Page MenuHomePhabricator
Create Task
Maniphest T87057

Figure out LATAM recurring
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

We might be able to do recurring through LATAM processor, but I'm thinking we'll need an API change to support this. Currently, the create subscription call needs to be signed using WMF's secret key, but contains cardholder data. This would affect our PCI level, cos the cardholder data would go through our server.

Ideally, we would make a call to AP that generates a temporary signing token, then provide that token to the client. The client would connect directly to AP. That might be impossible, however. The next best solution would require a larger coding effort: encrypt the cardholder data, transmit from the client to WMF servers, then send encrypted to AP.

Related Objects
Search...

Event Timeline

awight created this task.Jan 16 2015, 8:17 PM
awight raised the priority of this task from to Medium.
awight updated the task description. (Show Details)
awight added projects: Wikimedia-Fundraising, MediaWiki-extensions-DonationInterface.
awight subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 16 2015, 8:17 PM
atgo added a parent task: T86107: Plan development for LATAM.Jan 28 2015, 10:56 PM
atgo moved this task from Backlog to Important on the MediaWiki-extensions-DonationInterface board.Jan 29 2015, 9:29 PM
awight added a comment.Jan 30 2015, 12:26 AM

Waiting for a response from AP. I suggested the following changes:

  • New API that is run from the merchant's server, which returns a one-time token to give to the client.
  • New API to run Save Card from the client, using the one-time token and returning the cc_token to be stored at the merchant's end.
awight added a project: § Fundraising Sprint the Cure.Jan 30 2015, 12:37 AM
awight set Security to None.
awight moved this task from In Analysis to In Development on the § Fundraising Sprint the Cure board.
atgo assigned this task to awight.Jan 30 2015, 6:55 PM
atgo edited a custom field.
atgo moved this task from In Development to Pending Code Review on the § Fundraising Sprint the Cure board.
atgo moved this task from Pending Code Review to In Development on the § Fundraising Sprint the Cure board.Jan 30 2015, 7:47 PM
atgo renamed this task from Figure out AstroPay recurring to Figure out LATAM recurring.Feb 2 2015, 8:43 PM
atgo updated the task description. (Show Details)
awight added a comment.Feb 2 2015, 9:55 PM

They responded, to say that they are already planning this feature, but the timeline is TBD. Existing APIs are not appropriate to run from the client side.

awight moved this task from In Development to Pending Code Review on the § Fundraising Sprint the Cure board.Feb 4 2015, 9:33 PM
awight moved this task from Pending Code Review to Pending Deployment on the § Fundraising Sprint the Cure board.
awight moved this task from Pending Deployment to Done on the § Fundraising Sprint the Cure board.
awight edited a custom field.

They're estimating "Q3" for this feature, which we assume means July-Aug 2015. We shouldn't be the first adopters.

atgo closed this task as Resolved.Feb 4 2015, 9:46 PM
atgo subscribed.
atgo added a project: Fundraising-Backlog.Jun 30 2015, 10:16 PM
atgo moved this task from Triage to Closed Sprint Work Q3 1415 on the Fundraising-Backlog board.Jun 30 2015, 10:18 PM
mmodell removed a subscriber: awight.Jun 22 2017, 9:52 PM
DStrine edited projects, added Fr-tech-archived-from-FY-2014/15; removed Fundraising-Backlog.Jan 11 2018, 9:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL