The Grant API enables platforms and merchants to build embedded experiences that securely share payment information with each other. Some examples of contextual third-party experiences include:
More specifically, the Grant API allows you to provide another Braintree merchant controlled access – known as a grant – to one of your customer's payment methods. You can revoke this grant at any time. Currently, credit cards, debit cards, and PayPal Channel Initiated Billing Agreements may be shared via the Grant API.
There are two parties involved in any grant:
- Grantor: The Braintree merchant that owns the embedded experience and is sharing access to a payment method in their Vault. Typically, a grantor is an aggregator or a platform. The grantor is responsible for integrating with the Grant API.
- Recipient: The Braintree merchant that is receiving a shared payment method from the grantor. In an embedded experience, the recipient is the merchant providing a product or service to the customer. Although the recipient is not the party that integrates with the Grant API, they are responsible for providing the grantor with consent to share payment methods with them via Braintree Auth.
The result of a
Braintree::PaymentMethod.grant() request is a payment method nonce, owned by the receiving merchant. As a grantor, in addition to integrating with the Grant API, you are responsible for the following:
- Receiving consent from the recipient via the Braintree Auth Connect and OAuth flows to grant payment methods to them
- Verifying payment methods before granting to ensure that you are sharing valid payment methods with the recipient (recommended)
- Sending the payment method nonce to the recipient who can then use it to create a transaction or store the payment method in their own Vault
If you wish to create transactions on another merchant's behalf using payment methods stored in your Vault, the Shared Vault feature of Braintree Auth allows that capability.
Still have questions?
If you can’t find an answer, contact our Support team.