View Full Version : Help needed on architecting a process

10-28-2009, 10:45 PM
I need some help in architecting this process. Two goals are of the utmost importance: 1) Speed 2) Security.

Here's the scenario:

Domain A, Domain B, ... Domain Z sell a service to their customers on my behalf (keeping a commission). Once the transaction is processed (money collected from the consumer by the Domain), the Domain passes to me a transaction # (which I will use for billing purposes) along with some sensitive customer information (i.e. consumers SSN and DOB).

I create a database entry on my server storing the consumers data and issuing a 10-character unique ID # that contains letters and numbers. The unique ID is returned to the originating Domain where the consumer is given this unique ID # for their records and so that they may then use this ID in the future with other partners (Domain A, Domain B, ... Domain Z).

The Domain (could be A, B, ... Z) will request information from me using that unique ID # and upon receipt of that request I have to pass back a whole series of data (9 unique strings).

I figure the best way to set this up is to pass the data back and forth in XML packets but I have no clue how to really set that up as a token/id/etc transaction. Also, I don't want just anyone to be able to request data using the unique ID, it must be a KNOWN business partner that has an established account with us.

Any thoughts on the best way to set this up?



10-29-2009, 12:09 AM
As long as you use SSL I don't see a problem. You will of course need to store the originating domain with each customer record, so you can restrict release of data only that domain.

How much of this process will have human intervention?

it career
10-29-2009, 07:24 AM
Also use var_filter to escape mysql query strings ,etc .

10-29-2009, 03:22 PM
As long as you use SSL I don't see a problem.
How much of this process will have human intervention?

Agreed. SSL is a requirement.

I was thinking that I would have a subdomain for each partner: https://domaina.mycompany.com/originate.php - that way I always know who should be calling and can do some quick security checks.

I'm having problems with the XML process not the actual coding of the XML data but with the best way to exchange it.

If you look at the google API you request a token, a token is provided, then you use that token to request data (i.e. address book entries). Most users have patience for that process however in my case we have 10 million users causing daily transactions.

Processing 10 million requests per day with two passes required to collect 1 XML packet/file which contains 10 100 byte strings of data is simply too much traffic and would slow our partners down considerably.

Also, how do you actually return an XML packet/stream to the caller? I'm not responding to a browser so the echo command wont work... I figure there is a way to do this in php but I dont know how.