Let's say that customer has single credit card (paymentMethod) bound to his account and he starts (buys) subscription to monthly plan with 30 day trial.
I would like to allow user to manage his credit card: delete it, add new (after deleting old card) and change it (delete+create new, actually).
The problem is that, AFAIK, when credit card is deleted then all subscriptions bound to it are also deleted. So theoretically user could delete his credit card just before trial expiration, add it again (same card) and "buy" same subscription again with another trial period.
Am I right? Is there anything I can do about it?
I work at Braintree. Feel free to reach out to [email protected] with any further questions.
The easiest way to address this issue would be to not allow users to delete credit cards inside of the Vault, but only update their cards or cancel their subscriptions. Making a credit card update call means that your users can still change their card whenever they would like and the status of your subscription remains unchanged. For more information about how to update credit cards see the Braintree docs.
The other option would be to keep track of the uniqueNumberIdentifier of each credit card for each customer on your side. Then, before you create the subscription for a customer you can check the uniqueNumberIdentifier attribute of the payment method that you just created by reading it off the response and see if it matches any previous card associated with that customer. If yes, they are attempting to use the same card multiple times. The Braintree docs have more information about the attributes of the credit card object.