cancel
Showing results for 
Search instead for 
Did you mean: 

hosted CIM coupled with CIM API

I'm wondering if it's possible to use the hosted CIM API option to allow user's to create and edit their payment profiles and then somehow get the relevant information(payment profile ID) to process a payment through the normal CIM API? This way my server never see's any cardholder data.

 

How would i go about getting the payment profile ID after they create their profile?

dadamssg
Contributor
4 REPLIES 4

Why would you care if your server sees cardholder data? As long as you have an SSL certificate, and as long as you don't leak your FTP password, you're good to go. If someone DOES gain access to your FTP, having the payment system off-site isn't going to save you - the hacker could randomly redirect people to a secondary payment page on your site, or on his site, or if the answer to your question is yes and the payment profile ID's can be retrieved, could get all information except the card data, and would be able to charge their credit cards - though the money would end up with you and not him. As I keep saying, security starts and ends at your FTP. If your FTP is compromised, you're doomed; if it isn't, you're fine.

TJPride
Expert

This is exactly the intent that the hosted CIM forms are designed for.  Once a customer has created their payment and shipping profiles, you can retrieve them using the CIM API with a getCustomerProfileRequest.  You will also have to already be using the createCustomerProfileRequest before you can use the hosted forms.

Trevor
Administrator Administrator
Administrator

but how would i grab the profile from authnet that was JUST created, pragmatically? 

Before you can generate one of the host forms, you have to already have the customer profile ID.  You can use that same customer profile ID to pull a list of payment profiles whent he customer returns to your page.  There is no way to specifically pull the most recently created profile.  If you really wanted to do this, you could pull the profiles before and after presenting the hosted form and identify any changes.