[iyzico] Is it possible to implement the «API»-type integration (dev.iyzipay.com/en/api) without a PCI DSS certification?

dmitry_fedyuk · September 1, 2017, 9:43pm

As I see, the «API»-type integration does not provide an ability to create tokens for bank cards client-side, without the secret API key.
As I understand, the «Kart Saklama» service requires the secret API key, so it is insecure to use it client-side.
As I understand, iyzico does not provide an analog of the Stripe’s stripe.createToken() client-side JavaScript function to tokenize bank card data without passing them to the merchant’s server.
So, is it possible to implement the «API»-type integration (Başlangıç - Prod) without a PCI DSS certification?

My addional exmplanations to iyzico:

Your API requires to pass bank card details from the merchant’s server side: Başlangıç - Prod
See the cardNumber, expireYear, expireMonth, cvc, cardHolderName.
How is it possible for a merchant to have such bank card data on the server side without the PCI DSS certification?

dmitry_fedyuk · September 6, 2017, 12:17pm

I have got the response from iyzico:

If you use iyzico checkoutform you do not need pci-dss certification but if you use the payment form you have designed you need to pci-dss certification