The Cash Management Office (CMO) within the Harvard Office of Treasury Management is responsible for managing the University’s banking and credit card payment card industry data security standards (PCIDSS). All Harvard University schools, tubs, local units, and Affiliate Institutions must comply with the official University policy governing credit card payments.
TouchNet is Harvard’s standard for credit card payment solutions. The CMO provides three different TouchNet service options; uStores, uPay, and the eCommerce Gateway. Services built on the Salesforce platform as well as other specialized front-end systems or web sites that accept credit card payment for events, non-traditional educational offerings, and other products and services should use the eCommerce Gateway.
This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce. It also includes links to additional sources of information that should be reviewed prior to and during the development of all Salesforce eCommerce Gateway integrations.
The eCommerce Gateway API must be used for integrating credit card payment processes with the Salesforce platform.
Understand the roles of your local IT support team, HUIT IT and the external service provider (Touchnet)
Visit the Harvard API Catalog and review the eCommerce Gateway API documentation and API endpoint information
The eCommerce Gateway, also called the uPay custom API, is a set of REST API endpoints that provides client applications with a way of communicating with TouchNet payment gateways. The API is available through the Harvard API Portal and is managed by the Apigee API management platform. The Apigee platform provides a variety of API related services including security, quota management, reporting, and monitoring.
A typical use of the eCommerce Gateway will include the following steps:
A customer initiates a credit card payment process within a Salesforce application
Salesforce creates a record with basic billing data and redirects the user’s browser to the eCommerce Gateway API passing the amount to be paid, a unique reference number, and some other information in the form of an HTML post.
Based upon the information provided, the Harvard eCommerce Gateway API redirects the user to the correct TouchNet payment gateway.
Once within the Touchnet environment, the user provides their payment information (i.e. credit card number) and submits the payment.
Upon completion of the payment process, the TouchNet payment gateway returns information about the payment to the Harvard eCommerce Gateway API. Touchnet also updates the General Ledger with the associated financial details and provides a receipt to the customer.
The eCommerce Gateway API returns the payment status information back to Salesforce.
The Salesforce client application updates the associated billing record and takes any other necessary actions.
Note that no personal or financial data is transmitted through the eCommerce gateway. Touchnet, as Harvard’s service provider is contractually obligated to keep their systems and process in compliance with PCI requirements.
A graphical overview of the system is below:
Responsibility for implementation of the eCommerce Gateway within Harvard is normally shared among the local team which includes the business users and local IT, HUIT IT, and the Office of Treasury Management (OTM).
The local team is responsible for:
Working with the OTM to complete the necessary business and financial steps
Configuring Salesforce including form development and user interface design
Testing and go-live coordination
HUIT is responsible for approving access to the API, including provide API client and secret keys and configuring eCommerce Gateway as well as maintaining the API platform.
OTM authorizes the use of the eCommerce gateway and provides the following support services:
Setup and configuration support
System training and collaboration on testing
PCI compliance impact and training
Ongoing support after implementation
Technical data payload testing, troubleshooting and issue resolution
A graphical view of a typical implementation flow and roles is below:
Additional Information Sources
The eCommerce gateway is designed to be easy to use and is mainly driven by configuration over coding. The primary source for API technical documentation is the Harvard API Portal. The portal entry for the eCommerce Gateway API includes a general description, the API specification including with the available endpoints and response codes, and examples. The specification for the two primary endpoints includes the individual data elements that must be included in the http post body.
Additional eCommerce Gateway Docementation
Additional documents related to the eCommerce Gateway are available on the documentation and collaboration site: “site location TBD”
Salesforce Support and General Information
General Salesforce information and support is available on the HUIT CRM Services wiki . HUIT CRM Services offers Salesforce tools and capabilities that benefit schools and departments across Harvard.
Credit card payment integration with Salesforce must be implemented using the eCommerce Gateway. Implementation of the Gateway requires collaboration among the local team, HUIT and the vendor. The Office of Treasury Management, Cash Management Office is able to guide new users through the setup and testing process.