Is the braintree Client token unique to each order

Question

I am using braintree rails dropin and only my first transaction was successfully reflected in the sandbox admin. I noticed that the client token being generated on the controller is the same every time its called. Is this an error or is it supposed to generate the same token every time. I didn't see anything in the documentation regarding this issue.

Answer 1

_{Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.}

The client token is unique for each call to the Braintree API. Without code or sample tokens being generated there's no way to confirm or resolve this issue. But I suspect that's not truly happening. I suspect what you might be seeing is that it's almost entirely the same. You can test this in irb:

?> irb
2.2.3p173 :001 > require 'braintree'
2.2.3p173 :002 > Braintree::Configuration.environment = :sandbox
2.2.3p173 :003 > Braintree::Configuration.merchant_id = 'yourid'
2.2.3p173 :004 > Braintree::Configuration.public_key = 'yourpubkey'
2.2.3p173 :005 > Braintree::Configuration.private_key = 'yourprivkey'
2.2.3p173 :006 > Braintree::ClientToken.generate().hash
I, [2016-05-12T16:38:15.694941 #14251]  INFO -- : [Braintree] [12/May/2016 16:38:15 UTC] POST /merchants/yourid/client_token 201
 => -108931568589167346 
2.2.3p173 :007 > Braintree::ClientToken.generate().hash
I, [2016-05-12T16:38:16.616599 #14251]  INFO -- : [Braintree] [12/May/2016 16:38:16 UTC] POST /merchants/yourid/client_token 201
 => -816324802974143833

The client token is a blob of data that, as the documentation says, contains all authorization and configuration information your client needs to initialize the client SDK to communicate with Braintree. Under the hood, you can see that current client tokens are base-64 encoded data types with a string of Json inside. It's easy to see that they are unique if you see the authorizationFingerprint:

2.2.3p173 :015 > require 'base64'
2.2.3p173 :018 > Base64.decode64(Braintree::ClientToken.generate())
I, [2016-05-12T16:39:32.974157 #14251]  INFO -- : [Braintree] [12/May/2016 16:39:32 UTC] POST /merchants/yxcm2pqnmw2jwsgn/client_token 201
 => "{\"version\":2,\"authorizationFingerprint\":\"5845e00458d7e9b963c3490946432997b154e12345e7918001289edddd453d1b|created_at=2016-05-12T16:39:32.853698588+0000\\u0026merchant_id=yourid\\u0026public_key=dqgrxzv8f4syj95m\",\"configUrl\":\"https://api.sandbox.braintreegateway.com:443/merchants/yxcm2pqnmw2jwsgn/client_api/v1/configuration\",\"challenges\":[\"cvv\"],\"environment\":\"sandbox\",\"clientApiUrl\":\"https://api.sandbox.braintreegateway.com:443/merchants/yourid/client_api\",\"assetsUrl\":\"https://assets.braintreegateway.com\",\"authUrl\":\"https://auth.venmo.sandbox.braintreegateway.com\",\"analytics\":{\"url\":\"https://client-analytics.sandbox.braintreegateway.com/yxcm2pqnmw2jwsgn\"},\"threeDSecureEnabled\":true,\"paypalEnabled\":true,\"paypal\":{\"displayName\":\"Your company name\",\"clientId\":null,\"privacyUrl\":\"http://example.com/pp\",\"userAgreementUrl\":\"http://example.com/tos\",\"baseUrl\":\"https://assets.braintreegateway.com\",\"assetsUrl\":\"https://checkout.paypal.com\",\"directBaseUrl\":null,\"allowHttp\":true,\"environmentNoNetwork\":true,\"environment\":\"offline\",\"unvettedMerchant\":false,\"braintreeClientId\":\"masterclient3\",\"billingAgreementsEnabled\":false,\"merchantAccountId\":\"somemerchantaccountid\",\"currencyIsoCode\":\"USD\"},\"coinbaseEnabled\":false,\"merchantId\":\"yourid\",\"venmo\":\"off\"}" 
2.2.3p173 :019 > Base64.decode64(Braintree::ClientToken.generate())
I, [2016-05-12T16:40:05.758760 #14251]  INFO -- : [Braintree] [12/May/2016 16:40:05 UTC] POST /merchants/yxcm2pqnmw2jwsgn/client_token 201
 => "{\"version\":2,\"authorizationFingerprint\":\"c68a6c2ce2becb3gdfe6e9c9d2f4bd65b912cc2b6a7980971231974ea37dd625|created_at=2016-05-12T16:40:05.605145848+0000\\u0026merchant_id=yourid\\u0026public_key=yourpubkey\",\"configUrl\":\"https://api.sandbox.braintreegateway.com:443/merchants/yourid/client_api/v1/configuration\",\"challenges\":[\"cvv\"],\"environment\":\"sandbox\",\"clientApiUrl\":\"https://api.sandbox.braintreegateway.com:443/merchants/yxcm2pqnmw2jwsgn/client_api\",\"assetsUrl\":\"https://assets.braintreegateway.com\",\"authUrl\":\"https://auth.venmo.sandbox.braintreegateway.com\",\"analytics\":{\"url\":\"https://client-analytics.sandbox.braintreegateway.com/yxcm2pqnmw2jwsgn\"},\"threeDSecureEnabled\":true,\"paypalEnabled\":true,\"paypal\":{\"displayName\":\"Your company name\",\"clientId\":null,\"privacyUrl\":\"http://example.com/pp\",\"userAgreementUrl\":\"http://example.com/tos\",\"baseUrl\":\"https://assets.braintreegateway.com\",\"assetsUrl\":\"https://checkout.paypal.com\",\"directBaseUrl\":null,\"allowHttp\":true,\"environmentNoNetwork\":true,\"environment\":\"offline\",\"unvettedMerchant\":false,\"braintreeClientId\":\"masterclient3\",\"billingAgreementsEnabled\":false,\"merchantAccountId\":\"somemerchantaccountid\",\"currencyIsoCode\":\"USD\"},\"coinbaseEnabled\":false,\"merchantId\":\"yourid\",\"venmo\":\"off\"}" 

If you don't see different authorizationFingerprints, I would contact Braintree Support immediately.