/adyen-cse-ios

[Deprecated] Sample code for client-side encryption on iOS

Primary LanguageObjective-CMIT LicenseMIT

Adyen CSE for iOS

Build Status License CocoaPods CocoaPods Carthage compatible

This repository contains Adyen's Client-Side Encryption (CSE) library for iOS. With CSE card data is encrypted on a client side (in this case the iOS device) before you submit it through your own server to the Adyen API. By using CSE you reduce your scope of PCI compliance, because no raw card data travels through your server. This repository can be leveraged as a starting point to integrate Adyen's payment functionality fully in-app.

Requirements

The AdyenCSE-iOS library is written in Objective-C and is compatible with apps supporting iOS 7.0 and up. Looking for the Android or web equivalent? We have the CSE library also available in Java (AdyenCSE-Android) and JavaScript (AdyenCSE-web).

All our CSE libraries rely on you setting up your own server for communicating with the Adyen API. By using a server you ensure that API authentication credentials never get exposed. Please note that you need to have signed up for an account at Adyen before you can send requests to the Adyen API.

Example

For your convenience this repository contains an example app that can be used as a reference while integrating.

To run the example project, type in the terminal:

pod try AdyenCSE

Installation

AdyenCSE is available through either CocoaPods or Carthage.

Cocoapods

  1. Add pod 'AdyenCSE' to your Podfile.
  2. Run pod install.

Carthage

  1. Add github "adyen/adyen-cse-ios" to your Cartfile.
  2. Run carthage update.
  3. Link the framework with your target as described in Carthage Readme.

Usage

The code below illustrates how you can collect and encrypt card payment data.

#import "AdyenCSE/AdyenCSE.h"

// Set the public key.
NSString *publicKey = @"10001|B243E873CB9220BAFE71...";

// Create a card object.
ADYCard *card = [ADYCard new];
card.generationtime = [NSDate new];
card.number = @"55551...";
card.holderName = @"John A...";
card.cvc = @"737";
card.expiryMonth = @"08";
card.expiryYear = @"2018";

// Encrypt card data.
NSData *cardData = [card encode];
NSString *encryptedCard = [ADYEncrypter encrypt:cardData publicKeyInHex:publicKey];

Note that you'll have to URL encode the encryptedCard value before sending it from the app to your server, as the encryptedCard is generated by the CSE library and must be exactly the same as you send it from the server to the Adyen API.

NSURL *url = [NSURL URLWithString:merchantPaymentAuthoriseUrl];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
request.HTTPMethod = @"POST";

NSString *body = [NSString stringWithFormat:@"encryptedCard=%@",[encryptedCardDetails ady_URLEncodedString]];
request.HTTPBody = [body dataUsingEncoding:NSUTF8StringEncoding];

Next steps

Server side

Once you get encrypted payment information on your server, you should submit it through an API call to the corresponding Adyen endpoint. For example, the code example below demonstrates how to pass payment data in JSON format:

curl -u "ws@Company.YourCompany":"YourWsPassword" \
    -H "Content-Type: application/json" \
    -X POST \
    --data \
    '{
        "additionalData": {
        "card.encrypted.json":"adyenjs_0_1_4p1$..."
    },

    "amount" : {
        "value" : 2000,
        "currency" : "EUR"
    },

    "reference" : ["YourPaymentReference"],
    "merchantAccount" : ["YourMerchantAccountName"]
}'\
https://pal-test.adyen.com/pal/servlet/Payment/v18/authorise

Recurring payments

If your business model requires to bill your customers on a recurring basis, you may enable recurring payments using the Adyen platform. In this case Adyen securely stores payment details when you make the first authorisation call, so that you no longer need to provide this data in the future.

To do this, add the recurring field to the payment request you make from your server to the Adyen platform. For example, if you want to enable both shopper-not-present and one-click recurring modes for a specific payment, add the following field to the API call above:

"recurring" : {
   "contract" : "RECURRING,ONECLICK"
}

For more information on recurring payments, refer to the Adyen documentation.

Notifications

After you have developed your app, set up your merchant server and successfully performed your first test payment it's time to complete your integration by registering for Adyen's notification service. After each payment initiation we push a notification to your server with the authorisation response, so you can be sure whether you can start delivering your goods or services.

To subscribe to and integrate with the notification service, please check our notification manual.

Going live

Successfully integrated with our notification service? Congratulations, now it's time to start accepting payments for real! Assuming that you've been using your Adyen test account and the Adyen API's test endpoints, you can now make use of your Adyen live account and Adyen API live endpoints.

Questions?

If you have any questions or suggestions, please contact your account manager or send your inquiry to support@adyen.com.

License

This repository is open-source and available under the MIT license. See the LICENSE file for more information.