I’m working on an application that uses Braintree’s vault feature to store payment methods. My app should only keep one payment method at a time for each user.
Currently, I’m deleting all existing payment methods before adding a new one. This happens because I can’t access the payment method token from the frontend. Without the token, I can’t target specific payment methods for removal.
I’m wondering if there’s a way to either delete payment methods directly from the client side, or if I can somehow retrieve the token on the frontend so I can send it to my backend for selective deletion.
Has anyone found a solution for accessing payment method tokens in the browser? Any suggestions would be helpful.
Interesting challenge! When you create the payment method, does Braintree send back any response? Maybe a nonce or temp ID you could store locally? Have you tried using Braintree’s webhooks to ping your backend when payment methods get added or removed?
Braintree hides payment method tokens from client-side code on purpose - it’s a security thing. They don’t want sensitive payment data accessible through browser inspection or client manipulation. You need to handle this server-side instead. Rather than nuking all payment methods, create an endpoint that grabs the customer’s existing payment methods using Braintree’s server SDK, then cherry-pick the one you want to replace. Your backend can call gateway.customer.find(customer_id) to get all payment methods with their tokens, then use gateway.payment_method.delete(token) to target the specific one. This keeps things secure while giving you exact control without the hassle of deleting everything and starting over.
yea, braintree’s security is tight on tokens. I just save em in my db when I create a payment method so I can keep track of everything. just remember to update your db if those tokens change or you might lose em.