question

dominicktdi avatar image
dominicktdi asked Frank Faustino Deactivated answered

Equivilent to Paypal IPN system?

I am a web developer working with a client who uses clover. They have asked me to build a website which will include online payment functionality.

I have never used Clover before and in fact never heard of it until this morning. What I am accustomed to is the Paypal IPN system for doing this sort of thing. Essentially how this works is, the user submits a form on my site directly to PayPal. This form contains data about what the user is purchasing and how much it costs, but not any payment information. When the user is directed to PayPal's site, they then enter their payment data there. Once the payment has been made, the user is redirected back to my site. Paypal will also send a request directly to my site which will inform me if the payment was successful.

I have also used a similar procedure through Authorize.net. In this case, my server sends a request to Authorize.net which includes the information regarding the purchase, such as items and prices, but again not sensitive into like Credit Card numbers. Authorize.net then sends me a redirect URL which I then send to the user. Once the payment is complete the user is redirected back to me, and I check with Authorize.net to ensure the payment was successful.

I much prefer this approach to using a REST API or similar, because from a security standpoint it seems much better if my server never even so much as sees the credit card number or any potentially sensitive data. There's no chance of me messing it up and a mishandling sensitive info because sensitive data is processed directly by the payment processor.

I've been looking through the documentation for Clover, and I am not able to find anything like this. The closest I can find is the section on WebHooks, which seem to operate similarly in the sense that it will send requests to my site to inform me about events. However, the documentation there seems a little sparse, and I wasn't able to find how I would redirect a user to Clover to complete a payment.

Do you have a method to accomplish this? Essentially I'm looking for a way to do online payment processing where my server doesn't see touch or handle the sensitive data in any way.
Webhooks
3 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

dominicktdi avatar image dominicktdi commented ·
I guess I'll take all these chirping crickets as a "No". I'll recommend the client use PayPal instead.
0 Likes 0 ·
Bryanne Vega avatar image Bryanne Vega commented ·
Sadly no,

Also creating an app that takes payments from other sources I believe is against the App Market policy too.

My suggestion is to keep using your Provider.


-------Edit------

Hello,

In order to take payments, use the developer Pay API:

https://docs.clover.com/clover-platform/docs/devel...


Good luck!
0 Likes 0 ·
dominicktdi avatar image dominicktdi Bryanne Vega commented ·

I've already looked at that documentation. The problem is, I don't want to touch the user's credit card number. I don't want the liability and security risk. That API requires me to take and encrypt the credit card number.

My end goal is that, even if a hacker could somehow gain root access to my sever, there is no chance of them getting credit card info because it never passes through my sever to begin with.

0 Likes 0 ·

1 Answer

Frank Faustino avatar image
Frank Faustino Deactivated answered
Currently, Clover doesn't have anything like that on the Clover Platform.

The closest thing we do have is the Developer Pay API ( https://docs.clover.com/clover-platform/docs/developer-pay-api) which will require you implement the payment solution. Just as long as your app follows PCI compliance, the risk associated should be minimal. You won't have to store customer data or credit card data as we handle that on Clover's end.

As for webhooks, it's analogous to PayPal's IPN message service, as it allows your app to receive notifications when specific events occur, such as payments.
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community