They ❤ developers, and it's true. Not only that, they have a neat transparent redirect system that allows your clients to POST form data directly to braintree, bypassing your servers entirely. You can get PCI compliant quite easily.
Transparent redirect secures card data completely
This is a huge benefit.
Braintree has a standard Server to Server (S2S) API with client libraries in major application environments (Python, Ruby, PHP, Java, Perl, .NET, even Node!) which stand out from ease of use already, but they offer even more: the transparent redirect system.
With TR, your HTML form elements literally point to Braintree. Clients send absolutely no data to your servers, and your PCI Compliance requirements are drastically reduced. You can qualify for a self assessment questionnaire (if you don’t enter any CC data over the phone for example) rather painlessly.
How does TR work?
There are two components to TR. One is data encrypted from the server in a hidden tr_data field. The other is the user-fillable input boxes.
When you initialize the tr_data generating function, you’ll give it a callback url for braintree to redirect to. It not only serves to direct users back to your site, but the query string contains data that you can pass to your client library to get a Transaction object exactly as if you’d done the S2S implementation. Seamless!
Step 1: post the form to braintree
Fill in the tr_data, fill in the minimum required CC fields, and post away to your merchant TR URL.
If you’re worried about your users manually submitting data, you can enforce data submission by the server by using the tr_data field.
For example, you might force the billing country to be from the US.
Step 2: handle the query string at your callback url
At the callback url you supplied the client library to generate your tr_data, pass the query string into the braintree client library. It will return a Transaction object just as if you’d done it through S2S.
Here, I check to make sure it’s not an Error response (at which point I have to put in some special logic to display the error at the submitting form view) and redirect to a success view if the transaction is successful.
Step 3: do what you will with a securely created Transaction object
The amazing thing is that the result is the same object you’d deal with if you had used the S2S API.
I don’t even want to look into the 40 or 60 different rates we have for our credit cards. It’s utterly complicated and confusing. Hidden fees seem everywhere.
Not so here. http://www.braintreepayments.com/pricing
What is that, 3 numbers? All of which amount to less right off the bat than what I’ve been quoted.
I think this transparency is a trend among emerging tech companies. There’s no reason why payments have to be difficult.
Clean and clear monthly reports
Finally, a company that gives us great monthly reports. The payments industry is amazingly behind the times (everything is paper based) but at the very least this is the best experience I’ve had with clearly itemized monthly reports.
Even chargebacks are on this report. With several other payment company combinations I’ve used, all we’d get is a piece of paper in the mail and no other record.
Helpful people pick up the phone in 15 seconds.
I got great support the first time I called about a decently technical question.
Amazing amazing support
This support is unreal. Our shopping cart: Shopify had some interesting error messages for cards declined due to AVS. It was unhelpful and confusing customers.
When I brought the issue up with Braintree rather casually (3 sentence email?) their support staff responded telling me it wasn’t their fault – it was Shopify’s ActiveMerchant.
Guess what they did without any further contact? They decided to submit a patch to ActiveMerchant on Github to fix detection of AVS mismatches with better error messages.
Let’s see, what happened for 3 sentences?
- they read it.
- they responded / it wasn’t their fault.
- they looked into ActiveMerchant and found the problem with the braintree code.
- they actually fixed it and submitted the patch.
I think that’s pretty amazing.