Several months ago we needed to implement a billing system. Conceptually, recurring payments are simple – ask for a customer’s payment card, save it, and then process it at later dates through a payment gateway.

Implementing it, on the other hand, is tricky, all because of one thorny issue: security. Hosting our site on the EC2 cloud didn’t make PCI compliance matters easier either.

That’s when we found Braintree.

Braintree’s a relatively recent newcomer to the payment game. They’re young, and they’re growing fast. Since 2007, they’ve been picked up by hotshot Web 2.0 companies like 37signals, Github, Disqus.

Now I can’t say it enough: I. Heart. Braintree.

Their secret sauce? Excellent customer service, a clean API, and a little thing they like to call Transparent Redirect.

Here’s how it works.

A standard transaction model usually goes something like this,

1. User enters credit card information
2. Credit card information is sent to a secure server hosted by you
3. Card is processed through the payment gateways’s API.

All the extraneous work is done in securing your own server. To bypass that, the other option is to redirect – albiet jarringly – to a 3rd-party site.

But here’s the cleverness of Braintree’s transparent redirect.

1. User enters credit card information
2. Credit card information is sent directly to Braintree’s server, bypassing your servers
3. Braintree silently redirects to a callback you supply
4. Your callback handles the credit card through encrypted tokens

The best part is that during this whole process users will never know they’ve left the site. And since you never look at or deal with sensitive information directly, the need to take any extra steps to secure your servers is minimal.

From a code level, here are the steps to process a transaction.

1. Encrypt transaction details

tr_data = Braintree::TransparentRedirect.transaction_data(
                   :redirect_url => "http://example.com/your_callback",
                   :transaction => {
                     :type => "sale",
                     :amount => "10.00"
                    })

2. Construct the form and embed the transaction details

3. Handle the callback

def your_callback
  result = Braintree::TransparentRedirect.confirm(query_string)
  if result.success?
    puts "Hoorah!"
  else
    puts "Oh FUBAR!!"
  end
end

That’s it. Simple eh?

They have APIs written for Ruby, Java, PHP, Phython, and .NET.

Did I also mention their excellent customer service? Check out how fast they reply!