Sending Credit Card Data to IIG Directly
IIG's systems will not accept credit card numbers via the API. The API will only accept the payment nonce generated by Braintree. This is a requirement for our PCI compliance, and exceptions cannot be made. If your agency cannot work with the Braintree requirement, we suggest you use the Agent Issue functionality.
Issuing policies using a Credit Card is a difficult propisition, given the security requirements of PCI.
Credit Card Nonce
The Credit Card workflow adds extra steps in order to obtain a client_key used for encrypting and transmitting the credit card data to Braintree, IIG's payment card processor. The new workflow looks like this (errors withstanding):
Send Quote data to the API.
- Receive back rating data.
Send Coverage data to the API.
- Requires the same data as fully issuing a policy except for the
- Rating data for the selected coverage.
A payment client_key specific to this client, quote, and coverage.
- Will appear in the response under payment.client_key.
- Braintree will return a nonce (one time use identifier) for the client's credit card information.
- Send Policy data to the API, including the nonce.
- Receive links to policy documents.
We have a non-working example (missing the client_key), to guide your implementation.