I'm currently working on a SaaS application for service-oriented business(i.e. lawn care, home cleaning, etc) where those businesses, if they choose, can add their Stripe, Authorize.net, or PayPal account for the management of customers and payments of invoices generated in our application. I know that the API Login ID, Transaction Key should not be shared with anyone, but looking for advice on the best solution to allow our application to manage a business' account via our application.
07-23-2019 06:42 PM
Hello @egadstar
Since you are building a SaaS application, you should consider using OAuth instead of storing the API Login and Transaction Key.
https://developer.authorize.net/api/reference/features/oauth.html
07-24-2019 08:24 AM
Yeah, I was looking at that but was concerned about the flow from our application to handle the expiration of the refresh token. Unless I'm misunderstanding, after a year, our application would need to trigger the business to perform the oauth flow again?
07-24-2019 10:35 AM
Hello @egadstar
Hope you are doing well today. You mentioned in your post you were working on SaaS Integration for Authorize.net. I would like to know if this was your own project or you were helping someone as a consultant. If the later then I am interested in retaining your services to set up a similar workflow.
10-24-2022 12:50 PM
10-24-2022 02:49 PM