It is possible to send full credit card data via webhook, but in order to ensure a secure transmission of data, we require some security options that are not required for a typical webhook including ensuring that you are sending the data to a PCI compliant database.
To set up a Webhook to securely send full credit card data follow these steps:
1.) Add the new credit card field to your form.
2.) Go to your form’s Settings tab > Emails & Actions > Advance Settings > Add Webhook
3.) Enter a secure endpoint URL (HTTPS is required for sending credit card data)
4.) Check the ‘Allow full credit card data to be sent through webhook’ box.
5.) Click ‘I understand’ under the disclaimer stating that you are aware of the risks involved with sending card holder data to a PCI non-compliant server and that Formstack is not responsible for the data once it leaves our system.
6.) Enable the HMAC key setting (Required for sending credit card data)
7.) Add at least one email to receive error messages upon failure of webhook (Required for sending credit card data)
Please note: If the webhook fails, the submission will be stored in Formstack, but the credit card data will not be saved
*You may need to request that PCI Compliant webhooks are enabled on your account if you are not currently using Formstack to store credit card information. Please contact Support if you have questions.