Enabling Secure Payments
Customer service Flows often need to enable users to make payments using their credit cards. Because this involves sensitive customer information, X‑Platform provides a secure mechanism to ensure that credit card (and other secure) details are passed to the relevant Payment Gateway only. Credit card numbers and other sensitive data are never exposed to an X‑Platform Server.
A secure payment application follows the Flow shown in the diagram below:
 |
Phase 1: Sending Credit Card Information
The Flow usually begins from a Payment page, on which customers are asked to make a payment. Instead of sending the information entered on the page to the X‑Platform Server, the information is routed from the client directly to a Payment Gateway, using an application extension.
Phase 2: Obtaining a Credit Card Token
The Payment Gateway processes the information received and performs validity checks. If the data is found valid, a credit card token is returned to the X‑Platform client. This token can be used for the current transaction only.
Phase 3: Storing the Token in a Variable
The credit card token is stored in a User Variable with the setVariable API. This variable will be used for the Integration Point that is needed in Phase 4 of the Flow.
Note
The first three phases of the Flow are handled by an Application Extension. For more details, click here.
Note:
Phase 4: Performing the Payment
The charge operation is performed via an Integration Point that invokes the charging service of the relevant Payment Gateway. The credit card token (from Phase 2) and a secret key (provided by the Payment Gateway) are passed in the Integration Point. The secret key is not visible from outside of the X‑Platform Server.
The following sections present detailed information about the components of a secure payment Flow: