M
Mik
Guest
Ok i'm a newbie and a recent enom sub-reseller so bare(bear?) with me, yes I know I could ask enom or my reseller but maybe there are others who are looking for the same answers from the experts on here but are afraid to ask. 
Also not too sure which forum to post in so this seemed to be the broadest one I could find, if not appropriate feel free to move.
Flipping through the API commands and came across the payment commands.
1) How safe is it to transmit credit card as well as reseller ID and password details in a plain http request? I'm no expert in php but the whole deal looks like one big security hole where someone could sniff the request for the URL as it goes across the Internet and pull off some details fairly easily. Comments?
2)Is anyone using their own backend cc processing and if so how are you guys managing it? Are you using your cc merchant facility to pull the info into and then once they hit pay and it goes through you send the request onto enom, or do you trust the user to be honest and do the enom registration first and then charge the account?
3)Also is anyone using API's or remotely hosted "shopping carts" from third party merchant account providers alongside the enom one? How easily did they integrate/co-operate? For example trying to register something with 2checkout, whereabouts are you getting the domain name from the customer? Do you do it manually afterwards?
4)The above is mostly with regards to automation, if manual then you'd take the money and then rego when you get online etc, in which case what do you do when in the time window from payment to registration someone else snaps the name up?
Obviously I don't expect you to share your competitive advantages and start posting custom made scripts, i'm just curious as to the security implications of the API system since i'm considering using it instead of the limited Registry Rocket solution and don't feel like paying $99 for PDQ.
Also on the test server they have .uk and .de up and running, hopefully it won't be long before it gets to the live site.
Also not too sure which forum to post in so this seemed to be the broadest one I could find, if not appropriate feel free to move.
Flipping through the API commands and came across the payment commands.
1) How safe is it to transmit credit card as well as reseller ID and password details in a plain http request? I'm no expert in php but the whole deal looks like one big security hole where someone could sniff the request for the URL as it goes across the Internet and pull off some details fairly easily. Comments?
2)Is anyone using their own backend cc processing and if so how are you guys managing it? Are you using your cc merchant facility to pull the info into and then once they hit pay and it goes through you send the request onto enom, or do you trust the user to be honest and do the enom registration first and then charge the account?
3)Also is anyone using API's or remotely hosted "shopping carts" from third party merchant account providers alongside the enom one? How easily did they integrate/co-operate? For example trying to register something with 2checkout, whereabouts are you getting the domain name from the customer? Do you do it manually afterwards?
4)The above is mostly with regards to automation, if manual then you'd take the money and then rego when you get online etc, in which case what do you do when in the time window from payment to registration someone else snaps the name up?
Obviously I don't expect you to share your competitive advantages and start posting custom made scripts, i'm just curious as to the security implications of the API system since i'm considering using it instead of the limited Registry Rocket solution and don't feel like paying $99 for PDQ.
Also on the test server they have .uk and .de up and running, hopefully it won't be long before it gets to the live site.
