Payment sources

Each Spree::Payment object has optional source_type and source_id attributes that point to a payment source model. The listed source type is supplied by the Spree::PaymentMethod being used.

Solidus includes some payment sources such as Spree::CreditCard and Spree::StoreCredit. However, your payment method could define any custom payment source in its payment_source_class method.

Credit cards

If your payment processing integration uses the Spree::CreditCard class for its payment source, take note that this model does not store all of the payment details. Solidus only collects enough data to allow customers to verify which credit card is being used.

All the credit card data that you collect should be immediately sent through a form to the payment service provider. Your databases should not store a customer's complete credit card data for any amount of time.

Whenever you store sensitive customer data, you risk a PCI compliance violation. We recommend using the Spree::CreditCard class as an example of responsibly storing customer data. See the PCI Security Standards website for more information.


Solidus is an open source platform supported by the community. We encourage everyone using Solidus to contribute back to the documentation and the code.

If you’re interested in contributing to the docs, get started with the contributing guidelines. If you see something that needs fixing and can’t do it yourself, please send us an email.