Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Confusion/Bug about encryption and validation on tokenizeCard

See original GitHub issue

Hi there! I’m following the Credit Cards Tokenization | JS+Ruby guide and experiencing a hard time understanding the idea or purpose behind this way of calling it (I’m in sandbox fyi):

var client = new braintree.api.Client({clientToken: "TOKEN"});
client.tokenizeCard({
  number: "4000111111111115",
  cardholderName: "John Smith",
  expirationMonth: "10",
  expirationYear: "2018",
  cvv: "832",
  billingAddress: {
    postalCode: "94105"
  }
}, function (err, nonce) {
  console.log(err)
  console.log(nonce)
});

I had 2 doubts:

  • For one side the data is not being encrypted before is sent to your servers you can see that in this attachment: screen-shot-2015-08-06-at-4 38 54-pm I also could not set neither change the creditCard[options][validate]: false to true
  • And on the other side I CC I’m trying in there is the one mention in the list of Unsuccessful credit card verification but the call to client.tokenizeCard returns without any error and with a nonce, wondering if this call is not in charge of verify the card and only just retrieve a nonce.

Also I could not found anywhere any doc or wiki explaining all the JS methods available:

Client.addCoinbase()
Client.addCreditCard()
Client.addPayPalAccount()
Client.createSEPAMandate()
Client.decryptBrowserswitchPayload()
Client.encryptBrowserswitchReturnPayload()
Client.exchangePaypalTokenForConsentCode()
Client.getCreditCards()
Client.lookup3DS()
Client.sendAnalyticsEvents()
Client.tokenizeCard()
Client.tokenizeCoinbase()
Client.tokenizePayPalAccount()
Client.unlockCreditCard()
Client.verify3DS()

Is there a doc for this?

Thanks a lot! Hope you have a nice day

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
mrakcommented, Aug 7, 2015

That’s a great question, and it’s a particular (and slightly confusing) feature of sandbox accounts. Those test card cases were conceived before we had browser-side tokenization capabilities.

Credit Card Verification docs

We currently only return those verification results when creating/updating a customer or creating/updating a payment method through our server SDKs. You will also need to turn on card verification in the Control Panel

While using a sandbox account and validate: true, only the luhn-10 validity is checked. It’s only when you go to creating a payment method or customer with that nonce on your server that you will see the error cases described in Unsuccessful credit card verification

If you want an invalid card response from addCreditCard and validate: true, you can try 4111111111111112 as the card number

1reaction
mrakcommented, Aug 6, 2015

Hey @cavi21! I’m a developer at Braintree. I hope I can address all of your concerns.

RE no encryption

Direct use of braintree.api.Client does not use encryption. If you are using it directly, it is assumed that you have gone through the appropriate SAQ questionnaire where you handle credit card data through your own form. Details are sent over https and are encrypted, in a sense, with TLS.

RE verifying cards

tokenizeCard will always specify validate: false. It is a wrapper around the lower-level addCreditCard function which we do not currently document. We could do a better job with naming conventions to make the separation between functions that are intended to be public (such as tokenizeCard) and those that are internally used.

If you are looking for solutions that handle credit card information for you while still being able to use your own styles and checkout, you can take a look at our Hosted Fields integration.

If you still want to only use the Client directly, you can use addCreditCard as follows:

client.addCreditCard({
  options: { validate: true },
  number: "4000111111111115",
  cardholderName: "John Smith",
  expirationMonth: "10",
  expirationYear: "2018",
  cvv: "832",
  billingAddress: {
    postalCode: "94105"
  }
}, function (err, result) {
  if (err) {
    throw new Error('Oh, no!');
  }

  var nonce = result.nonce;
});

Keep in mind that addCreditCard is not documented because it is subject to change!

Read more comments on GitHub >

github_iconTop Results From Across the Web

No results found

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Drop-in flips to "vaulted" appearance upon order form submission

Next page

onPaymentMethodReceived callback not called with paypal