The Grant API enables platforms and merchants to build embedded experiences that securely share payment information with each other. Some examples of contextual third-party experiences include:
More specifically, the Grant API allows you to provide another Braintree merchant controlled access to one of your customer's payment methods. You can revoke access to this payment method at any time. Currently, credit cards, debit cards, and PayPal Channel Initiated Billing Agreements may be shared via the Grant API.
There are two parties involved in any grant:
- Grantor: The Braintree merchant that owns the embedded experience and is sharing access to a payment method in their Vault. Typically, a grantor is an aggregator or a platform. The grantor is responsible for integrating with the Grant API.
- Recipient: The Braintree merchant that is receiving a shared payment method from the grantor. In an embedded experience, the recipient is the merchant providing a product or service to the customer. Although the recipient is not the party that integrates with the Grant API, they are responsible for providing the grantor with consent to share payment methods with them via Braintree Auth.
The recipient must first consent to receive payment information from the grantor. Typically, this only needs to be done once per relationship. Our configuration page describes how to set this up.
Once the recipient has given their consent, the grantor can create payment method nonces on their behalf using
PaymentMethod.grant(). For example:
gateway = Braintree::Gateway.new( :access_token => access_token_for_recipient ) grant_result = gateway.payment_method.grant( "the_payment_method_token", :allow_vaulting => true, :include_billing_postal_code => true ) nonce_to_send_to_recipient = grant_result.payment_method_nonce.nonce # ...
PaymentMethod.grant() returns a payment method nonce that the grantor is responsible for sending to the recipient. The recipient will use this nonce to create a transaction or store the payment method in their own Vault.
If you wish to create transactions on another merchant's behalf using payment methods stored in your Vault, the Shared Vault feature of Braintree Auth allows that capability.
Still have questions?
If you can’t find an answer, contact our Support team.