Forward API
The Braintree Forward API allows developers to forward raw payment data from the Vault to third parties. These third parties—or destinations—do not need to be Braintree merchants; they can be any PCI compliant entity that requires raw payment data.
Common use cases include:
- Transaction services: While Braintree's Premium Fraud Management Tools suit many merchants' needs, some business categories are best served by other fraud services
- Loyalty and rewards services: Card-linked offers typically require sending the full credit card number to an issuer or card network
- Processing services: Some business partners may not yet be able to use Braintree direct, and the Forward API allows a secure integration with their existing platform or provider
- Other use cases: Any API integration requiring raw payment information can potentially be solved via the Forward API
However, the Forward API is not limited to these use cases: any API integration requiring raw payment information can potentially be solved via the Forward API.
How it works
You will tell the Forward API how to include the sensitive payment data by writing a config that describes the HTTPS requests the Forward API will make.
Once you've set up a config for a given destination, you can begin making requests to the Forward API to send payment data to that destination, and the Forward API will make the necessary HTTPS requests on your behalf. In more detail, here's how it works:
- You make a HTTPS request to the Forward API.
- This request refers to the config you've written for the destination.
- It also includes a
payment_method_nonce
orpayment_method_token
, which is used to look up payment data in your Vault.
- The Forward API makes a request to the destination API on your behalf.
- This request includes the specified payment data.
- The specified config determines how the request is made.
- The Forward API receives a response from the destination.
- You receive a response from the Forward API.
- If the request is successful, the Forward API response body includes the destination's full HTTPS response.
Example
Step 1: Simplified example request to Forward API:
- JSON
{
"payment_method_nonce": "fake-valid-nonce",
"url": "https://httpbin.org/post",
"method": "POST",
"config": {
"request_format": {"/body": "json"},
"transformations": [{
"path": "/body/card/number",
"value": "$number"
}]
...
}
...
}
Step 2: HTTP request made by Forward API to httpbin.org:
POST /post HTTP/1.1
Content-Type: application/json
...
{"card": {"number": "4012888888881881"}}
Step 3: httpbin.org sends a response to the Forward API:
HTTP/1.1 200 OK
Content-Type: application/json
...
{"i-am-the-body": ...}
Step 4: Forward API responds to you with the response from httpbin.org:
- JSON
{
"status": 200,
"headers": {
"Content-Type": "application/json",
...
},
"body": {
"i-am-the-body": ...
},
"request-time": (milliseconds spent by the forward API making the request)
}