Payment architecture and solutions
Business Requirements
- Replace the current Secure Form implementation to gather payment details
- An Agent’s ability to view and copy credit card data has been flagged as a security risk by a brand's security team
- Ability to process payments without Agents being able to see the consumer’s credit card information
Project Scope
https://docs.google.com/document/d/1pVa5CJ0f-PGVDJR-6YYFBuATviBf0RenueYpiaccLcw/edit
Solutions

Pros:
- The solution is based only on LP products;
- Does not require a significant dev. effort;
Cons:
- Agent Manager Bot joins each and every conversation, regardless of whether the customer needs payment process or not, this can have potential issues with huge volumes;

Pros:
- Agent Manager Bot joins the conversation only on demand;
Cons:
- Requires a custom standalone bot to be built based on LP Messaging Agent SDK;
- Requires to host a standalone bot;
- Requires a significant dev. effort;
- Additional cost for FaaS invocations;


Additional requirements:
- Custom widget needs to implement OAuth 2.0 server for Hybris to authenticate;
- Hybris AOS deep link should be either:
- Shortened;
- Enriched with ABC/GBM rich links;
Questions TBD:
- Does any of the Brand's service/Hybris somehow update the cart status in AOS? - [N.Z.] Hybris & AOS are the same system;
- Does AOS have any mechanism to proactively update external systems with new cart state once it is changed? Webhooks? - [N.Z.] Yes, webhooks;
- What information is available in the payment deep-link? - [N.Z.] Cart ID;
- How is the payment deep-link supposed to be enriched with the additional info in case there is no widget involved? - [N.Z.] No need for this MVP;
- Does AOS have any API to be requested for cart updates? What are the mandatory params? - [N.Z.] Signet is against exposing Hybris API;
ABC info:

GBM Info:
