Hello,
We are attempting to change the transaction process from the point a user clicks submit which then passes transaction data to our company server to retrieve API Login ID and Transaction ID and then the server calls Authorize.net API and waits for a response.
All of this is hidden for API Login ID and Transaction ID in this manner, however, the transaction data is posting to our server and we no longer want to do that. We would prefer to have the transaction data submit directly to the Authorize.net API, instead. In this scenario, how would we keep the API Login ID and Transaction ID from being exposed in the HTML?
I have been reading up on Accept.js, which would work fine except that Accept.js does not seem to allow track data from credit card swipes. Is there a solution for us to be able to allow credit card swipes to obtain track data and be passed via Accept.js? This would sold our problem, I believe. If not, then how would be able to hide sensitive API Login ID and Transaction Key information before all of the transaction form data is submitted to the Authorize.net API?
Thank you,
Ryan Hinton
โ03-16-2022 12:56 PM
โ03-21-2022 04:48 PM
โ03-21-2022 05:18 PM
Thank you @mgagme for your feedback! If I may add more, in our case, we have multiple clients in which we store transaction keys and api login ids. Based on the client logged in, we get the id and key dynamically, but we are concerned about the amount of PCI forms we would have to fill out based on how we are going about sending the transaction data to our server as a http form post from the website, then we grab the key and api user id on the server side, and then we send the transaction from the server to Authorize.net. We are concerned that PCI is going to need more explanation because the transaction goes to our server before being sent to Authroize.net and we are looking for a way to avoid this scenario by trying to immediately post to Authorize.net from the website only. Also, the issue we came across with accept.js is that it does not accept track data. We allow card swiping which grabs the data for us to make a transaction on our website. With all of this in mind, we don't know how we would be able to parse track data with accept.js, because we would love to utilize it and we thought it was going to solve our issue for us. Thank you for any feedback!
โ03-23-2022 02:58 PM
Wow that sounds really complicated. Without knowing anything really about your setup, have you considered using cookies and encrypting them? I am not that familiar with track data but did see that it is not available with acceptjs as you already discovered. Hope this helps. Maybe some webhook wizardry could help with some of this too...
โ03-23-2022 06:00 PM
@mgagme wrote: TellpizzahutWow that sounds really complicated. Without knowing anything really about your setup, have you considered using cookies and encrypting them? I am not that familiar with track data but did see that it is not available with acceptjs as you already discovered. Hope this helps. Maybe some webhook wizardry could help with some of this too...
We are concerned that PCI is going to need more explanation because the transaction goes to our server before being sent to Authroize.net and we are looking for a way to avoid this scenario by trying to immediately post to Authorize.net from the website only. Also, the issue we came across with accept.js is that it does not accept track data. We allow card swiping which grabs the data for us to make a transaction on our website.
โ03-24-2022 08:43 AM