cfpayment

PDF HTML FlashPaper

Main

Welcome to the CFPAYMENT wiki. We will be documenting the project here as we move along.

Planned APIs

As of July 3, there are three APIs the project will contain:

  1. Core API - this will be the core payment processing service that abstracts various merchant gateway code into a consistent set of methods like .charge(), .void(), .settle(), etc. It will return a normalized response from the gateway to make working with multiple gateways simple and migrating between gateways should be _only a configuration change_.
  2. Encryption API - The first pass will be a java class that implements keystores and public-key encryption for encrypting payment details suitable for persistence. This is subject to PCI DSS 3.4. This should be pluggable so you can implement any encryption scheme desired including CF8's built-in tools, a third-party package or even an hardware security module. The interface for this service will offer methods like .encrypt(), .decrypt(), .getkey(), .setkey(), etc.
  3. Transaction API - the Transaction API will take the core and optionally an encryption service as arguments. This will have the same interface as the Core API but will provide pre and post-transaction database wrapping for tracking payment status and logging. If the encryption service is provided, it will automatically encrypt the payment details and record it in the database. The persistence will be transparent to the user but can obviously be used for reporting, etc.

API Strategies

The idea here is for low-level operations, you can use the Core and wrap it with your own database or other operations as needed. It's a robust building-block. For plug-and-play payment handling, you can use the Transaction API which will automatically handle persistence of your payment and probably some methods for retrieving data from those tables for reporting. You'll be able to optionally pass an encryption service to the Transaction API that will encrypt and decrypt payment details on the fly. For my own personal needs, I plan to implement the location of the Core "endpoint" in the transaction as either a CFC location OR a URL. This will facilitate separating the encryption of payment details from the decryption of payment details for security purposes.

Compatibility

I am aiming to make this CF7+ compatible; it may even work on CF6 but as a first pass I am trying to avoid CF8 as a requirement for wider adoption.