Stripe No such customer (Express Connected Account) - node.js

I'm trying to allow users to create one-off invoices after they have onboarded to the platform via an Express account.
I have a Node route set up to create and send an invoice.
I'm getting the error
StripeInvalidRequestError: No such customer: 'cus_I3Xra0juO9x2Iu'
However the customer does exist in the user's connect account.
The route is below
app.post('/api/new_invoice', async (req, res) => {
try {
const { customer, deliverables, amount, payableBy } = req.body
const product = await stripe.products.create({
name: deliverables,
})
const price = await stripe.prices.create({
unit_amount: amount,
currency: 'aud',
product: product.id,
})
const invoiceItem = await stripe.invoiceItems.create({
customer,
price: price.id,
})
const stripeInvoice = await stripe.invoices.create(
{
customer,
collection_method: 'send_invoice',
days_until_due: 30,
invoiceItem,
},
{
stripeAccount: req.user.stripeAcct,
}
)
const invoice = await new Invoice({
customer,
deliverables,
amount,
paid: false,
issueDate: Date.now(),
payableBy,
_user: req.user.id,
}).save()
res.send(invoice.data)
console.log(invoiceItem, stripeInvoice)
} catch (err) {
console.log(err)
res.status(400)
res.send({ error: err })
return
}
})
From what I understand adding a second object to stripe.invoices.create with the connect account's id then it should look into their Stripe account for the customer?
Thanks in advance

When making a call on behalf of a connected account, you need to set the Stripe-Account header as their account id as documented here. This header has to be set on every API request you make on behalf of that connected account.
In your code, you are only setting the header on the Invoice Create API request but not the other one(s) such as the Invoice Item Create. Make sure to pass it everywhere and your code will start working.

Related

Stripe subscription always gives me "status: 'requires_confirmation'

I have a subscription route like this. My flow looks like this
User select a plan.
User enter card details through Stripe Card Element
User click Subscribe button.
As per docs,
I'm creating a customer.
Then creating a subscription for this customer.
But, my dashboard says payment incomplete and response object on creating subscriptions shows status: 'requires_confirmation'. What I am doing wrong?
router.post('/subscription', auth, async (req, res) => {
const { payment_method, price_id } = req.body;
const customer = await Stripe.customers.create({
email: 'test#gmail.com',
payment_method: payment_method,
description: 'New Customer',
invoice_settings: { default_payment_method: payment_method }
});
try {
const subscription = await Stripe.subscriptions.create({
customer: customer.id,
items: [
{
price: price_id
}
],
payment_behavior: 'default_incomplete',
expand: ['latest_invoice.payment_intent']
});
res.send({
status: subscription.latest_invoice.payment_intent.status,
subscriptionId: subscription.id,
});
} catch (error) {
return res.status(400).send({ error: { message: error.message } });
}
});
[![Stripe dashboard][1]][1]
[1]: https://i.stack.imgur.com/Sx0zN.png
It sounds like you’re doing things a bit out of order from the way the Stripe docs suggest. In this guide, the subscription object is created prior to collecting the payment method. The reason your invoice isn’t automatically paid is because you are explicitly passing in a payment_behavior of default_incomplete, which tells Stripe not to pay the invoice and allows you to collect payment details client-side and confirm the payment. Since you have already collected payment details, don’t pass in a payment_bevavior of default_incomplete.

