What's new? | Help | Directory | Sign in
Google
monkeycharger
A small Rails application for storing and charging credit cards
  
  
  
  
    
License: MIT License
Labels: rails, creditcards, ruby
Join project
Project owners:
  joevandyk

Want your Web App to store credit card data? Use monkeycharger.

NOTE: See http://repo.or.cz/w/monkeycharger.git for future updates

Store credit cards via the REST api. Then, you can authorize and capture amounts on those stored cards (or do one-time authorizations/captures on a non-saved card). Uses ActiveMerchant for authorizing and capturing.

Credit card numbers are stored in the database. As such, you'll want to run this application on a very secure machine. When saving the credit card, you'll need to supply a unique key (I call it "passphrase"). You'll need to use the correct passphrase when authorizing a saved card.

API summary

Storing Credit Cards

Uses the ActiveResource conventions. But this might change -- ActiveResource might be overkill for this.

Authorizing credit cards

Both these return a transaction_id and a X-AuthorizationSuccess HTTP header on success, or text that represents the failure reason if it failed to authorize the card.

Capturing

If the capture was successful, the X-CaptureSuccess HTTP header will be set. If not successful, will return the reason why.

Cancelling

Refunds

Comments? I hope to finish this up in the next few days. There's a plugin in vendor/plugins/monkey_charger that you'd install to your Rails application in order to use this (optional).

I'd really like someone who knows encryption to look at how I handle the credit card encryption and make sure it's somewhat sane.

Remote Key Clarification

Here's an email I sent in response to a question:

The "remote key" is a way to make sure that, if someone hacked their
way into the credit card server, they couldn't decrypt it without the
remote key that's stored by the client of the monkeycharger
application.

I should probably call the remote key "salt" instead.  It changes (or
is supposed to change) for each credit card.

So the process is:

- Website takes credit card, generates salt or remote key
- Stores credit card on monkey charger -- sending the salt
- When I want to do an authorization on the card, I send the salt
along with the authorization request.  This lets the monkeycharger
application decrypt the credit card number to send to the card
processor.

Rails Way Writeup

Jamis Buck did a write-up on monkeycharger: http://www.therailsway.com/2007/9/3/using-activeresource-to-consume-web-services