This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce.
ecommercegateway.pdf | 334 KB |
ecommercegateway.pdf | 334 KB |
Authors |
|
---|---|
Version | 1.0 |
Last Revised | 12-Jan-2021 |
Status | Final |
Document Type | Advisory |
Audience Level |
|
The Cash Management Office (CMO) within the Harvard Office of Treasury Management is responsible for managing the University’s banking and credit card payment card industry data security standards (PCIDSS). All Harvard University schools, tubs, local units, and Affiliate Institutions must comply with the official University policy governing credit card payments.
TouchNet is Harvard’s standard for credit card payment solutions. The CMO provides three different TouchNet service options; uStores, uPay, and the eCommerce Gateway. Services built on the Salesforce platform as well as other specialized front-end systems or web sites that accept credit card payment for events, non-traditional educational offerings, and other products and services should use the eCommerce Gateway.
This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce. It also includes links to additional sources of information that should be reviewed prior to and during the development of all Salesforce eCommerce Gateway integrations.
The eCommerce Gateway, also called the uPay custom API, is a set of REST API endpoints that provides client applications with a way of communicating with TouchNet payment gateways. The API is available through the Harvard API Portal and is managed by the Apigee API management platform. The Apigee platform provides a variety of API related services including security, quota management, reporting, and monitoring.
A typical use of the eCommerce Gateway will include the following steps:
Note that no personal or financial data is transmitted through the eCommerce gateway. Touchnet, as Harvard’s service provider is contractually obligated to keep their systems and process in compliance with PCI requirements.
A graphical overview of the system is below:
Responsibility for implementation of the eCommerce Gateway within Harvard is normally shared among the local team which includes the business users and local IT, HUIT IT, and the Office of Treasury Management (OTM).
The local team is responsible for:
HUIT is responsible for approving access to the API, including provide API client and secret keys and configuring eCommerce Gateway as well as maintaining the API platform.
OTM authorizes the use of the eCommerce gateway and provides the following support services:
A graphical view of a typical implementation flow and roles is below:
The eCommerce gateway is designed to be easy to use and is mainly driven by configuration over coding. The primary source for API technical documentation is the Harvard API Portal. The portal entry for the eCommerce Gateway API includes a general description, the API specification including with the available endpoints and response codes, and examples. The specification for the two primary endpoints includes the individual data elements that must be included in the http post body.
Additional documents related to the eCommerce Gateway are available on the documentation and collaboration site: “site location TBD”
General Salesforce information and support is available on the HUIT CRM Services wiki . HUIT CRM Services offers Salesforce tools and capabilities that benefit schools and departments across Harvard.
Credit card payment integration with Salesforce must be implemented using the eCommerce Gateway. Implementation of the Gateway requires collaboration among the local team, HUIT and the vendor. The Office of Treasury Management, Cash Management Office is able to guide new users through the setup and testing process.
Harvard Office of Treasury Management