Web API Security using 2sxc Javascript Library

Question

I am using 2sxc to build a payment form that takes in PCI and processes the payment.

I see that the 2sxc javascript library states it handles anti-forgery tokens and other security elements but didn't really see too much more documentation on it. I am curious if the 2sxc javascript library would be suitable for making secure calls to the Web API in 2sxc so I can process credit card transactions.

Here is the life cycle of the credit card payment processing logic

1. User clicks payment button
2. jquery builds request using $2sxc and sends information to Web API (is there a way to encrypt this traffic)
3. the 2sxc web api will now build the appropriate request with my payment gateway and send off the request

The important thing to note here is that the actual payment is processed by the server so the user will never actually see the call to the payment gateway.

The problem boils down to sending the PCI information to the Web API and that data needs to be secure. The simple answer would be that $2sxc has the hooks to encrypt and safely transmit the data to the web api or not

Answer 1

So the short answers is no, 2sxc doesn't encrypt anything.

The longer answer is related to how DNN handles requests. The security token in DNN actually prevents calls to the API if they don't originate from a real page - so standard API calls are blocked if certain headers are missing - and if you build web-APIs using this DNN token-check. 2sxc ensures that these are included, which isn't rocket science but actually does get very difficult once you start working with JS frameworks like Angular, because of the implementation in DNN which is a bit unreliable.