A client has asked me to set-up card payments through authorize.net. However, I've noticed the node SDK hasn't been updated in a year and their Node SDK is only mentioned on some of their doc pages (so I get the impression it's not a primary focus for them).
I have many years of experience using Braintree Payments and Stripe. They both have great support for Node, plus drop-in/hosted fields for React (frontend). This approach removed much of the PCI compliance requirements from my server.
However, my client cannot use Braintree or Stripe because they are selling restricted items which are not allowed by Braintree's and Stripe's ToS. They currently use Authorize.net and would like me to continue to support that on their new website.
It seems my only option is to directly send card details from my React frontend to my Node API server. Which makes me uncomfortable. As Stripe's PCI guide says there are 300+ security controls in PCI DSS which need to be met if send PCI data on servers.
Here is an example of their creditCard inputs on Node, taken from their examples GitHub repo.
var creditCard = new ApiContracts.CreditCardType();
creditCard.setCardNumber('4242424242424242');
creditCard.setExpirationDate('0822');
creditCard.setCardCode('999');
var paymentType = new ApiContracts.PaymentType();
paymentType.setCreditCard(creditCard);
My question is:
It doesn't seem the best practice in 2020 to send card details through my server anymore with so many providers out there offering hosted fields. Is this a valid concern?
Would I need to get my Node.js code and PCI compliance validated by QSA?
more link:
Node.js SDK: https://github.com/AuthorizeNet/sdk-node
Their PCI compliance list (last updated three years ago?):
Hey I believe that the accept.js suite would be what you need. https://developer.authorize.net/api/reference/features/acceptjs.html Basically it takes a payment nonce after receiving your post request from the client side and sends it to your server instead of sensitive credit card in formation. I am trying to work with it myself. Maybe we could collaborate. I'm a node payment novice. I posted a question about it here.
I would like to automatically hit an api with dynamic values from my client side via a post request using javascript files. How can I achieve this?
let me know if this helps
While writing this question I found out that someone had the same concern as me in PHP/Magento in another Stack Overflow post.
Using Authorize.net's Accept.js you can send payment details directly to their servers and use a payment nonce (like Braintree/Stripe) in place of the card details.
Accept.js is a JavaScript library for sending secure payment data
directly to Authorize.Net. Accept.js captures the payment data and
submits it directly to us, in exchange for a one-time-use token, or
payment nonce. You can use this payment nonce in the place of payment
data in a follow-on createTransactionRequest API call.
Our JavaScript library offers developers two workflow options for
accepting payment:
Option 1: Host your own payment form for a PCI-DSS SAQ A-EP solution that gives you complete control of the customer payment experience.
Option 2: Embed our hosted, mobile-optimized payment information form in your page to collect the card information in a PCI-DSS SAQ A
compliant way. For a fully hosted payment solution that you can
redirect your customers to or embed as an iFrame within your page, see
our documentation for Accept Hosted.
Related
I'm new to both Payhip & Stripe. I'm testing out both products by setting up a test product in Payhip & making a purchase using a dummy visa card number (4242424242424242) from here
Payhip is connected to Stripe.
I keep getting the message - Your card was declined. Your request was in live mode, but used a known test card.
I've searched on google & read thorugh stripe documentation. I'm not able to find anything useful to solve this problem.
To use a test card in your integration, you need to use the test mode secret key instead. You can get it from the Stripe Dashboard -> Developer -> API Keys page.
The problem is not linked to Stripe i any form. There no way out to use a test card with Payhip. I contacted Payhip support & was advised as follows
One can either use a 100% off coupon (see here: Testing Checkout Flow) or put through a live transaction and refund yourself afterwards (How Do I Refund a Transaction?)
Background
I am integrating stripe API into my site to take one off payments. My site will be API first on server side with a separate web and mobile front end. I am working on the API server side code. I will eventually use stripe payment pages to take credit card payments. I am trying to automate the testing of my APIs and am bamboozled by the documentation (which are thorough) as I just can't see what steps to take next.
My server side initiates a call with stripe using stripe sdk to create a stripe Session object - this contains a URL to redirect to checkout.stripe.com/pay/..., a success URL when payment is successful and a cancel URL (these I set to handle the callback).
Problem
I can automate in Postman all my API calls from Browse Products, Select Product, Place Order but the next step I am stuck. After Placing Order I get back the stripe session but how can I mimick making the payment with stripe for the session and then call my Success URL ?
When the site is complete I will redirect the UI to stripe to take payments but I am testing and completing the back end flow first.
