Guides

Submitting known payment information

Securely submit known customer payment information to Braintree for use with policy payments

Suggest Edits

In addition to using Braintree's client libraries to collect customer payment methods, Root also allows authorized, PCI-compliant partners to supply known customers credit card details directly. This can reduce friction during bind by eliminating the manual (re)entry of known or stored values.

Requirements

  • You are storing customer credit card details in a PCI-compliant manner
    • You are able to retrieve or proxy these details in a development environment which is supported by Braintree's server SDK. Official setup guides are available for:
  • You have been authorized by Root to perform server-to-server payments
    • Post authorization, you will be provided with a merchant ID, public, and private keys to interact with Braintree on Root's behalf. This is required before you may perform API operations using Braintree's server SDK.

API interactions

Interaction flow

Once a user has demonstrated intent to checkout a bindable quote, you are able to store known credit card information in Braintree for a streamlined purchase experience.

As an initial preparation step, you must obtain the quoted user's Braintree customer ID for subsequent interactions with Braintree. This is a unique identifier which ensures we're only storing the payment method for that specific user.

Upon receiving the user's customer ID, you are able to send known credit card information directly to Braintree in a PCI-compliant manner. We will utilize their CreditCard.create method to send the customer's credit card number, expiration_date, and cvv along with the previously obtained customer_id. If successful, the operation will return a CreditCard instance which includes the required token property for submission to the Carrier Platform's Bind endpoint (as a BraintreeTokenPayment value).

Implementation Guides (work-in-progress)

Very Good Security (VGS)

VGS allows existing merchants to forward known payment methods to external APIs. We can utilize code samples from VGS' Outbound Connections guide to design the outbound API integration, depending on your programming language.

Partners should utilize VGS' TLS certificate , in addition to Braintree's Server SDK certificate , in order to satisfy those vendor protections against MITM attacks when constructing their VGS proxy request. Both of these entries may be concatenated into a single CA (Certificate Authority) Certificate:

#ca_file.pem

{{VGS certificate contents}}

{{Braintree certificate contents}}
CURL example
curl
  --cacert /path/to/ca_file.pem
  -x "https://{{vgs_username:vgs_password}}@{{vgs_url}}:8443"
  -X POST
  -H "X-ApiVersion: 6"
  -H "Authorization: Basic $(echo '{{vgs_username:vgs_password}}' | base64)"
  -H "Content-Type: application/json"
  https://{{braintree_url}}/merchants/{{braintree_merchant_id}}/payment_methods
  -d '{"credit_card": {"expiration_year": "{{cc_expiration_y}}", "expiration_month": "{{cc_expiration_m}}", "number": "{{cc_number}}", "cvv": "{{cc_cvv}}", "customer_id": "{{braintree_customer_id}}" }}'

Updated 3 months ago