Braintree Transaction Sale storing in valult and proper use of nonce and token

1
votes

I have a few questions:

Can I store the credit card/paypal method in sale but also prevent duplicates? OR do duplicates just create an error when using storeInVaultOnSuccess. Will a "duplicate method" error cause sale to fail?

Can I create a customer with Braintree_Transaction::sale? Will a "duplicate customer" error cause sale to fail?

Is there a way to combine to do a "either/or" for paymentMethodNonce and paymentMethodToken?

Lastly security question. Does Braintree make sure the paymenthMethodToken for a customer matches the customerId of the sale? To ensure a token for one customer method cannot be used to complete sale for another customer.

if($paymentMethodNonce){
  if($save){
    $create=Braintree_PaymentMethod::create([
      "customerId"=>$customerId,
      "paymentMethodNonce"=>$paymentMethodNonce,
      "options"=>["failOnDuplicatePaymentMethod"=>true]
    ]);      
  }
  $sale=Braintree_Transaction::sale([
    "amount"=>$cost,
    "paymentMethodNonce"=>$paymentMethodNonce,
    "customerId"=>$customerId
  ]);
}
else if($paymentMethodToken){
  $sale=Braintree_Transaction::sale([
    "amount"=>$cost,
    "paymentMethodToken"=>$paymentMethodToken,
    "customerId"=>$customerId
  ]);
}
2
phppaypalbraintree

2 Answers

2
votes

To answer your last question, if you include both a paymentMethodToken and a customerId when creating a sale, we require that the paymentMethodToken belongs to the customer specified by the provided customerId. If it does not belong to the customer specified, we throw a Transaction Error with code 91516 (Cannot provide both payment_method_token and customer_id unless the payment_method belongs to the customer).

1
votes

You can create customers and payment methods inside the sale transaction, but they do create errors on duplicates which cause sale to fail. The best way is just to create and ignore errors

$create_customer=Braintree_Customer::create([
  "id"=>$id,
]);
$create_payment_method=Braintree_PaymentMethod::create([
  "customerId"=>$login,
  "paymentMethodNonce"=>$method
]);

Next, the only way to combine paymentMethodNonce and paymentMethodToken is to switch according to which one is being handled. 

$TokenOrNonceType="paymentMethodToken"; or $TokenOrNonceType="paymentMethodNonce";
$sale=Braintree_Transaction::sale([
  "amount"=>$cost,
  $TokenOrNonceType=>$TokenOrNonce,
  "customerId"=>$customerId
]);

Lastly, I am still unsure about the last question. Does Braintree make sure the paymenthMethodToken for a customer matches the customerId of the sale? To ensure a token for one customer method cannot be used to complete sale for another customer. Thanks