Open Source & Free  

Braintree (PayPal) cn1lib

Braintree (PayPal) cn1lib

Header Image

As part of the bootcamp we wrote a couple of cn1libs and the first one is the Braintree cn1lib which allows us to do credit card payments within an app. If you aren’t familiar with Braintree it’s a PayPal company that provides payment integration for mobile devices.

Notice that this differs from In App Purchase which targets “virtual goods”. This is useful for things like paying for physical goods and services e.g. paying for a taxi.

In order to make a purchase with this API we can use code such as:

Purchase.startOrder(new Purchase.Callback() {
        public String fetchToken() {
           // this method needs to return the token from the Brain tree server API.
           // You need to use this code to connect to your server or return the data
           // from a previous connection that fetched the token
        }

        public void onPurchaseSuccess(String nonce) {
            // this is a callback that will be invoked when the purchase succeeds
        }

        public void onPurchaseFail(String errorMessage) {
            // this is a callback that will be invoked when the purchase fails
        }

        public void onPurchaseCancel() {
            // this is a callback that will be invoked when the purchase is canceled
        }
    });

Notice that we don’t pass pricing or any other information within the code, this is all done in the server code that generates the token for the purchase. This allows our client code to remain “tamper proof”, all credit card collection and charge code is written by Braintree and is thus compliant with all the PCI level security restrictions and we can keep our code simple.

Many basic and subtle hacks can be avoided, e.g. a common hack is to manipulate client side code to change charge pricing but since pricing is determined by our (your) server and communicated directly to the Braintree server this is 100% tamper proof.

This is one of those cn1libs where most of the work is done in the server and so I’m only showing you the tip of the iceberg and you would need to followup with the Braintree docs to understand how this is bound to your server then implement your server side logic.

6 Comments

Leave a Reply