Create Stripe Connect Customer with Payment Method on Platform Account

I am following the docs here about enabling other business to accept payments directly.
I have successfully created a connected account and accepted a payment from a customer on the connected account, but I have not yet been able to save that customers payment information for future payments.
All across the documentation, especially here it assumes you already created a customer on the platform account WITH a payment method, before you should try and clone the payment method to the connected accounts.
I cannot for the life of me figure out how to create a customer with payment information on the platform account before I clone them on the connected account.
As per the documentation, I started here on the client side where the accountID is the ID of the connected account:
const [stripePromise, setstripePromise] = useState(() =>
loadStripe(process.env.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY, {
stripeAccount: uid.accountID,
})
);
My Stripe Elements are created with the stripePromise.
When trying to save the card details I do this on the client side:
This is where I believe my mistake is I am using the connected accounts credentials while trying to create a platform payment method.
const handleRememberMe = async () => {
const { token } = await stripe.createToken(
elements.getElement(CardElement)
);
console.log(token);
const res = await fetchPostJSON("/api/pay_performer", {
accountID: accountID,
amount: value,
cardToken: token,
});
That API call goes to "/api/pay_performer":
//Handle onboarding a new connect user for x
require("dotenv").config();
import Stripe from "stripe";
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY, {
apiVersion: "2020-08-27",
});
import setCookie from "../../../utils/cookies";
export default async function createPayment(req, res) {
if (req.method === "POST") {
// Connected account ID and the token generated on the client to be saved.
const { accountID, amount, cardToken } = req.body;
console.log(`API side cardToken: ${cardToken.used}`);
try {
// Trying to create a customer with that token.
const customer = await stripe.customers.create({
email: "test2#example.com",
source: cardToken.card,
});
customer.sources = cardToken.card;
// Beginning the cloning process for the connected account.
const token = await stripe.tokens.create(
{
customer: customer.id,
},
{
stripeAccount: accountID,
}
);
const clonedCustomer = await stripe.customers.create(
{
source: token.id,
},
{
stripeAccount: accountID,
}
);
console.log(`Default Source: ${clonedCustomer.default_source}`);
console.log(`AccountID: ${accountID}, Amount: ${amount}`);
const paymentIntent = await stripe.paymentIntents.create(
{
payment_method_types: ["card"],
payment_method: clonedCustomer.default_source
? clonedCustomer.default_source
: null,
amount: amount * 100,
currency: "usd",
application_fee_amount: 1,
customer: clonedCustomer.id,
},
{
stripeAccount: accountID,
}
);
const secret = paymentIntent.client_secret;
console.log(secret);
const payment_method = paymentIntent.payment_method;
return res.status(200).send({ secret, payment_method });
} catch (e) {
console.log(e);
return res.status(500).send({ error: e.message });
}
}
}
But I get an error that the token provided is not a valid token. I am assuming this is because I created the token using the credentials for the connected account on the client and then tried to apply it to the platform account.
How do I have a separate UI to create platform customers FIRST, and then come back and clone them to the connected accounts upon purchase.
Should I not pass a token to the server and just pass the card information over HTTPS? Very lost and the documentation has not helped!
Any help is appreciated!
In order to create a Customer, collect card information and attach a PaymentMethod to them, you could for example use a SetupIntent and Elements [1] or create a PaymentMethod [2]. The core point being, if the system should initially store that information on the platform, the connected account isn't coming into play at all yet. Broadly speaking the steps are (not providing the account id of the connected account anywhere as this is only happening on the platform account), using the platform's secret key:
Create a customer
Collect card data using Stripe.js and Elements
Attach the pm_xxx to the customer in the backend
[1] https://stripe.com/docs/payments/save-and-reuse
[2] https://stripe.com/docs/js/payment_methods/create_payment_method

How to attach a payment method with Stripe?

I'm struggling to get Stripe to work on my server.
So, on the client side, I have this code (after much struggle to get element working) :
this.props.stripe.createPaymentMethod({ type: 'card', card: cardElement, billing_details: { name: name } }).then((paymentMethod) => {
// server request with customer_id and paymentMethod.id);
});
This works fine. Now, on the server (NodeJS), I want to add a new on-going subscription with a fixed fee for my customer.
Here's what I have :
const paymentIntent = await stripe.paymentIntents.create({
amount: 1000,
currency: 'usd',
payment_method_types: ['card'],
customer: req.body.customer_id,
metadata: { integration_check: 'accept_a_payment' },
});
const paymentIntentConfirmation = await stripe.paymentIntents.confirm(paymentIntent.id, { payment_method: req.body.paymentMethod_id });
const newSubscription = await stripe.subscriptions.create({
customer: req.body.customer_id,
items: [{ plan: premium_plan.id, quantity: 1 }],
default_payment_method: req.body.paymentMethod_id,
});
const attachPaymentToCustomer = await stripe.paymentMethods.attach(req.body.paymentMethod_id, { customer: req.body.customer_id });
const updateCustomerDefaultPaymentMethod = await stripe.customers.update(req.body.customer_id, {
invoice_settings: {
default_payment_method: req.body.paymentMethod_id,
},
});
So, if I don't attach the payment to customer, I get the following error message :
'The customer does not have a payment method with the ID pm_1Gx9m1HVGJbiGjghYhrkt6j. The payment method must be attached to the customer.'
If I do, I get the following error message :
'This PaymentMethod was previously used without being attached to a Customer or was detached from a Customer, and may not be used again.'
So, how do I add the damn payment method, so when I retrieve my customer, it shows this customer has been updated with a new subscription to the service he just subscribed to, together with his payment method (a CC in this case).
Any help here for a frustrated user is very appreciated !
On a more general note, implementing Stripe has been a very painful experience so far. Nothing seems to work. I use Typescript and there are so many bugs. The documentation is not very helpful and not well explained. "Create a source", "create a token", "create a payment intent", "create a setup intent", how am i supposed to understand the difference between all these things ? I want to add a god damn online subscription, which should be quite a standard procedure for an Internet service. Why are there so many different guidelines, with tokens, with sources, etc....
There's a few changes you can make here to get it working, in order to start a Subscription [1] you don't need to create and confirm a PaymentIntent. That is created automatically inside the Invoice(s) as they're created for payment. So the steps roughly are (you've done a lot of this already but just to have an end to end example):
Create a customer
Collect the payment information securely using Stripe.js
Attach the PaymentMethod to the Customer
(Optionally) save that as the invoice settings default payment method (because you can pass the PaymentMethod to the Subscription creation as a default payment method, but it's good practice so that you can start Subscriptions for that Customer with the same payment method)
Create a Subscription
Provision your service
Take into account SCA/3DS and handle authentication [2]
That's outlined in detail on [1]. Here's some sample code to get the Subscription started, you can replace the calls that create products and prices with your own IDs of course:
const customer = await stripe.customers.create({
name: "Foo Bartley"
});
const paymentMethod = await stripe.paymentMethods.create(
{
type: 'card',
card: {
number: '4242424242424242',
exp_month: 6,
exp_year: 2021,
cvc: '314',
},
}
);
const product = await stripe.products.create(
{name: 'Gold Special'}
);
const price = await stripe.prices.create(
{
unit_amount: 1111,
currency: 'eur',
recurring: {interval: 'month'},
product: product.id,
}
);
// Everything above here is just setting up this demo
const attachPaymentToCustomer = await stripe.paymentMethods.attach(
paymentMethod.id, // <-- your payment method ID collected via Stripe.js
{ customer: customer.id } // <-- your customer id from the request body
);
const updateCustomerDefaultPaymentMethod = await stripe.customers.update(
customer.id, { // <-- your customer id from the request body
invoice_settings: {
default_payment_method: paymentMethod.id, // <-- your payment method ID collected via Stripe.js
},
});
const newSubscription = await stripe.subscriptions.create({
customer: customer.id, // <-- your customer id from the request body
items: [{ plan: price.id, quantity: 1 }], // <-- plans and prices are compatible Prices is a newer API
default_payment_method: paymentMethod.id, // <-- your payment method ID collected via Stripe.js
});
Hope this helps!
[1] https://stripe.com/docs/billing/subscriptions/fixed-price#create-subscription
[2] https://stripe.com/docs/billing/subscriptions/fixed-price#manage-payment-authentication

