Search the Aria Knowledgebase for
User Documentation, APIs, SDKs, and more!

 

Home > Aria Crescendo Documentation > Direct Post Payment Handler > Direct Post Registration Process

Direct Post Registration Process

This article applies to:Aria Crescendo

Overview

The Direct Post Handler manages secure payment transactions for existing accounts and does not create Aria accounts. Therefore, the registration process must create the account in Aria, typically by calling the create_acct_complete_m API, before the payment information is submitted. As part of this process, the account information is sent to Aria, the account is created, and the account ID is returned to the client’s system, ready to be used by the Direct Post Handler.

Submitting payment information is the last step in the registration process. Any registration process that does not collect payment information must be modified to take advantage of the Direct Post Payment Handler. Otherwise, clients are responsible for their own PCI compliance. 

Note: For User Self‐Service pages, an account is already created, so the Direct Post Payment Handler is not affected by this process. 

Direct Post and Invalid Credit Card Data

For PCI compliance reasons, an account must exist in Aria before a credit card can be added and validated using Direct Post. Aria’s Direct Post is only used for adding credit cards to existing accounts. 

If you want to avoid PCI responsibility, you cannot save or store credit card information on your server. Therefore, you cannot use server-to-server API calls, like create_acct_complete_m, to post a credit card to an account without utilizing Direct Post.

Direct Post allows you to avoid maintaining PCI compliance by providing another path for the credit card number to flow from your customer directly to Aria, bypassing your systems completely.

The account and/or master plan instance can be created in a “Non-Active” state, and the addition of a valid credit card can change the account or master plan instance status to "Active." This ensures that accounts with invalid credit card information are never activated.

Using the Direct Post Handler With Your Registration Form of Payment Page

The following steps enable your website's account registration pages to use the Aria Direct Post Payment Handler to secure sensitive data:

  1. During the Aria implementation, configure the URL where Aria returns your online customers after they submit payment information. This redirect URL parameter is set using the set_reg_uss_config_m API. 
  2. As an Aria client, you must host the Form of Payment entry page, and display it through the customer's browser. This page must include the following:

  • Hidden form tag having an attribute that points to an Aria‐hosted URL.
  • Hidden form field containing the Aria‐assigned Client Number.
  • Hidden form field containing the Aria session ID. An Aria session ID is created using the set_session_m API method.
  • Hidden form field in which the function mode for the Direct Post Payment Handler runs. The mode indicates the set of specific configuration settings for the page.
  1. When the online customer submits the form, it is posted directly to Aria without being submitted to the client’s server.
  2. Aria receives the posted data and completes the following internal processing:
  • The credit card number is linked to the customer account.
  • The credit card and bank validity are verified.
  • The generated invoice is collected within the session. The actual registration flow is subject to the system parameters.
When this process is completed successfully, Aria returns the online customer to the URL defined in Step 1. This URL must accept and process an errors input parameter, which reports the outcome of Aria’s processing and informs the client system of success or failure. The client’s system continues direct interaction with the customer’s browser, reporting either success, missing information, or errors in the account validation.
You must to post a comment.
Last modified
16:25, 26 Aug 2016

Tags

Classifications

This page has no classifications.