Open topic with navigation
Create WebSession objects, in the context of Vindicia’s HOA function, in anticipation of the submission of the Web order form by a customer who requested the form from your server. While filling out the form, the customer enters sensitive payment data, such as a credit-card numbers, before submitting the form to HOA, which is hosted on Vindicia’s server. Handling such data might mean that you must comply with PCI requirements. With HOA, however, your billing infrastructure need not handle any payment data at all. See Chapter 13: Hosted Order Automation in the CashBox Programming Guide, for details.
Note that the WebSession object is only partly populated at creation. It might, for example, contain private data that you do not want to be visible in the form that you serve to the customer, but that is needed for the API call made by HOA at form submission. One key piece of data you must include in the WebSession object is the CashBox API call (see the method attribute) HOA should make when the customer submits the form. Once created, the WebSession object contains a VID. Embed that VID in the form you serve to the customer so that HOA can match the form’s submission with the corresponding WebSession object instance.
After form submission by the customer, HOA makes the API call you specified in the WebSession object’s method attribute to create an object that requires sensitive payment information, such as an AutoBill, a PaymentMethod, or a Transaction. Fetch the WebSession object by calling its fetchByVid() method, typically before returning the success or failure page to the customer: HOA redirects the customer’s browser to one of those pages after receiving the form. See Chapter 13: Hosted Order Automation in the CashBox Programming Guide for details on the role of the WebSession object in the HOA process flow.