The new integrated Vault interface for Magento 2 payment methods includes a public_hash
that is generated from the payment method information:
$hashKey = $paymentToken->getGatewayToken();
if ($paymentToken->getCustomerId()) {
$hashKey = $paymentToken->getCustomerId();
}
$hashKey .= $paymentToken->getPaymentMethodCode()
. $paymentToken->getType()
. $paymentToken->getTokenDetails();
However, it is unclear to me what the purpose is of this hash. It doesn't hash any information that's not also stored in clear text, and it's not the primary key of the database table.
Does anybody know why this field was added?
Best Answer
The
public_hash
is used to reference the card from untrusted sources (like on checkout). It gives each card a unique non-sequential identifier that can't be readily guessed, to help curb any possible abuse.