Have your own great idea for a new API feature?
or maybe a suggested improvement to an existing one? Share it and become a god of the developer world.
Right now, connection details logged from HttpUtility at the debug level include a great deal of useful information along with
- the api login and transaction key
- full dump of the xml request including unmasked credit card number, expiration date, etc.
Can we move the logging of these two items to a separately-configurable logger like "HttpUtility-sensitive"?
I'd like to see the api login and transaction key logging go away completely from the HttpUtility output.
ideally, I'd like to see the xml request filtered to not show any <payment> information beyond a generic <creditCard> output. (I suppose masked credit card number would be acceptable).
I think it would also be wise to not output <billTo> information nor <customer> information with the non-sensitive-data logger other than <customer><id> even though this is not strictly required by PCI DSS.
We want to log when transactions occur with enough context to know what those transactions are without making our logs a security risk.
There needs to be a way to verify if a transaction has already been posted or not in order to help eliminate possible payment duplication. This could work by searching for an invoice number, date, and possibly even a payment amount; and get a list of all transactions where there is a match. This way I can make sure my application isnt trying to charge a second time when it should not.