...uses asymmetric encryption to prevent raw credit card data from passing through merchants' servers. It intercepts a form submit in the browser that contains sensitive data, encrypts that data with a public key provided to merchants by Braintree and then submits the form with the encrypted data to the server. Braintree retains the private key of the key pair so that merchants are unable to decrypt the encrypted fields server-side. Any string field in Braintree's API can be encrypted and encrypted values can be transparently dropped into any API call
I’m a big supporter of what I call a healthy embeddable strategy, which includes buttons, badges, widgets and other tools you can build on top of an API or to support API integration.
I’ve talked about the potential of markup APIs and scripting platforms in the past, which I think is a related example to what Braintree is doing--in which you can build JS libraries for your API users and extend not just the reach of the value generated by your APIs, but the expertise of your team.
from API Evangelist http://feedproxy.google.com/~r/ApiEvangelist/~3/1kGuCu9Vl-g/