General Data Protection Regulation
Payment Services Directive
ePrivacy regulation
Audiovisual Media Services Directive
The integration is built as an API Extension for the Commercetools API and deployed as an AWS Lambda function. The extension fully respects the required API contract and performance requirements. To work properly, the API extension should be registered via the Extension API with next triggers: customer create/update events and order create/update.
Age Verification Flow:
New customers can be created within the registration process. On new customer request - the Commercetools API will call the TrustElevate API extension and send the customer data. If there is not enough customer data to initiate age verification, then TrustElevate returns an error response. If there is enough customer data, then TrustElevate makes the age verification and based on results returns a response. If verification fails, it returns a detailed error message. Otherwise, an empty success response is sent. The request processing is a synchronous operation.
Depending on the birth date provided by the customer, they may be required to have different additional fields for the age verification. The API Extension will return a detailed error message detailing what fields are required. Every customer should successfully pass the age verification check only once to be allowed perform age restricted operations/purchases on the merchant platform.
Purchase Flow:
When the customer has been identified as a child (age <= 16), then parental approval is required for the age restricted operation/purchase. Usually, before the actual payment is processed, the customer creates the order. The order information will be send to the TrustElevate API Extension before a notification is sent to the parents. When the parent performs an action to signal that they have approved/denied the order then it can be paid/rejected. Moreover, the merchant can be notified on provided URL about whether the order has been approved/denied.
For adults, transactions do not require any validation/verification.