The imin Platform
2.0.0
2.0.0
  • Introduction to the imin Platform
  • Using the Platform
    • imin's Platform Products
    • Authentication
    • Our Platform Data
      • Understanding Responses
      • Namespaces and Extensions
      • Defensive Data Consumption
      • Mocking the Interface
  • platform products
    • Search
      • imin Events API
        • Events API Reference
        • Virtual & Physical Sessions
        • Concepts
          • EventSeries
          • ScheduledSessions and eventSchedules
          • Activities and Collections
            • Activities
            • Activity Concept Collections
          • Accessibility Support
          • Prices
        • Filters
          • Modes
          • Age Ranges
          • Dates and Times
          • Activities and Concept Collections
          • High Frequency Sessions
      • imin Facilities API
        • Query Parameter Search
          • Mandatory Query Parameters
            • mode=discovery-geo
            • mode=upcoming-slots
          • Optional Query Parameters
        • ByID Search
          • FacilityUse By-ID
          • Slot By-ID
        • FacilityUses and IndividualFacilityUses
        • Slots
        • Facilities Slot Booking
      • imin Places API [BETA]
        • Example Request & Response
    • Firehose
      • Introduction to the Firehose
      • Accessing the Firehose
      • Firehose Usage Policy & Restrictions
      • Firehose and Search
      • Bookable Firehose Feeds
      • Bookable Sellers Feed
      • Attribution Catalog Endpoint
    • Live Timetables
      • Pre-Requisites: Open Data Feeds
      • The Onboarding Process
        • 1. Ensuring your Data Offers the Best User Experience
        • 2. Setting up and Embedding your First Timetable
        • 3. Setting up the Rest of your Timetables
        • 4. Activating Booking via Guest Checkout
      • Features Available Upon Request
      • Styling the Live Timetables
      • FAQs
    • Data Dashboard
  • incorporating book and pay
    • imin Branded Checkout
      • Introduction
      • Setup
        • Information We Require From You
        • Actions You Need to Complete
      • Authenticated Checkout
        • Testing [BETA]
        • 👪Group Booking [BETA]
      • Standalone Checkout
      • Firehose and Checkout [BETA]
        • Loading the Checkout via Firehose
    • imin Booking Platform
      • Customer Account Management
        • Create Customer Account
        • Update Customer Account
        • Get Customer Account
        • Delete Customer Account
        • Example Scenario
        • Payment Card Management
        • Linked Accounts
        • Entitlement
          • Evidence Requests
          • Entitlement Pricing in Search
          • Entitlement Pricing in Checkout
        • Access Pass
        • Webhooks
      • Orders
        • Order History
        • Order (by ID)
        • Cancellations & Refunds
      • Upcoming OrderItems
      • Receipt (by ID)
  • imin and booking systems
    • Seller Onboarding
      • API
  • HINTS & TIPS
    • Get the Best Out of Search
      • Displaying Schedule Information
      • URLs and Offering a Call to Action
      • Searching by Activity
      • Your Search Results and HighFrequencySessions
      • Customer Specific Images
  • Info for Data Publishers
    • Your RPDE Feed & the imin Platform [BETA]
      • Providing Places Data [BETA]
      • Providing Schedule Information [BETA]
Powered by GitBook
On this page
  • Set-up
  • 1. Domain name
  • 2. Prompt-less Authorization Code Flow
  • 3. Use the Card Details app
  1. incorporating book and pay
  2. imin Booking Platform
  3. Customer Account Management

Payment Card Management

How to add, edit, and delete payment cards for Customers

PreviousExample ScenarioNextLinked Accounts

Last updated 5 years ago

imin provides a whitelabel Card Details app that Customers can use to save payment cards and, edit and delete existing ones.

These cards can then be used (and updated) by the Customer when they use Checkout to book sessions and slots.

Set-up

1. Domain name

The Card Details app will be hosted on your domain. For example, if your website is at https://acmebroker.com, Card Details would be hosted at https://cards.acmebroker.com.

What you need to do:

  1. We will provide you a DNS target e.g. example.rabbit123.herokusdns.com

  2. In your name server, add a CNAME record with:

    • Name: cards.{{Your primary domain name}} e.g. cards.acmebroker.com

    • Target/value: The DNS target we provided to you.

2. Prompt-less Authorization Code Flow

In order to create a seamless flow from your Customer dashboard to imin's Card Details app, we use OpenID Connect with prompt=none, defined in the OIDC spec . This means that a logged in Customer will not be shown a login prompt when they navigate from your website to our Card Details app. Their existing login will be used to authorize them (and only them) to manage their cards.

For this to work, your Customers must already be logged in to your OpenID Provider.

Here's how you can set-up your OIDC Provider to allow prompt-less login:

2.1. Configure for Prompt-less

  1. Create an auth0 Application for imin's card details app (it must be a First Party App, which they are by default).

2.1.2. Self-hosted

If you are hosting your own OpenID Provider, look for guidance within the framework that you're using. We strongly recommend that you use a mature and established OpenID Provider framework as it should be secure and well documented.

2.2. Next steps

Then:

What you need to do:

  2. Create and share with imin a client ID and client secret which imin can use to authenticate with your OpenID Provider.

    • These client credentials should be whitelisted to allow for prompt-less auth. How you do so depends on your set-up.

  3. Provide a Broker Customer Dashboard URL to imin. At this URL, a Customer would find their account page within your Broker. This will be used to direct Customers back to their account page.

3. Use the Card Details app

Once everything is set-up, add a link/button to your Customer account page, which redirects them to https://cards.{{domain name}}/edit e.g. https://cards.acmebroker.com/edit.

2.1.1.

Follow this to turn on prompt-less login for this Application: .

Enable Single Sign-On in your tenant settings () so that a user's login with your main client can be transferred to the imin card details client.

As discussed in , you will need to set-up your OIDC Provider to allow Authorization Code Flow with prompt=none.

Let imin know where it can find your OpenID Provider's .

here
Auth0
https://community.auth0.com/t/how-do-i-skip-the-consent-page-for-my-api-authorization-flow/6035
https://auth0.com/docs/dashboard/guides/tenants/enable-sso-tenant
Discovery endpoint
Prompt-less Auth