I'll start by saying I've read enough of the posts here to know that a nonce (as the name suggests :)) can only be used ONCE. Still, it would be extremely helpful to get an idea on "best practices" recommended for our use case (though it's not at all uncommon!).
At the time of checkout (when a cart or quote is checked out and converted to an order) we are buidling out a system that will automatically split an order up into mutliple "shipments" automatically if during checkout our system realizes inventory isn't available from a single fulfillment partner. The ecommerce platform we're building on top of will by default attempt to create a seperate authorization (and later capture) transaction for each of these "split shipments", and basically handle payment for each shipment indipendently. The issue of course here is that the nonce that we pass into the checkout process can only be used once, for a single authorization. So the OOTB functionality when a non-registered customer who does not have a CIM profile does not work, because the second authorization will fail.
I'm wondering if there is a recommended approach to solve this. I see at least two posibilities:
1. Modify the eCommerce system to only generate a single authorization by totalling all shipments and making a single authorization/capture transaction. This is not ideal because we'd need to capture payment for ALL shipments when the first shipment was sent, but also it requires fairly significant modification of the ecommerce system.
2. Modify code further up the call stack to create payment profiles for ALL customers, regardless of whether they are registered customers or not. To me this seems like a potentially non-starter, because if a customer prefers to not save / store their credit card information it seems like they should have this option? This is perhaps where my biggest question comes in, when I think of generating CIM payment profiles, it is analogous to saving their credit card for future use. Unless the customer opts into this, it seems like we should avoid "vaulting" credit card information? Or is this a standard practice? Think "guest checkout" where the customer isn't even creating an account, so them saving a credit card doesn't really make sense.
Are there other options or features of Authorize.Net's API that would allow us to support these features w/ guest customers who may not wish to save their credit card information?
Thank you!
