0

I often build payment integrations in my applications. When I receive responses from PayPal or square I am usually able to record a bunch of data from the payment partner. Some of that data I could use to maintain a local copy of the transaction which occurred on the payment facilitator's service.

Often I record the data which I feel supports the needs of the application in question. But I am interested in what is considered standard practice for this data management?

Phillip Stack
  • 3,308
  • 1
  • 15
  • 24

1 Answers1

0

Your question about "standard practice" is fairly broad, but it is safe to store object IDs and other non-card data returned from the Stripe API. https://stripe.com/docs/security#out-of-scope-card-data

Other data protection/privacy laws may apply to your business.

(From a previous answer on a similar topic: https://stackoverflow.com/a/41577523/12474862 )

Nolan H
  • 6,205
  • 1
  • 5
  • 19
  • Thanks very much, I understand this is a very broad topic but felt that there must be some type of regularly followed procedures or design patterns. Thanks a lot! – Phillip Stack May 16 '20 at 04:02