Payment Form Models
The payment form model is a special model used to validate payment parameters and pass them on to a payment gateway in a way it expects.
When returning after a validation error, a paymentForm variable will be available to the template and set to an instance of BasePaymentForm (opens new window).
Each gateway can use its own payment form, however it must extend BasePaymentForm (opens new window). There are generic models available for use, specifically for gateways passing around credit card information, but you should refer to the documentation of the plugin providing the gateway to see whether it uses its own model.
Generally, you shouldn’t be concerned with the specific type of payment form model being used, as it’s provided by the gateway and doesn’t need to be configured.
# Model Attributes
The following payment form model attributes exist for gateways handling credit card information:
We highly discourage creating gateways that directly capture credit card information. Instead, the token attribute can be used to transport a one-time use identifier for a payment method that is tokenized by a client-side script.
| Attribute | Validation | Description |
|---|---|---|
token | not validated | If a token is present on the payment form, no validation of other fields is performed and the data is ignored. |
firstName | required | The first name on the customer’s credit card. |
lastName | required | The last name of the customer’s credit card. |
month | required, min: 1, max: 12 | Integer representing the month of credit card expiry. |
year | required, min: current year, max: current year + 12 | Integer representing the year of credit card expiry. |
CVV | minLength: 3, maxLength: 4 | Integer found on the back of the card for security. |
number | Luhn algorithm (opens new window) | The credit card number itself. |
threeDSecure | not validated | A flag indicating whether 3D Secure authentication is being performed for the transaction. |
# Tokenization
Whenever possible, gateways should pre-validate credit card information using the processor’s client-side JavaScript library. The Stripe (opens new window) plugin does exactly this—many other payment processors have equivalent tokenization systems that avoid sending sensitive information to your server.