What are best practices for doing multiple transactions with POST requests to the payment gateway?
Our use case is:
- We need to initiate one immediate payment, and schedule other for a later time (month, etc)
- We want to avoid forcing the user to enter the same (CC/ACH) info twice
- We want to avoid sensitive data ever touching our server, so looking into POSTing it directly to the payment gateway
- We want to handle all the UI presented to the user (ie don’t want user to need to interact with payment gateway ui/forms/etc)
- Most payment gateways we’ve seen aren’t flexible enough to do initial + schedule in one POST call (some of them can save the sensitive info and return a token with which we can do subsequent transactions, but most can’t, and we’d like to keep our options open)
- We can rely on user having javascript enabled in the browser
What’s the best way to do this?
Our current plan is to:
- make two ajax POST calls to the payment gateway (one for initial payment, other to set up scheduled payment)
- wait for the gateway to redirect each of them to our sever, and record the succcess/failures
- in the meantime, the form page polls the server to see whether both transactions finished/timed out, displays an error (and give the user chance to correct immediately in the form) if there was an error, or redirect to success page if both transactions succeeded
Is there a better way of doing it and/or are there problems with doing it like this?
Answering my own question in case someone else has the same dilemma:
The solution we ended up doing is selecting a payment gateway which can store payment information about the user and return a reference ID to use for future payments.
We did a normal single POST request to the service, which processed the first transaction and stored the info. After redirect back to our app, we created another transaction using the provided payment method reference ID.