CartThrob 9 documentation for ExpressionEngine commerce teams Visit CartThrob.com
CartThrob.com

Key Concepts

Setup Prerequisite

Before configuring Subscriptions, install and enable CartThrob Permissions Manager (cartthrob_permissions_manager).

Subscriptions depends on Permissions Manager for permission assignment and access checks. If Permissions Manager is not installed, the Subscriptions Control Panel redirects back to the add-ons page until it is installed.

Subscription System

A subscription (or recurrent bill) is simply a contract between the customer and your site that allows you to initiate a payment on the customer’s behalf on a regular basis. You can use:

  1. Parameters to create subscriptions on the fly
  2. An administrative interface for creating subscription products via the backend.

The subscription module allows you to create and manage subscriptions.

Token Vaults System

Most payment gateways have systems that can store customer information (including credit card numbers) securely on their systems. The benefit of using a vault system is a reduced PCI compliance burden. Generally, when adding a customer to the vault system, you capture a token from the payment gateway itself. Once you have this payment token, it can be sent in the future to initiate a payment even without the customer present, and without storing customer information.

In v5.1, vault management UI is handled in CartThrob core rather than a dedicated Vault panel inside Subscriptions.

Uses of vault systems:

  • To initiate payments in a subscription on a regular basis without the customer present
  • To make it simple for your customer to store their checkout information on your site so that they don’t have to enter it every time they checkout (includes the storing of credit card numbers)

CartThrob’s subscription system requires a payment gateway that can handle vault/token transactions. This ensures you do not need to store credit card details on your server. Currently, CartThrob supports the following gateways that offer token-based transactions:

  • Authorize.net (CIM)
  • Stripe

To use one of these systems, your gateway account needs both base services and the token/vault feature enabled. Once active, no additional setup is usually required.

If you would like support for additional gateway providers, please contact us.

Permissions System

When adding items to the cart, it’s possible to assign “permissions” to the user. These permissions remain in place until removed. Once a permission is set you can use the permissions tag to protect content from being accessed by customers that do not have an assigned permission. Permissions have no effect on ExpressionEngine’s backend access or other member group options and are only available for the front end of your website.