Braintree implementation caveats

When implementing Braintree credit card and PayPal payments in the node.js backend server we’ve come to some questions and answers to them with a help from Braintree documentation or Braintree support. We want to share this with other developers.

Q: Can we get payment method nonce from the server side (API) so that users of our payments API will not have to integrate Braintree client javascript files?

A: No we cannot because the concept of the payment method nonce is that no credit card information is sent to the server. Passing raw credit card information directly to the server is not recommended and carries a very high PCI Compliance burden (SAQ-C). If this is acceptable, then you could use the paymentMethod.create() API on the server side and pass the credit card details directly into this call (deprecated).

Q: What if the customer has more than one payment method saved ? Can we call transaction.sale() with customerId as a parameter ?

A: It is not recommended to call transaction.sale() by passing the customerId. It is strongly advised to pass paymentToken (payment method selected during the payment flow) directly in the case the customer has several payment method vaulted.

Q: What are custom fields in Braintree with _fraud prefix used for ?

A: They are used to pass additional information to Kount on transactions. Basically, when you are using Kount Direct, if you want to pass custom fields to Kount along with the transactions, you can set up create user-defined fields (UDFs) in Braintree and in Kount’s Agent Web Console (AWC) that you can then use on their transactions.

Q: When we try to make a transaction(sale) with payment method nonce = “fake-processor-declined-mastercard-nonce" we are getting back result.success when calling transaction.sale method.

A: When using the fake-processor-declined-mastercard-nonce, these is actually representation of declined card verifications, not declined transactions. Verifying a payment method is different than creating a transaction, and these test nonces will not cause a transaction to fail. To trigger an unsuccessful transaction, adjust the amount of the transaction.

Q: Is there maybe a simple explanation when we have to use paymentMethodNonce for making transactions, adding payment methods etc… ?

A: A payment method nonce is generated whenever you are collecting new or updated credit card details from the customer on the client side, which you will then pass to the server side to process a transaction or store the payment method in the Vault. Once the card is stored in the Vault, you can use the payment method token to charge them going forward without having the customer enter their payment details again.

Q: When making PayPal transaction with payment method nonce = ‘fake-one-time-paypal-nonce’ we were getting back the transaction result with status=“failed” and the error message: Processor Network Unavailable

A: The problem was that we have braintree sandbox account linked to PayPal sandbox account and the payment method nonce value is not processed correctly because sending this value to the PayPal does not mean anything to their system. In order to test transaction with PayPal with configuration like this we need to generate a nonce on a client side an pass it to the server. Unfortunately we do not have testing values for creating mocha tests and the functions for PayPal are not automatically testable. So only if we have Braintree sandbox account without linked PayPal account we can use mock data to create a PayPal transaction.

Q: How to create PayPal transactions with Braintree sandbox and linked PayPal sandbox account ?

A: Since our gateway is using real PayPal sandbox data we have to be sure we have a buyers account set up through developers.paypal.com because we can not log in with a real PayPal account. This can be business or/and personal account - both should be fine for testing the buyer side of the transaction and will be able to log in.

Q: The payment_method_nonce field is not automatically generated in the form when placing paypal-container into the form ?

A: We have following javascript for getting back the nonce:

braintree.setup(token, "custom", {
  paypal: {
  container: "paypal-container",
  singleUse: true,
  amount: 10.00,
  currency: 'GBP',
  locale: 'en_us'
},
onPaymentMethodReceived: function (obj) {

Be careful because there is a caveat. When subscribing to this callback, Braintree will not add a hidden nonce input to your form nor will it submit the form automatically. It is up to you to send data to your server as you see fit, usually inside of this callback. This behaviour is well documented in the Braintree documentation but not in the PayPal documentation.

Q: We have transaction splitted in the two steps process. (sale and settle). In the documentation there is only one example when we on sale set *submitForSettlement:true. * What if we call first sale and after that settle. In which step it is necessary to provide deviceData ?

A: The device data has to be sent when you create the transaction, within the Transaction.Sale() API call regardless the value of submitForSettlement.

If you have questions or want consultancy about Braintree integration contact:
gregor@evizija.si