sharing , well kinda

[neuzen]

ok i've got this deal with someone who's a friend... i set him up with zc and my merchant account for a share of sales.

i'll let him use my merchant account but i don't want him to have access to the account information because the account is used for several sites. but he has complete operational control otherwise.

also included in the agreement is that he gets full access to the site file set and database. so i can't keep the account information hidden... can i?

is there a way to do this without resorting to writing compiled, closed source code?

[DrByte]

In this regard I like what authorize.net has done by issuing an API login ID and transaction key which are completely separate from the merchant login details. They only allow you to use their API for doing transactions like CC auth/captures, etc. If someone steals the ID/key, all they can do is send you more CC auth's ... granted, they could be fraudulent and cause you trouble, but at least the info cannot be used to login and modify your account, etc.

Linkpoint does similarly: A user ID and a certificate key (file) are required to use the module. The user ID is tied to your account, but the payment module doesn't use your real merchant password. Thus, the login details cannot be stolen.

If you're using a payment module for a gateway that offers less separation between username and password details, you might consider exploring how to change that.

[neuzen]

unfortunately authorize doesn't underwrite businesses that require age verification, otherwise i would've been with them for this account.

if dr. byte can't come up with another solution i'm pretty sure i can't. guess it's closed source time... thanks though!