

API for secure data storage? - snaveint

Have a payments problem we&#x27;re trying to solve, would love HN input!<p>Our platform needs to make several payments to suppliers each week, the problem is we don&#x27;t want to store our suppliers bank details. Unfortunately the only payment method possible right now is  via a bank specific file (*.aba) and is manual, but to create that file we need to have stored our customers bank details...<p>Does anyone know of a platform which can store&#x2F;retrieve customer sensitive data through an API so we can avoid storing it ourselves?
======
tptacek
What you're looking for is called an HSM.

~~~
stevekemp
Yes and if you wanted to write an API for such a thing it is pretty simple.
The key is that you never allow retrieval of the data.

So your API has to support essentially two methods:

* Add banking details. * Make a charge.

You submit the details to get back a token such as "account-1", and use that
token to make a charge. The actual banking details are never able to be
retrieved from the device.

~~~
snaveint
Thanks guys, sounds promising, will look into it.

------
rgacote
Tokenization service like [http://www.auricsystems.com/products/auricvault-
tokenization...](http://www.auricsystems.com/products/auricvault-
tokenization/)

~~~
snaveint
Thanks, have dropped them an email to see if they can support what we're
after. Appreciate it.

