I am following the "credit bank account" example on Balanced docs.
I have already successfully made debit credit card, debit bank account, and credit bank account work using balanced.js in conjunction with php Curl.
But now I need a way to obtain the token without javascript. Javascript shows the bank account info on the client side, but I am paying you, and I cannot be allowed to see your bank account info.
So, I want to obtain the bank account token from server side. Is this possible?
From the example, I'm using:
var bankAccountData = {
name: $form.find('input[name=ba-name]').val(),
routing_number: $form.find('input[name=ba-rn]').val(),
account_number: $form.find('input[name=ba-an]').val(),
type: $form.find('select').val()
};
balanced.bankAccount.create(bankAccountData, callbackHandler);
There is a potential problem with getting it using balanced.js. If I am a 'payer' and I am paying money to a 'payee', I can't use the above js code because as the 'payer', I shouldn't be seeing any account info relating to the 'payee'.
That is, someone viewing the source code could get that payee info.
Balanced.js is only for tokenizing credit cards and bank accounts. There is no way to retrieve the URI for a bank account through it. This needs to be done via the API. For example, to do this with the official Balanced PHP client library, https://docs.balancedpayments.com/current/api.html?language=php#retrieve-a-bank-account
The returned object will not contain any sensitive bank account information.