Every Thanksgiving my staple dish has always been macaroni and cheese. If you've sat down to make macaroni and cheese for a large and diverse group of people, you know that one size certainly does not fit all. Even if the core of the dish is the same pasta and cheese sauce, it is important to account for the various needs of each individual. Some can eat regular wheat pasta but need gluten-free breadcrumbs while others prefer not to have breadcrumbs at all. Perhaps some can only have dairy-free cheese alternatives. Accounting for all of the individual modifications to your mac and cheese recipe can be challenging! 

In many ways, handling digital payments has a similar struggle. In the before-times, there was a set of Payment APIs. Much like ingredients for a dish, these APIs would be combined to produce integrations for partners to use digital payments. As happens when you are cooking macaroni and cheese for many people, each integration could be a little different under the hood. This could mean that you're building out an Apple Pay integration three, four or even five times. This workflow can make it very difficult and time consuming to add new features to a payment platform. The question then becomes, how can we cook this mac and cheese once yet ensure that it meets everyone's individual dietary needs. In the culinary world I am not sure such a solution exists; luckily in the realm of software we have more flexibility. Here enters the Simplified Payments Integration. 

Why did you need a...what was it called?

Yes it is called the Simplified Payments Integration. As for why it was necessary we can look at three key issues with what we had prior. The first issue being the custom integrations. Each time a new feature was developed for payments, it required a new implementation for each new integration. Anyone that wanted to leverage say Apple Pay had to build out a new implementation to integrate with the offering of that feature. It was a build once, and then build it again, and again, and again paradigm. When there is such a high barrier to feature adoption it makes it difficult to continue moving forward. 

The second issue involved PCI compliance. By creating their own checkout experience through that custom integration, partners and their products would be responsible for handling payment method data. The result of this being the need to go through additional review processes any time a change is made to their product. 

Each of the above issues ultimately poured into the third, which was extensibility. It is challenging to build out new features and expand upon an existing system when adoption of those features comes at such a premium. Even looking at further development of the Payment APIs themselves, small changes would have ripple effects to all the dependent integrating partners. In some cases prompting changes to an integration that already required so much to build.

What exactly is the Simplified Payments Integration

The purpose of the Simplified Payments Integration platform was to create a streamlined approach to integrating payments into a checkout solution. It provided a managed solution for handling payment method data while keeping the checkout page itself outside of PCI scope. Of course, while the Simplified Payments Integration reduces PCI compliance requirements for checkout pages, it remains imperative for partners to maintain PCI DSS compliance if they have payment data in their own systems. By offering a solution that was also configurable, it allows for integrating partners to easily tailor the experience to fit their checkout flow. The Simplified Payments Integration allowed us to go from offering to build bespoke implementations to instead offering a build once, use everywhere embeddable component. This solution has eliminated the need to have an increasing number of integrations while allowing for expedited feature delivery.

How does it work

SDK

The SDK used in the simplified payments integration is a streamlined gateway that allows integrating partners to access the necessary Payment APIs. The SDK is offered for JavaScript web applications as well as native mobile platforms. An offering for each platform ensures ease of integration and freedom for partners to focus on building their products with minimal concern for compatibility.

 IFrame

The most visually recognizable part of the Simplified Payments Integration is our embeddable hosted checkout. This solution is an IFrame child page hosted by Toast which can be embedded in the partner's checkout page. The payment page within the IFrame handles all payment portions of a checkout flow. There are fields to allow for the input of card information, as well as digital wallet solutions such as Google Pay and Apple Pay. So much of the power behind Simplified Payments Integration comes from the hosted checkout solution. (Depicted below in orange)

Tokenization

Through the SDK and IFrame we are able to provide a low-code solution for tokenization. Offering tokenization packaged in our hosted checkout solution provides another layer of abstraction removing the need for partners to deal with any sensitive payment method data in their own checkout pages. This assists in further limiting which components are within PCI scope.

 How does this improve on the past

This new approach has opened the doors to many new features that would not have been possible before. It has also allowed for faster feature rollout and adoption. In addition, integrating partners now also have the option to decide which payment methods they would like to offer. Through a simple interface they now have the flexibility to easily enable and disable available payment methods as needed. By abstracting the checkout page from PCI scope, we have consolidated the security constraints that come with managing a PCI compliant application and moved them entirely to the hosted checkout solution. 

PCI Scope

Anytime card data is handled by a platform or service it is considered as being within PCI scope. This means that all systems that touch this sensitive data must have dozens of security controls applied. And because there are extra security measures required any time changes are made to that platform, handling card data can be an additional challenge when it comes to rapid iteration and development of a product or platform. By abstracting payment data away from the checkout flow of integrators, we have unlocked the opportunity for rapid development and more time and resources to focus on user experience. 

Feature Adoption

With the hosted checkout solution there is no longer the need to create bespoke implementations to integrate new features. Rather, once the IFrame has been updated with the new feature, all partners that have embedded the IFrame receive the feature. This removes the need to create a different Apple Pay implementation or Google Pay implementation for each partner. The IFrame was built with the intention of facilitating a "build once, available to all" model.

Reduced Complexity

Rather than orchestrating several APIs into a solution, partners now have a far more cohesive approach. Using the Simplified Payments Integration partners are offered an integration experience with far less complexity. The steps to go from ideation to implementation have been streamlined such that partners need only worry about facilitating the needs of the hosted checkout. Once the prerequisites for instantiating the hosted checkout have been met, it takes care of itself. The SDK is also available for any additional needs that a partner may have regarding management of a payment. 

 Where do we go from here

Whether you're creating a decadent dish or crafting a payment solution, the desired end state is the same. A satisfying offering that ultimately keeps everyone's lives...simple. Simplified Payments Integration seeks to do exactly that. This topic is a meal of many courses and we have only just begun. There is much deeper to go on each aspect of this massive undertaking. Exploring how the hosted checkout solution was built and how we achieved the embedding is a story of very interesting frontend design. Delving into the power of tokenization as well as some of the challenges behind it, offers a fascinating look into payment data management. Those are discussions for another time. Hopefully you've come away from this article with an understanding of this project, and perhaps a little hungry. Until next time!