Home > Aria6 User Documentation > Direct Post Payment Handler > Direct Post Registration Process

Direct Post Registration Process

Overview

The Direct Post Handler manages secure payment transactions for existing accounts and does not create Aria accounts. Therefore, the registration process must create the account in Aria, typically by calling the create_acct_complete API, before the payment information is submitted. As part of this process, the account information is sent to Aria, the account is created, and the account ID is returned to the client’s system, ready to be used by the Direct Post Handler.

Submitting payment information is the last step in the registration process. Any registration process that does not meet these criteria must be modified in order to take advantage of the Direct Post Payment Handler. Otherwise, clients are responsible for their own PCI compliance. 

Note: For User Self‐Service pages, an account is already created, so the Direct Post Payment Handler is not affected by this process. 

Direct Post and Invalid Credit Card Data

For PCI Compliance reasons, an account must exist in Aria before a credit card can be added and validated via Direct Post.  Aria’s Direct Post is only used for adding credit cards to existing accounts. 

If you wish to avoid PCI responsibility, then you should never save or store credit card information on your server. Therefore, you cannot use server-to-server API calls, like create_acct_complete, to post a credit card to an account without utilizing Direct Post.

Direct Post allows you to avoid having to maintain PCI compliance by providing another path for the credit card number to flow from your customer directly to Aria, bypassing your systems completely.

The account can be created in a “Non-Active” state, and the addition of a valid credit card can change the account status to "Active." This ensures that accounts with invalid credit card information are never activated.

Using the Direct‐Post Handler With Your Registration Form of Payment Page

The following steps enable your website's account registration pages to use the Aria Direct Post Payment Handler to secure sensitive data:

  1. During the Aria implementation, configure the URL where your online customers should be returned to by Aria after they submit payment information. This redirect URL parameter is set using the Configuration Set API. 

  2. As an Aria client, you must host the Form of Payment entry page, and display it through the customer's browser. This page must include the following:

  1. When the online customer submits the form, it is posted directly to Aria without being submitted to the client’s server.
  2. Aria receives the posted data and completes the following internal processing:
  • The credit card number is linked to the customer account.
  • The credit card and bank validity are verified.
  • The generated invoice is collected within the session. The actual registration flow is subject to the system parameters.
When this process is completed successfully, Aria returns the online customer to the URL defined in Step 1. This URL must accept and process an errors input parameter, which reports the outcome of Aria’s processing and informs the client system of success or failure. The client’s system continues direct interaction with the customer’s browser, reporting either success, missing information, or errors in the account validation.

 

Last modified

Tags

Classifications

This page has no classifications.
Powered by CXone Expert ®