Best Practices

Suggest Edits

account_reference best practices

In Create Order we ask you to send the field account_reference. Banxa uses this to find your customer in our platform. This ensures that we do not ask these customers for information which has previously been collected, such as KYC data or personal information.

The best practices to follow here are:

  1. The account_reference should be unique per customer on your platform
  2. The same account_reference should be passed for every Create Order request that is for the same customer
  3. The account_reference should not be tied to anything which might at some stage become non-unique, such as wallet address.
  4. If you cannot guarantee uniqueness of the account_reference then we have an alternative solution we can work with you on but it is not preferred due to certain limitations. Please get in touch with your account manager if you would like to discuss this option.

payment_method_id is not guaranteed static

The field payment_method_id which is returned from the Get Payment Methods request and used in the Create Order request, will normally not change but on occasion these can change due to re-structuring of our payments or to add new payments or remove unavailable ones. For this reason you should use the Get Payment Methods request to get all available payments to use for the selection of payment method on your platform. The response could be cached and refreshed periodically to ensure any changes are reflected on your side.

Check for Apple Pay availability

In the response to Get Payment Methods we return a supported_agents field which indicates which browsers and operating systems a payment is available in. In order to avoid customer confusion, Apple Pay should not be enabled if the browser or operating system they are using does not match what is returned here, which is basically any Apple OS and Safari.

Get Prices call frequency

The Get Prices request returns our up to date pricing. This data is only refreshed every 5 mins, so our preference is that you don't call this request more than once every minute at the most

Using WebViews

If you are planning on using a WebView there are a few permissions and settings that will need to be enabled to use our services correctly.

  • WebView is able to access device local storage and initialize camera (for older iOS versions camera can be accessed only from Safari browser or WebView withSFSafariViewController)
  • Make sure that HTML5 video playback is allowed (we're using some instructions within tags): if video-instructions are not played, try using WebChromeClient to enable video playback
  • Autoplay in fullscreen mode is disabled and allowsInlineMediaPlayback is set as true for WebView

Camera Access

  • Feature-Policy header for your webpage/frame or any other container with SDK doesn't have any restrictions for initializing camera like value camera 'none'.
  • Permissions-Policy header doesn't restrict access to a camera and microphone (for some cases) and if allow is set check for "camera; microphone" values.

Note. Due to iOS restrictions, it is only possible to pass Sumsub KYC liveness check using the Safari browser.

Updated 5 months ago