{"API Evangelist"}

Braintree Launches JS Library to Help Developers With PCI

Next generation payment provider Braintree just launched a new JavaScript library that helps merchants reduce their PCI scope in a flexible and testable way, which they are calling appropriately Braintree.js. According to Braintree, the library:

...uses asymmetric encryption to prevent raw credit card data from passing through merchants' servers. It intercepts a form submit in the browser that contains sensitive data, encrypts that data with a public key provided to merchants by Braintree and then submits the form with the encrypted data to the server. Braintree retains the private key of the key pair so that merchants are unable to decrypt the encrypted fields server-side. Any string field in Braintree's API can be encrypted and encrypted values can be transparently dropped into any API call

I’m a big supporter of what I call a healthy embeddable strategy, which includes buttons, badges, widgets and other tools you can build on top of an API or to support API integration.

With the rise in populartiy of JavaScript, and the growth of platforms like Node.js, I predict that providing your API developers with standardized JS libraries that extend the value of your API will become commonplace.

I’m going to add a section to my embeddable building blocks, for JavaScript libraries. I’m seeing more API providers doing cool stuff in this area. I will try and record as much of it as I can during my industry monitoring each week and provide resources for you to follow.

I’ve talked about the potential of markup APIs and scripting platforms in the past, which I think is a related example to what Braintree is doing--in which you can build JS libraries for your API users and extend not just the reach of the value generated by your APIs, but the expertise of your team.