Hacker News new | past | comments | ask | show | jobs | submit login

What you're looking for is called an HSM.



Yes and if you wanted to write an API for such a thing it is pretty simple. The key is that you never allow retrieval of the data.

So your API has to support essentially two methods:

* Add banking details. * Make a charge.

You submit the details to get back a token such as "account-1", and use that token to make a charge. The actual banking details are never able to be retrieved from the device.


Thanks guys, sounds promising, will look into it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: