So far, I'm striking out with google. Trying to toy around with Stripe. Now, cybersource, payflo, authorize.net all talk direct to the backend when it comes to entering credit card data. I've been trying to figure out how do the same with Stripe. I can't find out how to do it without stripe.js.
ie: Enter credit card through generic form, once posted to server, the server calls stripe (using new paymentintent because of SCA). In short, I need to know how to create the credit card object on the backend so I can send it to the payment intent without stripe.js.
I do NOT have code snippets of my own since I'm just now learning the API. Don't know if this is even possible/allowed/etc.
Edit: Everything follows this general premise: https://careydevelopment.us/blog/how-to-implement-a-credit-card-payment-solution-with-spring-boot-and-the-stripe-api
Related
I am implementing the Stripe payment platform using JavaScript and the PHP SDK.
I don't have any issues with the implementation itself, but I am not sure whether I have to reuse an existing PaymentIntent or it's perfectly fine to have a bunch of them created and incomplete.
I searched for this in Stripe's documentation, but I can't seem to find anything related to this.
For example, in my test account I have this:
It's all for the same transaction, because I was changing some visuals and refreshing the browser.
I am aware that each PaymentIntent has an ID, but is it recommended to add it as a query parameter and retrieve it on refreshing, or is it better to always generate a new Payment Intent.
My main reasoning is to avoid having a huge collection of incomplete payment intents.
The default integration path for Stripe today is to create a PaymentIntent first so that you get a client_secret you can use client-side to render their UI via PaymentElement. This means that if your customers decide not to pay after all, you end up with an incomplete PaymentIntent which is expected.
This is not really a problem, other than appearing in the Payments list which can be confusing. You could also write a background job daily that would cancel any PaymentIntent via you know won't be completed because the customer left and you didn't have any data to contact them to upsell them for example but this isn't really needed.
Stripe also has a beta (docs) right now (Feb 2023) that changes the default integration path. This simplifies the experience because you can render the PaymentElement client-side with specific options such as amount and currency. You'd then only create the PaymentIntent at the end of the flow
when the customer is attempting to pay. That flow limits the number of incomplete PaymentIntents since you only create them when the customer really pays. You'd still get some, for example after a decline by the customer's bank though.
I'm new to both Payhip & Stripe. I'm testing out both products by setting up a test product in Payhip & making a purchase using a dummy visa card number (4242424242424242) from here
Payhip is connected to Stripe.
I keep getting the message - Your card was declined. Your request was in live mode, but used a known test card.
I've searched on google & read thorugh stripe documentation. I'm not able to find anything useful to solve this problem.
To use a test card in your integration, you need to use the test mode secret key instead. You can get it from the Stripe Dashboard -> Developer -> API Keys page.
The problem is not linked to Stripe i any form. There no way out to use a test card with Payhip. I contacted Payhip support & was advised as follows
One can either use a 100% off coupon (see here: Testing Checkout Flow) or put through a live transaction and refund yourself afterwards (How Do I Refund a Transaction?)
Background
I am integrating stripe API into my site to take one off payments. My site will be API first on server side with a separate web and mobile front end. I am working on the API server side code. I will eventually use stripe payment pages to take credit card payments. I am trying to automate the testing of my APIs and am bamboozled by the documentation (which are thorough) as I just can't see what steps to take next.
My server side initiates a call with stripe using stripe sdk to create a stripe Session object - this contains a URL to redirect to checkout.stripe.com/pay/..., a success URL when payment is successful and a cancel URL (these I set to handle the callback).
Problem
I can automate in Postman all my API calls from Browse Products, Select Product, Place Order but the next step I am stuck. After Placing Order I get back the stripe session but how can I mimick making the payment with stripe for the session and then call my Success URL ?
When the site is complete I will redirect the UI to stripe to take payments but I am testing and completing the back end flow first.
I have copied and pasted the session URL which is returned by the stripe Session object to bring up the page in a browser and used Dev tools on Chrome to inspect Network to see which APIs are being called by stripe in an attempt to reproduce and I can see a POST to stripe.com/api/payment_methods and I can see the posted values but I can't reproduce this in Postman. Also, the documentation (https://stripe.com/docs/api/payment_methods/create) says
"Instead of creating a PaymentMethod directly, we recommend using the
PaymentsIntents API to accept a payment immediately"
Question
Which stripe APIs do I need to call to automate the flow from a stripe Session object to make a payment and then check that it was successful? Payment Methods? Make a Charge? Payments Intents? ...and how. Happy to be pointed to the documentation if you can help me understand the flow.
