I'm building a site with some simple backend functions, and are about to implement braintree using their python library and javascript frontend. Frontend is HTML bootstrap with some Javascript and Angular. I'm not using any Python/flask template engine/renderer.
However in their tutorial they are not very clear on how to obtain the client token, that needs to be generated for each session.
Right now I've done a regular GET-endpoint in flask for the python backend:
@app.route('/ctoken')
def client:token():
client_token = braintree.ClientToken.generate()
return client_token
In the frontend I get the token using a regular jQuery get:
$.get( "ajax/test.html", function( data ) {
braintree.setup(
data,
'dropin', {
container: 'dropin'
});
});
I wonder if this is the best way ? I'm using heroku and will use their HTTPS service, but is this best practice or is there another way to do this?
PS. the site is not live yet, only sandbox and local testing, want to get everything as secure as it should be.
I work at Braintree. If you have more questions, please reach out to the Braintree support team.
To quote from the Braintree "Getting Started" Guide:
There are a number of ways to get your client token into JavaScript so you can setup Braintree. Many people choose to interpolate the client token into the view which contains the JavaScript to setup Braintree.
What you described above, using JavaScript, will work. The simplest way is to include the client token in the page from the start, so you don't have to worry about that separate call failing or taking a long time. To do that, generate the token and then pass it into the Jinja2 template for your page. I assume you're using Jinja2 since your app appears to use Flask.