I wouldn't be saving any customer sensitive details to my events in the case of payments.
I've just modelled an online payment flow with the following bounded context: orders, payments
My orders context handles commands/events in preparing the shopping cart, getting the order put together including the order line items, tax, totalling, discounts, customer details etc.... My saga/process manager for my PendingOrderAwaitingPayment aggregate listens for events raised by the Payments bounded context.. PaymentProcessedSuccessfully, PaymentUnsuccesfullyProcessed.
We use stripe or paypal to actually process the payment but the event data that is stored isn't too sensitive... E.g. transationId, receipt No, errorcode, errormsg etc.
What I'm trying to highlight is that i dont think its good practice to have your customers actual sensitive details in the events themselves. You should be able to design around this problem and save yourself problems.
If you use JSON.NET to serialize to DB then just add [JsonIgnore] to fields to remove them from event serialization. I know its not the best but if you have to do it, this is one way. The issue is that events are not replayable.
You received this message because you are subscribed to a topic in the Google Groups "ncqrs-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ncqrs-dev/ht9KpzCIdck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ncqrs-dev+...@googlegroups.com.