In Stripe docs, it is mentioned you can create a pre-build checkout session which is hosted by Stripe. When response is returned from session creation you can send a redirect request to client with the link obtained for the session.
Instead of redirecting the client, I want to send the link in an email/whatsapp to the customer. I want to know is it safe to do so. Is there anything i need to keep in mind while doing this ?
If you are creating a Checkout Session, the URL will expire after 24 hours and it can only be used by a single user.
If you are creating a Payment Link, the URL won't expire and it also can be used by multiple users. Note that when a user clicks on the Payment Link URL, Stripe will automatically create a Checkout Session for that user.
So if you plan to share the link directly with your users (for example by email), I would recommend to use a Payment Link.
Related
I can't seem to figure out how to include email into stripe checkout success redirect.
I setup stripe check out payment link (from UI), simple subscription. Once payment is successful, I would like to redirect customer to my WebApp, but I do need to include customer's email.
Unfortunate redirect includes literal {CUSTOMER_EMAIL}, instead of real email. How can I mend it?
CUSTOMER_EMAIL is not available. Only CHECKOUT_SESSION_ID. You can find how to use CHECKOUT_SESSION_ID to retrieve the Customer info from Stripe Doc. But that would require you to write some code
get '/order/success' do
session = Stripe::Checkout::Session.retrieve(params[:session_id])
customer = Stripe::Customer.retrieve(session.customer)
You can't use the email on redirect. The only field available is the checkout session id. You can use a tool to get the checkout session data from the checkout session id like shown here: https://attribut.io/docs/stripe/stripe-checkout-session-data-from-payment-links/.
Otherwise you need to create a server to to do that for you.
I am new to Stripe and payments in general. I've found few articles on the internet with the examples and guidelines eg. this one. As i noticed the algorithm for creating the payment looks like this:
Client app fetches the publishable Stripe key from the server
Server application creates the checkout session, client app fetches the checkout session id using retrieved publishable key
Client app redirects to checkout
User finishes the payment and being redirect back to client app
Please correct me if i'm wrong. In general i don't understand one thing - how the server application knows that the payment is completed successfully or not? Should i redirect the flow from stripe checkout to backend first, process the result and the from the backend call the frontend again? Or should i somehow use the checkout session to check has it been completed? Shall i use some kind of cron then to process pending checkout sessions? Thanks in advance for any help. Regards
Basically, what you lay out is viable. You can check the Session status when the client is directed back to your server, but you will want to check this status at least one other way, either via a webhook or the cron job you mention.
Should i redirect the flow from stripe checkout to backend first, process the result and the from the backend call the frontend again?
This is possible. Stripe allows you to add the {CHECKOUT_SESSION_ID} template parameter to your Checkout's success URL, when the user is redirected after their checkout, that template will be replaced with the actual Checkout Session ID which you can use to retrieve the Session and its status.
That being said, it is possible for a Customer to make a payment but have their connection cut out before navigating back to your page. So, if you rely on that redirect the customer will be charged but you will never know to fulfill their order. That leads to unhappy customers so Stripe typically recommends setting up a webhook endpoint on your server[2] so that they can send you a checkout.session.completed event to notify you that the customer has finished their Checkout Session. That way, even if a customer never gets to your success page, you will know to fulfill their order.
[1] https://stripe.com/docs/payments/checkout/custom-success-page#modify-success-url
[2] https://stripe.com/docs/payments/checkout/fulfill-orders
I am building a app where public users can view a pricing page and they can click on any plan (I am using stripe for subscriptions). upon clicking on that user will be redirected to checkout.
I want the user who has paid/subscribed to be redirected back to my app for registration. How can I check if this particular user has paid?
When you create your Checkout Session, you can add {CHECKOUT_SESSION_ID} to your success_url. Stripe will replace that template variable with the Checkout Session's actual ID. When the user navigates to your success page for registration, you can retrieve the Checkout Session by its id[2] on your server and check that its payment_status is paid.
session = stripe.checkout.Session.create(
success_url="http://yoursite.com/order/success?session_id=.
{CHECKOUT_SESSION_ID}",
# other options...,
)
It is important to note that the customer's connection can cut out after they have made their payment but before they get to your success page. In that case a customer would pay you but not be able to register. To prevent that, Stripe recommends you also create a webhook endpoint[3] and listen for checkout.session.completed event. That way, you can email your customers a link to their registration page after they have paid so that they can get to it after payment.
[1] https://stripe.com/docs/payments/checkout/custom-success-page
[2] https://stripe.com/docs/api/checkout/sessions/retrieve
[3] https://stripe.com/docs/payments/checkout/fulfill-orders
I am having trouble finding out the difference between payment Intent and a session.
Assuming I a customer logs into a page and goes to domain.com/register how can I create session and check if customer has already visited page by using customer email address to get the customer object?
What are the difference between paymentIntent and session and how do they help? I see that session is created on Checkout but not when accepting one time payments.
Current I create a payment intent and it works find but my 'url' has no session
PaymentIntents
A PaymentIntent is an API object in Stripe's API that create encapsulates a lifecycle of a one-time payment.
You typically create your own form on your webpage when using PaymentIntents, create a PaymentIntent using the Stripe API, then confirm it using the cardElement from Stripe Elements (the frontend UI elements for collecting card details).
Checkout
Checkout is a full page "hosted UI" that creates its own PaymentIntent and provides all the UI that a customer needs to enter their card details and takes a payment. It also supports many other payment methods automatically without you having to manually add support for each one.
So a CheckoutSession under the hood uses a Subscription or a PaymentIntent object, depending on whether it was used in subscription or payment mode.
In the stripe documentation, it says:
So in this case, the checkout page goes to the success or failed page on my frontend.
I use the backend to track the payment status so that we can monitor the transactions in the admin portal, and the above approach seems dangerous to me.
When checkout is successful, it redirects the window to the success url. This means I have to call the backend API in the success page to update the payment status. However, the stripe is the source of truth about the payment status, and the status update on DB should come from Stripe, not come from a frontend page. At the very minimum, if a user refreshes the success page, it would have called the API again and again which is bad. Also, it is about "a user says I paid successfully" v.s. "Stripe says they paid successfully".
I tried the Stripe webhooks, but in the webhook data object, there is no information that I can use to link it to the sessionId that is generated from creating the checkout session, but the session id is the only tracking id I can get from Stripe about a payment.
What's the best practice, if Checkout is the only solution, to securely update my database?
You have 2 options:
Rely on webhooks. The checkout.session.completed event will describe a Checkout Session which contains its ID, which you hopefully saved when you created the Session earlier so you can link the two together.
Retrieve the session ID from the success URL once the payment is complete and retrieve the Session on your server, then check the Session's payment_status. This way your server can verify if the payment was actually completed or if someone just managed to guess the URL of your success page.
Stripe doesn't recommend only doing option 2, as it's very possible that users close the browser tab or window before the redirect to your success page can happen, resulting in a possible loss of payment confirmation. You should always use webhooks instead to guarantee your purchase fulfillment logic correctly fires.
You can get Stripe Payment status or session Details by session_id on asp.net core || .Net 5
var service = new SessionService();
Session session = service.Get(yourSessionId);
// You can track :-
session.Id;
session.PaymentStatus; // Paid or Unpaid
session.Status;
session.Mode;
//And more