P>I'm wondering if it's possible to use the hosted CIM API option to allow user's to create and edit their payment profiles and then somehow get the relevant information(payment profile ID) to process a payment through the normal CIM API? This way my server never see's any cardholder data.</P><P>&nbsp;</P><P>How would i go about getting the payment profile ID after they create their profile?</P> Tue, 09 Aug 2011 14:11:32 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/15876#M9005 dadamssg 2011-08-09T14:11:32Z https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/15902#M9015 <P>Why would you care if your server sees cardholder data? As long as you have an SSL certificate, and as long as you don't leak your FTP password, you're good to go. If someone DOES gain access to your FTP, having the payment system off-site isn't going to save you - the hacker could randomly redirect people to a secondary payment page on your site, or on his site, or if the answer to your question is yes and the payment profile ID's can be retrieved, could get all information except the card data, and would be able to charge their credit cards - though the money would end up with you and not him. As I keep saying, security starts and ends at your FTP. If your FTP is compromised, you're doomed; if it isn't, you're fine.</P> Tue, 09 Aug 2011 22:41:55 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/15902#M9015 TJPride 2011-08-09T22:41:55Z https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16022#M9074 <P>This is exactly the intent that the hosted CIM forms are designed for.&nbsp; Once a customer has created their payment and shipping profiles, you can retrieve them using the CIM API with a getCustomerProfileRequest.&nbsp; You will also have to already be using the createCustomerProfileRequest before you can use the hosted forms.</P> Thu, 11 Aug 2011 22:46:49 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16022#M9074 Trevor 2011-08-11T22:46:49Z https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16024#M9075 <P>but how would i grab the profile from authnet that was JUST created, pragmatically?&nbsp;</P> Fri, 12 Aug 2011 02:37:08 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16024#M9075 dadamssg 2011-08-12T02:37:08Z https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16148#M9135 <P>Before you can generate one of the host forms, you have to already have the customer profile ID.&nbsp; You can use that same customer profile ID to pull a list of payment profiles whent he customer returns to your page.&nbsp; There is no way to specifically pull the most recently created profile.&nbsp; If you really wanted to do this, you could pull the profiles before and after presenting the hosted form and identify any changes.</P> Mon, 15 Aug 2011 19:46:54 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/hosted-CIM-coupled-with-CIM-API/m-p/16148#M9135 Trevor 2011-08-15T19:46:54Z