Not all external systems you integrate with Oracle Commerce Cloud Service will comply with the Payment Card Industry Data Security Standard (PCI DSS). For example, while your order management system will likely comply with PCI DSS, systems that manage services like email marketing or customer loyalty programs might not be compliant.
Oracle commerce Cloud Service provides two webhooks that exclude payment details from the order data you send to systems that do not comply with PCI DSS.
Order Submit for Non-PCI Compliant Target Systems fires when an order has been successfully submitted by a customer or an agent.
Return Request Update for Non-PCI Compliant Target Systems fires when a return request has been successfully processed by an agent.
Important: Oracle Commerce Cloud Service does not verify that systems to which you send webhook notifications comply with PCI DSS. You are responsible for determining if target systems are compliant.
If you know that the target system complies with PCI DSS, use the Order Submit and Return Request Update webhooks.
If you know for sure the system does not comply with PCI DSS, or if you are unsure, use Return Request Update for Non-PCI Compliant Target Systems and Order Submit for Non-PCI Compliant Target Systems.
The following table describes all the components of the paymentGroups
object that are excluded from the request for non-PCI compliant versions of the webhooks. For detailed descriptions of each component, see REST API for Oracle Commerce Cloud Service.
paymentGroups Component | Description |
---|---|
| An array of authorization status objects. |
| The payment token string. This component is valid only if the |
| The two-digit credit card expiration month. This component is valid only if the |
| The four-digit credit card expiration year. This component is valid only if the |
| The class type of the payment group. Valid values are |
| The last four digits of the credit card number. This component is valid only if the |
| The date the payment was submitted. |
The following example shows the paymentGroups
portion of an Order Submit webhook POST request.
"paymentGroups": [{ "id": "pg30411", "amount": 277.97, "authorizationStatus": [{ "amount": 277.97, "errorMessage": "Request was processed successfully.", "authorizationDecision": "ACCEPT", "transactionId": "bupovkdslhd8or1i869pj1bls", "reasonCode": "100", "transactionUuid": "75afb7640b5a43e88341572869adbda6", "transactionSuccess": true, "currency": "USD" }], "currencyCode": "USD", "token": "9997000108950573", "expirationMonth": "02", "expirationYear": "2019", "paymentGroupClassType": "tokenizedCreditCard", "creditCardNumber": "1111", "submittedDate": "2015-12-16T10:25:41.894Z", "billingAddress": { "middleName": null, "lastName": "Shopper", "ownerId": null, "state": "NY", "address1": "100 MyStreet Ave", "address2": null, "address3": null, "companyName": null, "suffix": null, "country": "US", "city": "MyTown", "faxNumber": null, "postalCode": "13202", "phoneNumber": "212-555-0100", "email": "shopper@example.com", "county": null, "prefix": null, "firstName": "Sally", "jobTitle": null }, "amountAuthorized": 277.97, "paymentMethod": "tokenizedCreditCard" }]
The following example shows the paymentGroups
portion of an Order Submit for Non-PCI Compliant Target Systems webhook POST request.
"paymentGroups": [{ "id": "pg30411", "amount": 277.97, "billingAddress": { "middleName": null, "lastName": "Shopper", "ownerId": null, "state": "NY", "address1": "100 MyStreet Ave", "address2": null, "address3": null, "companyName": null, "suffix": null, "country": "US", "city": "MyTown", "faxNumber": null, "postalCode": "13202", "phoneNumber": "212-555-0100", "email": "shopper@example.com", "county": null, "prefix": null, "firstName": "Sally", "jobTitle": null }, "amountAuthorized": 277.97, "paymentMethod": "tokenizedCreditCard" }]