Do I need the Midtrans UIKit SDK to use the tokenization SDK? No, the Gopay tokenization SDK is a standalone SDK. It doesn’t have any dependency to the other Midtrans SDK.
Will there be any instances when my user needs to be redirected to the Gojek app in the middle of any of the payment flows? No, the SDK is designed to keep the user within your app. The authentication happens via a secure webview within your app.
Is it safe to store the payment option token on the backend or frontend or both? The token is safe to store. It can only be used to create transactions with your merchant ID, and it requires user’s authorization before it can be used.
What happens if the token is invalidated (by Midtrans/GoPay/user)? If the token is invalidated, the token can no longer be used to create transactions. If the user wants to do another transaction then the user needs to re-do the account linking flow.
Is there any information on the response object that is unsafe for storage or personally identifiable information? No, all information provided is safe to store.
Is Paylater supported? Paylater is one of the options available in the payment options list if your user is eligible to use it.
How do I differentiate between sandbox and production environments? You can do that by switching the merchant server URL between sandbox and production in your own server environment.
How can I ensure that users can’t do credit based payments? You will get the available payment option when you enquire about the account status. Do not show the PayLater options from the list as a payment option.
When will the PIN request webview pop up? The PIN request webview will pop up during the following conditions. Account linking process after user enters the OTP and during transaction creation to authorize the payment
Do I need to give my users the options to "unlink/disable their accounts"? You need to give users the control over the use of their payment tokens. Be explicit on what happens after a user unlinked/disabled the account.
Do I have to notify my users when a transaction takes place using a token? Users will know that they entered the authorization PIN and afterward will expect a status on the payment. We will notify your merchant server via HTTP notification and you can notify the users on the payment status change after the success notification was received.