Hi,
I'm currently integrating Accept.js into my site to become PCI compliant. Here was my old server-side work flow:
Create new monthly subscription:
- Authorize credit card for first month payment (send credit card info: number, exp date, etc.)
- If authorization succeeds
- Create subscription (send credit card info: number, exp date, etc.) and start billing from the second month since the first month payment is handled now
- Capture previous authorization
- If authorization fails
- Void authorization transaction (send credit card info: number, exp date, etc.)
Now I want to tweak this work flow so that I send the opaqueData (dataDescriptor and dataValue) in place of the card info. So the new work flow is now:
Create new monthly subscription:
- Authorize credit card for first month payment (send opaqueData)
- If authorization succeeds
- Create subscription (send opaqueData) and start billing from the second month since the first month payment is handled now
- Capture previous authorization
- If authorization fails
- Void authorization transaction(send opaqueData)
Step 1 succeeds but step 2.1 fails with the response "Invalid OTS Token". I understand that this is because the dataValue token has already been processed in step 1 (the authorization). So my question is, how do I handle not sending the same dataValue in step 2.1 without sending card info since my server no longer receives that? Also, are neither the card info nor the opaqueData required for steps 2.2 and 3.1?
An option I'm considering:
- Create a customer profile by setting the (createProfile parameter to true) in the authorization request (if it doesn't already default to true). Then pass the customer profile info instead of the opaqueData in the Create Subscription request.
Please let me know if this is the recommended solution or if there is a better solution. Thanks.