I have copied and pasted the session URL which is returned by the stripe Session object to bring up the page in a browser and used Dev tools on Chrome to inspect Network to see which APIs are being called by stripe in an attempt to reproduce and I can see a POST to stripe.com/api/payment_methods and I can see the posted values but I can't reproduce this in Postman. Also, the documentation (https://stripe.com/docs/api/payment_methods/create) says
"Instead of creating a PaymentMethod directly, we recommend using the
PaymentsIntents API to accept a payment immediately"
Question
Which stripe APIs do I need to call to automate the flow from a stripe Session object to make a payment and then check that it was successful? Payment Methods? Make a Charge? Payments Intents? ...and how. Happy to be pointed to the documentation if you can help me understand the flow.
TIA
Checkout is a Stripe product that looks like a "box" and you can't know (and shouldn't need to know) what happens inside. It is created for the purpose that merchants won't have to think about what's being done under the hood.
Speaking from an automation perspective, you can try to reproduce the whole process but there's no guarantee it won't change in the future, and it could leave you with more problems later.
For options to reproduce:
The closest way is simulating browser filling and submission, using automated browser tools (ie Selenium). But it's not as straightforward as PostMan. Generally you would want to simulate every browser action that a human could do.
Or you can try to accomplish the same with the logs and events you receive on Stripe's Dashboard, when you test a Checkout Session by yourself. From now there are 3 requests.
And your goal is to receive the same 5 events in Webhook:
TBH I recommend to reconsider the need of this test, to see if it worth your efforts.
So far, I'm striking out with google. Trying to toy around with Stripe. Now, cybersource, payflo, authorize.net all talk direct to the backend when it comes to entering credit card data. I've been trying to figure out how do the same with Stripe. I can't find out how to do it without stripe.js.
ie: Enter credit card through generic form, once posted to server, the server calls stripe (using new paymentintent because of SCA). In short, I need to know how to create the credit card object on the backend so I can send it to the payment intent without stripe.js.
I do NOT have code snippets of my own since I'm just now learning the API. Don't know if this is even possible/allowed/etc.
Edit: Everything follows this general premise: https://careydevelopment.us/blog/how-to-implement-a-credit-card-payment-solution-with-spring-boot-and-the-stripe-api
In the past, Instagram autoliker, autofollower, like exchanger bots worked with the Instagram API. Thankfully, to keep Instagram - bot safe, they deprecated their API functionallity, so developers can no longer use Commenting, Liking endpoints.
But nowdays, I'm again meet new and new spam comments under a picture in the feed.
I did some research about the new autolikers.
How did the developers, like SocialCaptain bypass the API deprecation?
Are they simulating the user browsing instagram.com?
Actually you can just monitor the requests being sent from instagram.com. Open the developer tools and navigate to the Network tab.
Now you can reverse engineer their API by looking the requests they send on particular actions. The only thing left is to supply the proper body, headers, cookies, etc and perform the requests on your own outside of instagram.com.
Hope it helps !
I would like to know if this is possible to add new payment method for Bigcommerce. I tried to contact their support without any luck. If anyone is familiar with bigcommerce and know if this is possible, i would appreciate any advice.
I already read their API docs and didn't found anything useful - only method to obtain list of available payment methods.
I already tried to signup for their partner. Without any luck.
We've done this before for a couple stores to allow clients to process payments through their own processor. The way we achieved this, is essentially through the following high-level steps:
Allow payments by Check (or similar offline method). We are going to replace this with the custom processor.
You'll notice that if you attempt to checkout via Check, that BigCommerce automatically creates the order for you, but sets the order status to Awaiting Payment. Upon submission the user is automatically sent to a 'Thank You' Order Confirmation page that contains both the Order ID and some payment instructions (such as where to send the check to).
Here's the trick -- Modify this 'Order Thank You' page to prompt the user for her or his credit card information. A simple HTML form will suffice here, performing the actual request via JavaScript.
Once you have the user's credit card data, you can then POST it to your own external server, where you would connect to and send data to whichever processor you are using. Additionally, you should make sure to send the Order ID to this program, so that you can connect to the BigCommerce API to load billing information, and then subsequently adjust the order status to either approved or declined depending on the response from your processor. Finally, you should send back some sort of response to the client to inform of the result of the charge attempt.
That's pretty much it in a nutshell. The way you integrate with the payment processor (step 4) is unique to whichever processor you are using. I hope this makes sense.
Although opinion based, I'm a huge fan of serverless technologies, and would suggest looking into AWS Lambda + AWS API Gateway. The benefit here is that you don't need to worry about creating an infrastructure or the associated concerns of security and scale. Rather, AWS Lambda allows you to simply upload your software, and allows it to be executed via an HTTP request to some defined endpoint set through the API Gateway. Lambda will scale automatically for you, and you don't need to worry about system level security concerns - only security at the application level. It's truly a set and forget setup, and a bleeding edge technology. Not to mention dirt cheap!
Implementing a new payment method is unsupported and requires hacky workarounds since we implement payment gateways via the core app. You can do this on blueprint by using an offline payment method and then using the API to update payment statuses, etc. I'd recommend using ActiveMerchant if you do wish to go down this path.