Can't Transfer Amount to Connect Stripe Account

BackGround:
What i'm trying to do is set-up a marketplace where the customer can acquire services of a seller,The Project is a MERN Stack Travel Application to be exact. What i would like is for the customer to Pay the Platform(My Website connected with Stripe) when he wishes to acquire a service e.g a hotel Room. The Customer stays at the hotel for the allotted time and when he checksout the platform keeps some of the customers amount as application fee and transfers the rest to the service provider,in this case the hotel.
Current Effort:
I Used STRIPE CONNECT to acheive the required functionality.
(Note: you guys don't need to see all of the code below just the heading and description would give you an idea of what i have done and what i'm trying to ask,but please do read the issue section)
i create a Connect account for the seller when he signs up on my Website
Create Connect Account
const express = require("express");
const router = express.Router();
router.post("/createAccount", async (req, res) => {
const { name, email } = req.body; //Data Passed from the FrontEnd
stripe.accounts.create(
{
type: "custom",
country: "US",
email: email,
requested_capabilities: ["card_payments", "transfers"],
},
function (err, account) {
res.json({ account: account });
}
);
});
When the Seller Provides the rest of the required details(including bank Account) after logging-in to the Seller Portal i create a bank_account,update the already created Connect Account and link the bank_account with the Connect Account (Hopefully, that somehow makes sense)
Create Bank Account
router.post("/createBankAccount", async (req, res) => {
const { account_holder_name, routing_number, account_number } = req.body;
stripe.tokens.create(
{
bank_account: {
country: "US",
currency: "USD",
account_holder_name,
account_holder_type: "individual",
routing_number,
account_number,
},
},
function (err, token) {
res.send(token);
}
);
});
Update Account:
router.post("/updateAccount", async (req, res) => {
const {
AccountID,
Day,
Month,
Year,
first_name,
last_name,
email,
BankAccountID,
} = req.body;
const FrontFilePath = fs.readFileSync("PathToFileHere");
const FrontPhotoIDUpload = await stripe.files.create({
file: {
data: FrontFilePath,
name: "FrontPhotoID.jpg",
type: "application.octet-stream",
},
purpose: "identity_document",
});
const BackFilePath = fs.readFileSync("PathToFileHere");
const BackPhotoIDUpload = await stripe.files.create({
file: {
data: BackFilePath,
name: "BackPhotoID.jpg",
type: "application.octet-stream",
},
purpose: "identity_document",
});
stripe.accounts.update(
AccountID,
{
business_type: "individual",
individual: {
dob: { day: Day, month: Month, year: Year },
first_name: first_name,
last_name: last_name,
id_number: "006-20-8311",
phone: "605-628-6049",
address: {
city: "Half Way",
line1: "2467 Twin House Lane",
postal_code: "65663",
state: "MO",
},
email,
ssn_last_4: "8311",
verification: {
document: {
front: FrontPhotoIDUpload.id,
back: BackPhotoIDUpload.id,
},
},
},
business_profile: {
mcc: "4722",
url: "http://www.baoisne.com",
},
tos_acceptance: {
date: Math.floor(Date.now() / 1000),
ip: req.connection.remoteAddress,
},
},
function (err, account) {
console.log(err);
console.log(account);
}
);
//Connect External Account
stripe.accounts.createExternalAccount(
AccountID,
{
external_account: BankAccountID,
},
function (err, bankAccount) {
console.log(err);
res.send(bankAccount);
}
);
});
Then when the customers provides his account details i charge the customer,keep some money as application fee and move the rest to the Service Providers Connect account.
Charge Customer
router.post("/charge", async (req, res) => {
const { TokenID, CustomerID, Amount, AccountID } = req.body;
let PaymentAmount = Amount * 100;
let application_fee_amount = 400;
try {
const payment = await stripe.paymentIntents.create({
amount: PaymentAmount,
currency: "USD",
description: "We did it boss",
payment_method_data: {
type: "card",
card: {
token: TokenID,
},
},
receipt_email: "abdullahabid427#gmail.com",
customer: CustomerID,
application_fee_amount,
transfer_data: {
destination: AccountID,
},
confirm: true,
});
return res.status(200).json({
confirm: "Payment Succeeded",
});
} catch (error) {
console.log(error);
return res.status(400).json({
message: error.message,
});
}
});
By doing the above procedure a connect account is created and the amount is moved into the connected account.
Issue
The Above procedure although works correctly, it moves the amount into the Connected Service Provider Account directly after the customer is charged, what i would like is for the customer to pay the platform and after the Service Provider has provided his services , the Platform pays the Service Provider, i thought about removing
application_fee_amount,
transfer_data: {
destination: AccountID,
}
the above parameters in the Charge or Stripe.paymentIntents.create endpoint, and after Service Provider has completed his services i transfer the amount using the Stripe Transfer API
router.post("/transfer", async (req, res) => {
try {
console.log("TRANSFER=");
const { AccountID, amount } = req.body;
const transfer = await stripe.transfers.create({
amount,
currency: "USD",
destination: AccountID,
});
res.send(transfer);
} catch (error) {
res.send(error);
}
});
the issue here is that transfer endpoint returns "Your destination account needs to have at least one of the following capabilities enabled: transfers, legacy_payments" , i have checked the Connected Account in Stripe Dashboard and in the Capabilities section Card_Payment and Transfers are both set to Active, plus Payments and Payouts are both Enabled and the status of the connect account is "Complete"
So if anyone could point in the right direction i would really Appreciate it,Cheers :)
Ok - we'll agree that Stripe works as intended. You get the error message that you get because you remove the destination account ID from the payment intent creating function. That's where the problem lies, under your heading Charge Customer.
Let's look at it: (a shortened version)
const payment = await stripe.paymentIntents.create({
amount: PaymentAmount,
currency: "USD",
...
customer: CustomerID,
application_fee_amount,
transfer_data: {
destination: AccountID,
},
confirm: true,
});
The last property confirm: true is equivalent to creating and confirming the payment intent in the same call. The default value is false -- using that the status of the newly created payment intent will be requires_confirmation. And when you're ready, you confirm the payment intent along these lines:
const confirmedPayment = await stripe.paymentIntents.confirm(
'payment_intent_id',
{payment_method: 'card'},
function(err, paymentIntent) {
}
});
A few general comments on things going wrong
When a payer pays money for some goods online, it is the responsibility of the app developer to implement the logic, according to which the money and goods are sent and received: it can be prepaid, postpaid, or partially both. No logic is foolproof. In general, if we worry about customers taking advantage of our payment policy, we can require everything to be prepaid by all paying parties and include a fair refund policy. In this case, Stripe supports refunds of payment intents but what's more important: it keeps track of the status of the payment.
When the payment intent is created but not confirmed, the status is requires_confirmation. Not much can go wrong there. But after the payment intent has been confirmed, the status will be processing - this may take days. You may decide to cancel the payment at any time. But if things go fine, the status will change to succeeded which means that the funds are in the destination account. But if the payment fails for whatever reason, the status will return to requires_payment_method. Even in this case, there's no need to create a new payment or transfer object. You can retrieve the payment intent any time by calling stripe.retrievePaymentIntent(clientSecret) and check the status. But in my opinion, it's much easier to monitor the status changes with a webhook that is configured to receive the status changing events. Even if no action takes place immediately when the status changes, we can store the status in the DB where it's available.
From experience, I've seen how common it is for payments to fail. It doesn't mean that there's any fraud going on on either side but it does mean that the app should be prepared to handle both cases. The events to add to the webhook config are payment_intent.succeeded and payment_intent.payment_failed. How these events are handled is specific to each and every application.
Create a webhook (Stripe config) which includes:
Events sent to the webhook: in this case customer.created, customer.source.created, customer.source.updated
URL = the route that handles the events when they arrive
So you need to store the pending payment in your DB first. Then in the webhook, find it in the DB and complete the transfer.

