My company is investigating the possibility of switching our payment gateway from Authorize.net to Payeezy if we can verify that essential features are available. One of the features we use currently is "payment profiles" - in essence a web client will login to our site, enter credit card information which we then use a PHP based API to create a "payment profile" (we do not store the customers credit card info, the API returns a 9 digit code we store). When a client then wants to make a purchase we simply send the $ amount and 9 digit code and Authorize.net completes the transaction and returns details. After reading most of the Direct Post API, would I be right in saying we could create a non-time based "token" which we could store for a certain client and then we could use this much as we use the 9 digit Authorize code? And that by using this "token" we would not have to store any credit card information on our server? Please let me know.
Thank you for your time.