Contributors mailing list archives
Re: Backend processing of credit card paymentby
Hello Maxime and others,
Recently I made a POC to integrate ActiveMerchant from Shopify with Odoo https://github.com/activemerchant/active_merchant
It supports Authorize and dozens of other gateways as you can see in the doc and it's very mature and well maintained.
I mostly copied the decorator design pattern from the Spree ecommerce for that (because ActiveMerchant implements the gateways logic without forcing a persistence technology which is exactly what we want when using it from Odoo). Then I wanted to expose a REST API via Grape and consume it from Odoo backend using a 50 lines json client,
Well the POC was working great but at Akretion we froze the dev effort here because we start thinking it would be hard to enforce the PCI DSS compliance. As except for Stripe, the customer card number would end up transiting on our server which would force us to enforce the PCI-DSS.
So technically this a very elegant solution, but how do you see the PCI-DSS compliance in your use case? PCI-DSS means both technical rules to enforce like not storing customer card details in clear text (easy) but also infrastructure and bureaucratic obligations which seems much more costly to enforce. If you see ways to work around the PCI-DSS here I would be glad to contribute this...
In the meantime, at Akretion we came back to the "integration" logic much like Odoo does that is letting the customer do the payment on the provider website directly (even if may look integrated).
Note: we also were reluctant to use Odoo PaymentTransaction object here and may favor the OCA payment objects instead which we trust more and have their workflow more integrated.,
On Fri, Jul 22, 2016 at 1:08 PM, Maxime Chambreuil <firstname.lastname@example.org> wrote:
Hello,We, at Ursa, received couple requests to provide a way to process credit cards for customer payment using payment acquirer like Authorize.net or Paypal. This is specific to the backend, you may not be using the website and still want to accept CC payment.First, I wanted to make sure there is nothing already existing out there.Second, I would like to share with you the functional specification attached and request any comments or feedbacks.We are thinking of launching a crowdfunding campaign to provide:
- a first module with the foundation and all the acquirer agnostic stuff for 5,000 $US
- the authorize.net integration for an additional 5,000 $US
- the paypal integration for an additional 5,000 $USModules would respect OCA standards and include documentation.Any interest? Can I count on your financial contribution?Thank you!