Processing a Credit Card Payment with a Vaulted Card
Published in
3 min readMay 19, 2016
In this tutorial, we’ll be looking at a Node example to show how to store a credit card using the PayPal vault, then reference that stored credit card to process a credit card transaction for a user.
The reason why we would want to use the vault is so that we don’t have to store sensitive credit card information on our own servers. We simply reference the payment method via a provided vault ID, meaning that we don’t have to deal with many PCI compliance regulations with storing the credit cards ourselves.
For the full example code used in the below tutorial, go to the PayPal Developer Github account.
Our first step is to require the packages that we need, and configure our environment.
var paypal = require('paypal-rest-sdk'),
uuid = require('node-uuid');var client_id = 'YOUR CLIENT ID';
var secret = 'YOUR SECRET';paypal.configure({
'mode': 'sandbox', //sandbox or live
'client_id': client_id,
'client_secret': secret
});
We add the requirement for the PayPal SDK & a uuid package (more on that in a moment), then set up variables for the client ID and secret that were obtained when creating an application. We then configure our application using these details, and specify the environment that we are working in (live or sandbox). We are using the node-uuid package in order to be able to generate unique UUID's for the payers when storing the card. An alternative for this is to use your unique customer IDs in place of this functionality. You can install that package via:npm install node-uuidNext, we define the credit card JSON object that will be sent to the PayPal vault for storage. It contains information from the card, as well as a unique payer ID that we generate using node-uuid. You should store this unique payer_id in your own database as it will be used when creating a payment with the vaulted card.var create_card_details = {
"type": "visa",
"number": "4417119669820331",
"expire_month": "11",
"expire_year": "2018",
"first_name": "John",
"last_name": "Doe",
"payer_id": uuid.v4()
};Lastly, we need to store the credit card and process the payment using that card. To vault a credit card, we call credit_card.create(...), passing in the credit_card_details object that we just created. If all goes well, we should have an object returned to us with details about the vaulted card. For the sake of a payment with that card, we only really need two pieces of information: the payer_id that we already stored, and the vault ID, that should also be stored as a reference in our own database.paypal.credit_card.create(create_card_details, function(error, credit_card){
if(error){
console.error(error);
} else {
var card_data = {
"intent": "sale",
"payer": {
"payment_method": "credit_card",
"funding_instruments": [{
"credit_card_token": {
"credit_card_id": credit_card.id,
"payer_id": credit_card.payer_id
}
}]
},
"transactions": [{
"amount": {
"total": "7.47",
"currency": "USD",
"details": {
"subtotal": "7.41",
"tax": "0.03",
"shipping": "0.03"
}
},
"description": "This is the payment transaction description."
}]
};paypal.payment.create(card_data, function(error, payment){
if(error){
console.error(error);
} else {
console.log(JSON.stringify(payment));
}
});
}
});
In the section following the successful vaulting of the credit card, we then define our card_data object in order to process the payment. The main difference between a regular card payment (where you add in the card details) and processing via a vaulted payment in the structure of the card_data object, is the funding_instruments section, that we define under payer. Instead of defining the credit card information, we instead use the following object that contains the vault ID reference, and the payer ID:"credit_card_token": {
"credit_card_id": credit_card.id,
"payer_id": credit_card.payer_id
}Other than that, we simply set an intent of sale and define our transactions object, which details the payment to be made.Lastly, we make a request to payment.create(...), passing in the card_data object that we just defined. If all is successful, we have now just vaulted a card and immediately processed a payment with it.