TIA
Checkout is a Stripe product that looks like a "box" and you can't know (and shouldn't need to know) what happens inside. It is created for the purpose that merchants won't have to think about what's being done under the hood.
Speaking from an automation perspective, you can try to reproduce the whole process but there's no guarantee it won't change in the future, and it could leave you with more problems later.
For options to reproduce:
The closest way is simulating browser filling and submission, using automated browser tools (ie Selenium). But it's not as straightforward as PostMan. Generally you would want to simulate every browser action that a human could do.
Or you can try to accomplish the same with the logs and events you receive on Stripe's Dashboard, when you test a Checkout Session by yourself. From now there are 3 requests.
And your goal is to receive the same 5 events in Webhook:
TBH I recommend to reconsider the need of this test, to see if it worth your efforts.
A client has asked me to set-up card payments through authorize.net. However, I've noticed the node SDK hasn't been updated in a year and their Node SDK is only mentioned on some of their doc pages (so I get the impression it's not a primary focus for them).
I have many years of experience using Braintree Payments and Stripe. They both have great support for Node, plus drop-in/hosted fields for React (frontend). This approach removed much of the PCI compliance requirements from my server.
However, my client cannot use Braintree or Stripe because they are selling restricted items which are not allowed by Braintree's and Stripe's ToS. They currently use Authorize.net and would like me to continue to support that on their new website.
It seems my only option is to directly send card details from my React frontend to my Node API server. Which makes me uncomfortable. As Stripe's PCI guide says there are 300+ security controls in PCI DSS which need to be met if send PCI data on servers.
Here is an example of their creditCard inputs on Node, taken from their examples GitHub repo.
var creditCard = new ApiContracts.CreditCardType();
creditCard.setCardNumber('4242424242424242');
creditCard.setExpirationDate('0822');
creditCard.setCardCode('999');
var paymentType = new ApiContracts.PaymentType();
paymentType.setCreditCard(creditCard);
My question is:
It doesn't seem the best practice in 2020 to send card details through my server anymore with so many providers out there offering hosted fields. Is this a valid concern?
Would I need to get my Node.js code and PCI compliance validated by QSA?
more link:
Node.js SDK: https://github.com/AuthorizeNet/sdk-node
Their PCI compliance list (last updated three years ago?):
Hey I believe that the accept.js suite would be what you need. https://developer.authorize.net/api/reference/features/acceptjs.html Basically it takes a payment nonce after receiving your post request from the client side and sends it to your server instead of sensitive credit card in formation. I am trying to work with it myself. Maybe we could collaborate. I'm a node payment novice. I posted a question about it here.
I would like to automatically hit an api with dynamic values from my client side via a post request using javascript files. How can I achieve this?
let me know if this helps
While writing this question I found out that someone had the same concern as me in PHP/Magento in another Stack Overflow post.
Using Authorize.net's Accept.js you can send payment details directly to their servers and use a payment nonce (like Braintree/Stripe) in place of the card details.
Accept.js is a JavaScript library for sending secure payment data
directly to Authorize.Net. Accept.js captures the payment data and
submits it directly to us, in exchange for a one-time-use token, or
payment nonce. You can use this payment nonce in the place of payment
data in a follow-on createTransactionRequest API call.
Our JavaScript library offers developers two workflow options for
accepting payment:
Option 1: Host your own payment form for a PCI-DSS SAQ A-EP solution that gives you complete control of the customer payment experience.
Option 2: Embed our hosted, mobile-optimized payment information form in your page to collect the card information in a PCI-DSS SAQ A
compliant way. For a fully hosted payment solution that you can
redirect your customers to or embed as an iFrame within your page, see
our documentation for Accept Hosted.
Can I use Stripe for receiving a one-time payment instead of recurring payments?
If so what settings do I have to make?
Yes, just use the Stripe::Charge.create method. As the payment method, you can either pass in a card directly or reference a Customer whose card should be charged.
You can receive one-time payments via the Stripe dashboard. Go to:
https://dashboard.stripe.com/payments
and click the button for a "+New" payment. That will let you manually enter the cc info. I do this with my Pairing as a Service clients all the time... they just read me their card info, and I enter it with the amount I'm charging them and a description. Your account password is then required to complete the charge.
It's fast and easy... I just wish there was a way to let them enter the info directly. Maybe I'll make something like that...
Yes, You can just create a Stripe account and use a simple example of Stripe payment for Ruby on Rails I've made recently. Check the code: https://github.com/ab00zar/StripePayment-example
Run the server using your test keys like:
PUBLISHABLE_KEY=pk_test_g0XSu8r2ugAETksVJQXJjU30
SECRET_KEY=sk_test_A3rwGLOMNxEKDkaJOTgi4frd rails s