Credit Card Management

Open Dining uses Spreedly to manage credit card data and PCI compliance. All credit card data must be tokenized through Spreedly before it may be used in the Open Dining APIs.

Tokenizing a Card

Spreedly provides several methods for creating a card token, such as using a transparent redirect form, direct API call, or JavaScript. It is not necessary to call Spreedly's retain methods, as the Open Dining APIs will handle retaining and purging cards as necessary.

The Spreedly documentation describes adding payment methods. Most third-party applications will use the transparent redirect method if web-based, or the direct API call if not. Please contact Open Dining to get an environment key for Spreedly.

Typical Application Flows

To help illustrate how the Spreedly and Open Dining APIs can be combined, we've described a few common scenarios.

Submitting a New Order

When placing a new order, the card data should first be tokenized through Spreedly, and then the card token data can be sent to Open Dining along with the rest of the order submission. This is very similar to how other in-place tokenization systems work, such as Stripe's Javascript library. The following APIs would be called:

  1. The card data would be sent to Spreedly, via a direct API call. This would return the card token.
  2. The card token and other order data would submitted to Open Dining, via the submit order API.
  3. Open Dining will automatically retain the card and add it to the customer's account as part of the order submission.

Adding a New Card, Without Ordering

Sometimes a customer just wants to add a new card to their account, without necessarily placing an order. This might occur if they receive a new credit card, or a replacement to an old one. The following APIs would be called:

  1. The card data would be sent to Spreedly, via a direct API call. This would return the card token.
  2. The card token would submitted to Open Dining, via the add card API.
  3. Open Dining will retain the card and add it to the customer's account.

Removing a Stored Card

A customer might want to remove a stored card from their account. This does not require any Spreedly calls.

  1. Issue a DELETE request to the Open Dining delete card API.
  2. Open Dining will purge the card data from Spreedly's vault and remove it from the customer's account.