With the MyFatoorah Embedded Payment pattern, saved payment methods are stored by MyFatoorah. In other words, when a customer requests that their card is saved for future use, Broadleaf doesn’t receive any form of id or token for the payment method. Instead, we must provide the same customer id when initiating the MyFatoorah payment session.
To ensure that customers cannot gain access to another customer’s payment methods, we only initiate the MyFatoorah session via a Broadleaf endpoint surfaced in PaymentTransactionServices where we resolve the customer id from the authorized user data. Therefore, the user must be an authenticated Broadleaf customer to resolve their saved payment methods.
To access their saved payment methods, the customer must login to their account. Doing so allows Broadleaf to declare the id of the known customer to MyFatoorah. From there, MyFatoorah’s Embedded Payment interface surfaces the customer’s saved payment methods as available options in the payment section of the checkout flow.