I work at Braintree. If you want more information than you can easily get on Stack Overflow, please reach out to our support team.
One of the main advantages of payment gateways like Braintree is that they tokenize credit card information without you having to be exposed to it.
Basically, you use Braintree.js to encrypt the card information in the browser so your server never sees it.
Then, you pass that encrypted information on to Braintree. In return, you get a token like "xg67ba"
which you can later use to charge the same card again:
result = Braintree::Transaction.sale(
:amount => "100.00",
:customer => {
:first_name => "Dan",
:last_name => "Smith"
},
:credit_card => {
:number => "encryped_credit_card_number",
:expiration_date => "encryped_expiration_date",
:cvv => "encrypted_cvv"
},
:options => {
:store_in_vault => true
}
)
result.transaction.customer_details.id
#=> e.g. "131866"
result.transaction.credit_card_details.token
#=> e.g. "f6j8"
So the next time, it would look like:
result = Braintree::Transaction.sale(
:amount => "10.00",
:customer_id => "131866",
:credit_card => {:cvv => 'encrypted_cvv'}
)
Every credit card is associated with a customer, and so if you just want to charge a customer's only / default card, you can just provide the customer id
. Getting the cvv
from the customer again (which no one is ever allowed to store) is recommended but not required.