Read the examples
Their github profile has sample applications in many different languages. Don't start yours without spending some serious time with theirs!
TDD it
This part of your application is too important not to test. Unfortunately, it is one of the more difficult parts to test. I found that a good mocking library was enough to let me test most of the controller logic around my payments. I fell short of doing end to end testing like this person describes.
Give yourself time
It took us 3 weeks to get our application approved for use with Braintree. (The holdup wasn't Braintree.) They audit your site and require the terms of service, so we ended up waiting for lawyers and clients to hash out those details before we could get approval. You do get instant access to their sandbox though, which means you can do development in parallel with the approval process. Don't wait until the last minute!
Room for Improvement
Overall Braintree was the best of all the solutions I researched. Their "transparent redirect" helps you minimize your PCI compliance exposure while maintaining a great user experience (no IFrame), and their API's are great. Of course nobody's perfect... Here is my wishlist for three things that I would like to see from Braintree in the future.
- A braintree test-proxy gem for easier integration testing.
- Sample controller and integration tests in the sample applications.
- A developer console in the sandbox for examining requests and responses.
Edit: ThoughtBot has created Fake Braintree as a way to do braintree integration testing. I'm going to give it a shot.
