In Justin's post Marketplaces and Payments
, he mentioned that "marketplaces are going mainstream and payment solutions are following to accommodate their needs." "Marketplace" is a fairly broad term. In general, when you build a marketplace you expect transactions to occur between buyers and sellers within your service.
Due to the difficulty of getting a merchant account, accepting payments has not been an option for many participants in a marketplace. Marketplace owners have had to hold and disburse funds, which is complicated. More recently, though, asking your merchants to accept payments directly is¬†becoming¬†easier thanks to companies like Stripe, Braintree, Pin.net.au and PayMill. There are still situations where you may want to hold and disburse payments, but now it's a matter of choice rather than a necessity.
Justin also wrote, "Wherever possible offer support for multiple payment gateways - in particular the ones that allow for easy on-boarding of any merchants." One of our goals for Spreedly Core is to make it even easier for businesses to create such marketplaces by enabling our customers to allow their
customers to accept payments.
We're thrilled to see companies like Stripe offering services like Stripe Connect. And it's wonderful that GoCardless has a Partner API. Both of these are examples of payment providers greatly simplifying the merchant on-boarding process using an OAuth type approach.
We think it's only a matter of time before other payment providers follow suit in providing OAuth type flows. In addition to super easy on-boarding of new merchants, the OAuth process also makes it easier for third parties to obtain authorization from a merchant to access their merchant account. And it makes trying third party services out much less risky for merchants since they can easily revoke access for a single service if they need to.
On the Spreedly Core side, the approach we've taken is to generally stay out of the OAuth flow for these payment providers. This gives you complete control in how you'd like your customer to go about seeking the authorization needed. OAuth includes a number of HTTP redirects and API calls and at this point, we don't get involved there. At the end of the authorization though, you're given an access_token. And it's that access_token that gets used by Core when you'd like to create a gateway (Stripe example, Gocardless example). Once that gateway is created, you have the ability to interact with it and process payments just like you do with any other gateway.
Since Core vaults the credit cards away from the gateways, this means marketplaces can offer their customers the wonderful ability to change gateways whenever they'd like without needing their ultimate customers to re-enter credit card information.