Use of the eCommerce Gateway with Salesforce

Advisory
This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce.
 
ecommercegateway.pdf334 KB
Authors
  • Greg Charest (Enterprise Architecture)
  • Georgina Prager (End-User Services)
Version 1.0
Last Revised 12-Jan-2021
Status Final
Document Type Advisory
Audience Level
  • IT Director/Manager
  • Solution Architect and Program Manager
  • Application Developer and Designer
  1. Executive Summary

    The Cash Management Office (CMO) within the Harvard Office of Treasury Management is responsible for managing the University’s banking and credit card payment card industry data security standards (PCIDSS). All Harvard University schools, tubs, local units, and Affiliate Institutions must comply with the official University policy governing credit card payments.

    TouchNet is Harvard’s standard for credit card payment solutions. The CMO provides three different TouchNet service options; uStores, uPay, and the eCommerce Gateway. Services built on the Salesforce platform as well as other specialized front-end systems or web sites that accept credit card payment for events, non-traditional educational offerings, and other products and services should use the eCommerce Gateway.

    This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce. It also includes links to additional sources of information that should be reviewed prior to and during the development of all Salesforce eCommerce Gateway integrations.

  2. Key Recommendations

  3. Discussion

    1. Overview

      The eCommerce Gateway, also called the uPay custom API, is a set of REST API endpoints that provides client applications with a way of communicating with TouchNet payment gateways. The API is available through the Harvard API Portal and is managed by the Apigee API management platform. The Apigee platform provides a variety of API related services including security, quota management, reporting, and monitoring.

      A typical use of the eCommerce Gateway will include the following steps:

      • A customer initiates a credit card payment process within a Salesforce application
      • Salesforce creates a record with basic billing data and redirects the user’s browser to the eCommerce Gateway API passing the amount to be paid, a unique reference number, and some other information in the form of an HTML post.
      • Based upon the information provided, the Harvard eCommerce Gateway API redirects the user to the correct TouchNet payment gateway.
      • Once within the Touchnet environment, the user provides their payment information (i.e. credit card number) and submits the payment.
      • Upon completion of the payment process, the TouchNet payment gateway returns information about the payment to the Harvard eCommerce Gateway API. Touchnet also updates the General Ledger with the associated financial details and provides a receipt to the customer.
      • The eCommerce Gateway API returns the payment status information back to Salesforce.
      • The Salesforce client application updates the associated billing record and takes any other necessary actions.

      Note that no personal or financial data is transmitted through the eCommerce gateway. Touchnet, as Harvard’s service provider is contractually obligated to keep their systems and process in compliance with PCI requirements.

      A graphical overview of the system is below:

      A diagram showing an overview of the typical use of the eCommerce Gateway
    2. Key Roles

      Responsibility for implementation of the eCommerce Gateway within Harvard is normally shared among the local team which includes the business users and local IT, HUIT IT, and the Office of Treasury Management (OTM).

      The local team is responsible for:

      • Working with the OTM to complete the necessary business and financial steps
      • Configuring Salesforce including form development and user interface design
      • Configuring Touchnet
      • Testing and go-live coordination

      HUIT is responsible for approving access to the API, including provide API client and secret keys and configuring eCommerce Gateway as well as maintaining the API platform.

      OTM authorizes the use of the eCommerce gateway and provides the following support services:

      • Pre-service consulting
      • Setup and configuration support
      • System training and collaboration on testing
      • PCI compliance impact and training
      • Reconciliation reporting
      • Ongoing support after implementation
      • Technical data payload testing, troubleshooting and issue resolution

      A graphical view of a typical implementation flow and roles is below:

      A graphical representation of the key roles of the eCommerce Gateway
    3. Additional Information Sources

      1. Technical Data

        The eCommerce gateway is designed to be easy to use and is mainly driven by configuration over coding. The primary source for API technical documentation is the Harvard API Portal. The portal entry for the eCommerce Gateway API includes a general description, the API specification including with the available endpoints and response codes, and examples. The specification for the two primary endpoints includes the individual data elements that must be included in the http post body.

      2. Additional eCommerce Gateway Docementation

        Additional documents related to the eCommerce Gateway are available on the documentation and collaboration site: “site location TBD”

        Salesforce Support and General Information

        General Salesforce information and support is available on the HUIT CRM Services wiki . HUIT CRM Services offers Salesforce tools and capabilities that benefit schools and departments across Harvard.

  4. Summary

    Credit card payment integration with Salesforce must be implemented using the eCommerce Gateway. Implementation of the Gateway requires collaboration among the local team, HUIT and the vendor. The Office of Treasury Management, Cash Management Office is able to guide new users through the setup and testing process.

  5. References

    Harvard Office of Treasury Management

    OTM - The eCommerce Gateway, what is it?

    Touchnet

    Harvard API Portal

    CRM Team Wiki

a54d3b3f70a15a25e8eef64048e10d7f