Support saved cards about sagepay-integration HOT 6 CLOSED

It may be that we have two card types that can be passed into a payment request: a temporary card token (with mechantSessionKey) and a reusable card token (which can be saved for further use if needed).

The Response\CardIdentifier is the temporary card token, and payments support that only in this library right now. The Response\Model\Card is the (optionally) reusable card token.

from sagepay-integration.

Fairly new documation page shows what the reusable card looks like:

http://integrations.sagepay.co.uk/content/tokens

It shows how the dropin scripts can be used to link the CVV to the reusable card token, without the need for that CVV to be sent to the merchant site.

With a CVV attached, payment is done like this:

"paymentMethod": {
       "card": {
           "merchantSessionKey": "<merchant-session-key>",
           "cardIdentifier": "<card-identifier>",
           "reusable": true
       }
   },

without a CVV attached, it looks like this:

"paymentMethod": {
       "card": {
           "cardIdentifier": "<card-identifier>",
           "reusable": true
       }
   },

Not forgetting that both of these will need save: true included if the card is to continue to be reusable (TBC though, as the docs are a little ambiguous).

from sagepay-integration.

I think I have it now.

The Request Card model is a temporary card token using the session key and the card identifier, with an optional "save" parameter. It will be used as a payment method.

The Response Card model is the card details returned to the merchant site. This may be a reusable card token or a non-reusable card. If reusable then it can be used as a payment method in another transaction without any further changes, since it now implements the payment method interface.

from sagepay-integration.

It seems to the case that once a card has been used with the save flag set on its first use, it will remain reusable for all subsequent uses without the need to keep setting save. In fact, setting save to false on a subsequent use leaves the card reusable. That doesn't seem right, and I'll check up on that with Sage Pay.

from sagepay-integration.

These are essentially the options for sending a card as a payment method:

1. card-identifier+session-key = tokenised on front end.
2. card-identifier+session-key+reusable = saved card with a new CVV attached.
3. card-identifier+reusable = saved card with no CVV attached.

These are three different card objects, which we will call:

1. SessionCard (lasts 400 seconds, then discarded)
2. ReusableCvvCard (must be used within 400 seconds, then link must be refreshed)
3. ReusableCard (lasts until it is explicitly removed)

All three can take the "saved" parameter. 2 and 3 seem to ignore the value of that parameter at this time.

from sagepay-integration.

These are the four valid combinations of fields that make up a card payment type. Both reusable/save flags default to FALSE, so setting the field to "false" or leaving it blank are equivalent:

All other combinations (e.g. TRUE+TRUE, or FALSE+any+missing session-key) are invalid. So it looks like the save flag is not supported for a reusable card and so withSave() can be removed from those. (TBC - awaiting confirmation from SP - yes, confirmed the above is correct)

from sagepay-integration.