PCI compliance territory? Gross, we’d never make you go there. We’re darn happy the regulations exist though, and we utilize tokenization to stay compliant and keep your donor/customer info secure.
Check out this quick tokenization tutorial video to learn why it’s such an important security safeguard in the payment Gateway.
Here are the two things you’ll need to integrate tokenization into your software. When in doubt, call us or holler at your developer and he/she will go doc hunting.
Tokens can only be created through the API. Using your public API key, send a create token request with the cardholder data you wish to charge. In a web form, this would be done using JavaScript; you’ll need to use the GET/tokens/JSONP endpoint with JSONP to avoid cross-origin resource issues. The request will return a token ID, which your web form should then submit to your server.
$.ajax({ url: "https://api.paymentspring.com/api/v1/tokens/jsonp", dataType: "jsonp", data: { public_api_key: "api_key", card_number: 4111111111111111, csc: 123, card_exp_month: 8, card_exp_year: 2018, card_owner_name: "John Doe" } }); $ curl -u public-api-key: -XPOST https://api.paymentspring.com/api/v1/tokens \ -d card_number="4111111111111111" \ -d card_exp_month="1" \ -d card_exp_year="2020" \ -d csc="1234" \ -d card_owner_name="John Doe"
Using your private API key, have your server send a charge request using the ID of the token you just created. The token is able to be used just once and will be deactivated after the charge is made. You could also send a “create customer request” to save this card data as a customer to be charged later.
$ curl -u private-api-key: -XPOST https://api.paymentspring.com/api/v1/charge \ -d token="62a987ed39" \ -d amount="2000"
That’s all there is to it. Your servers never have card data pass through them. PCI compliance achieved!