A payment method nonce is a secure, one-time-use reference to payment information. It's the key element that allows your server to communicate sensitive payment information to Braintree without ever touching the raw data.
Any type of payment method can be referenced by a payment method nonce. This can help keep your integration simple and lightweight; for example, you could use the same server-side code for creating a PayPal transaction as you use for creating a credit card transaction.
Security is important for all payment method types, but it's particularly critical for cards.
The Payment Card Industry Security Standards Council mandates compliance with their Data Security Standard (PCI DSS), and the less exposure your business has to raw card data, the easier it is to demonstrate compliance. Using payment method nonces in place of raw card data helps keep your PCI compliance burden to a minimum.
Braintree's servers generate payment method nonces in response to requests from our client and server SDKs.
In general, your client will be responsible for receiving payment method nonces from Braintree and sending them to your server. Your server will then be responsible for sending those payment method nonces back to Braintree on requests to perform certain actions.
You'll need payment method nonces for two main purposes:
A payment method nonce may only be used once. If it is not used, it expires 3 hours after being created.
See more documentation on payment method nonces:
- Basic Braintree-client-server interaction in our Get Started guide
- Simple transaction sale calls in our credit cards and PayPal guides
- Simple payment method create call in our API reference
- Advanced payment method nonce usage in our 3D Secure guide and API reference
- Sandbox testing details including static payment method nonce test values