Best practice for storing Stripe payments in database?

I was wondering if there was some kind of "convention" or otherwise a best practice for storing Stripe payment data in the database. There is a real lack of information online and since I am doing it on my own I wanted to get some feedback from others.
The basic setup of my site is that there is a store with several products. There is also an option to subscribe, to receive these products monthly.
So I set up two post routes. One for buying products, and one for subscribing. These use the Stripe API. For orders, I use stripe.charge, and for subscriptions, I create a customer from stripe.customer and subscribe them to a plan.
For stripe.charges, I save the object returned into the database. This contains all of the charge data. There is a webhook sent as charge.succeeded, if the charge succeeded. I do not store this data. Maybe I should just store the charge id here, instead of the entire charge object. I store it as below:
ORDER ROUTE
module.exports = async (req, res) => {
try {
const charge = await stripe.charges.create({
amount: req.session.cart.totalPrice,
currency: 'usd',
source: req.body.id
});
const order = await new Order({
user: req.user,
cart: req.session.cart,
stripeCharge: charge
}).save();
req.session.cart = new Cart({});
res.sendStatus(200);
} catch (e) {
console.log(e);
}
};
With subscriptions, it’s a little more complex, because the created customer object does not contain any charge id. So I save the customer id to that user model. Stripe fires 6 webhooks if the subscription is processed fine. I store customer.subscription.created, customer.created, charge.succeeded, and invoice.created. I store the customer object like this:
SUBSCRIPTION ROUTE
module.exports = async (req, res) => {
try {
if(!req.user.hasSubscription) {
const customer = await stripe.customers.create({
email: req.body.email,
source: req.body.id,
plan: 'pro'
});
await new Subscription({
user: req.user,
customerId: customer.id
}).save();
req.user.hasSubscription = true;
await req.user.save();
res.send(req.user);
}
} catch (e) {
console.log(e);
}
};
As you can see, I have a boolean set up on my Mongoose User model, hasSubscription. If this is true, no customer is created, and so no subscription is set up. If it is false, I save the customer id from the customer object created. Then in the webhook route, I save the 4 events above to the correct user, matching by customer id. I could get away with saving less data here I think, possibly making a record of any subscriptions, and any cancellations. I save the webhook events as below:
WEBHOOKS ROUTE
module.exports = async (req, res) => {
try {
const data = {};
if (req.body.type === 'customer.subscription.created') {
await Subscription.findOneAndUpdate({ customerId:
req.body.data.object.customer }, {
$set: {
'stripe_data.customer_subscription_created':
req.body.data.object
}
}, {
new: true
});
res.sendStatus(200);
};
…//OTHER STRIPE EVENTS SIMILAR TO ABOVE…
}
I am storing more data than I likely need just to be on the safe side, and I read somewhere that suggested storing adequate data was good for legal compliance. But since Stripe stores everything in the dashboard, I can see your point that a simple piece of identifying information like the charge id would be enough.
I am still in test mode, but I think Stripe only sends back the last 4 digits of the card, and the expiry year like so:
exp_year: 2042
last4: '4242'
With regards to saving confidential information to the database: I do not see any more sensitive information being exposed. The card itself is referenced by an id that Stripe creates.
In Stripes security docs, it mentions Out-of-scope card data that can be safely stored. Jake T.'s comment is really the answer -- everything returned from the API is okay for you to store.
Card type, expiration date, and last four digits are not subject to PCI compliance.

Resources