How to write an integration spec for Stripe Strong Customer Authentication - stripe-payments

We're updating our applications integration of Stripe to use strong customer authentication. I want to test that our integration triggers the appropriate Javascript when the customer confirms using 3d secure.
The problem that I'm running into is that I'm using the same client secret in multiple tests and the modal will only appear the first time the client secret is used. This is an issue because I don't want to have to complete a full transaction by interacting with the frontend for every test just to test the SCA portion of the integration.
Does anyone know of a workaround for this?

#keoghpe, the successfully completed payment_intent client secret could not be reused. However, if you are using testing card such as (4000008260003178) https://stripe.com/docs/payments/cards/testing#regulatory-cards
This card number is Stripe testing card which simulates a payment failure. In this case, payment_intent's state machine will be kicked back to be requires_payment_method state which you could reuse the client secret again.

Related

Saving User's card in Square Payments

I'm new to Square and want to implement it in a React Native app with a Node backend.
I see that there is a method to save the customer's card details.
https://github.com/square/square-nodejs-sdk/blob/master/src/api/customersApi.ts#L230
But there is also the payment form?
https://developer.squareup.com/docs/payment-form/how-it-works
Firstly, I cannot see if the payment form is even available in React Native - information seems very scarce.
Secondly, even if I do implement that form, I can't see a way to connect it to the customers API endpoint.
I don't want to use in-app payments (i.e. google or apple pay). I want to be able to save card details like Amazon does, and use them whenever a user places an order in app (probably triggered by a node process). I'm not sure if I'm going about this the correct way, guidance would be appreciated.
In-App Payments SDK will be the way to go (and there is a React Native plugin already). The In-App Payments SDK is basically a mobile Square Payment Form, that you linked to. It will generate a secure nonce, and you can use the nonce to save the card on file. The next time the customer comes, instead of bringing up In-App Payments, you can simply call CreatePayment in your backend, with the customer_id and the customer_card_id as the source.
As for "connecting it to the Customers API" - you don't connect it directly per se. You would collect information from the customer, on your own, and pass it directly to the Customers API to create a customer. You can then call CreateCustomerCard using the nonce (generated by In-App Payments), and the customer_id that you just created, to save the card to this customer profile.

SaaS application using stripe - charge customers card before completing signup?

We are using Stripe subscriptions to handle payment for a SaaS application we are building
Currently, our development team has implemented the following logic:
User enters card details into Stripe elements UI as the final step of signup to our app.
If the credit card is deemed valid by Stripe Elements, the signup process to our app completes successfully.
A stripe customer & subscription is created.
Our server processes the webhook from stripe to confirm if the initial payment succeeds/fails
The problem we have is that the customers card isn't being charged until after the signup process to our app is complete. In some cases this results in a poor user experience, where the user is told by our signup process that they have signed up successfully, then they receive a 'payment failed' email from our software if the stripe charge doesn't succeed.
What is the best way to handle this signup flow? Since we are relying on the stripe webhook to tell us if the charge has succeeded - a suggestion has been made that we could monitor for the webhook response (eg. every 1 second, in a loop) and confirm payment has succeeded before completing the user signup for our app. The flow would then become:
User enters card details into Stripe elements UI as the final step of signup to our app.
If the credit card is deemed valid by Stripe Elements, we create the stripe customer / subscription
Monitor (in a loop) for a response from the Stripe webhook to confirm if payment was successful
The signup process to our app completes successfully (if charge is successful), or fails if the charge is unsuccessful.
This also seems like a bandaid solution - what is the best way to handle our issue?
I have noticed there is an option to use 'pre-authorisation' of a card, but I'd prefer not to go down this road if it leads to extra items on a customers bank statement.
This seems like something that would be very common - we would greatly appreciate any advice
Thanks
The most straightforward solution seems to be that your integration isn't waiting for the payment to complete.
With Subscription, you can wait synchronously on your backend for a status: active on your backend, before returning a response to your frontend. You don't even need to poll for the webhook response, cause your backend creates a Customer, creates a Subscription, and returns that response to your frontend, to show an error or success.
(waiting for webhooks is good but when your integration is manually starting the Subscription, you don't necessarily need webhooks)
From the frontend perspective, your user sees a loading spinner, until your backend is able to say "payment successful, you are signed up!"

Unable to complete Go Live process

I'm attempting to promote my development environment to live but the API transaction results keep failing at the 1st hurdle of '20 or more API transactions'.
I've pushed through about 40 envelopes (and signed them) from my development site so I presume that I've fulfilled this criteria.
The Docusign support team advised me to post the question here (!), so does anyone have any ideas?
Thanks,
C
The 40 envelopes must be done via your app, not via UI.
You cannot use a token from the token generator. Must use auth via your app (JWT, Auth Code Grant etc.)

Transaction done in Sandbox mode Authorize.Net

We are using Authorize.net payment gateway. It is working in Production mode perfectly, recently by mistake we have changed the production mode to testing.
"PrimeAuthnetDeploymentMode.Testing"
Hence more customers done the payment in testing mode. I'm not sure about that, is the amount actually created from the customer account? How not sure what i have to do now? How can i get if the amount is amount is created from customer card?
Regards,
Karthik.
Transactions submitting using test mode only confirms you are able to connect to the payment gateway. It does not attempt a transaction and no record is kept of the request.

How does actual "signing" happen "offline" via API?

We currently use the API for embedded signing in our web application. When reviewing doc reference guide for offline signing, I'd say it's less than crystal clear how that really works. If I'm offline when I obviously can't call the API, so how does one in fact "sign" with DS?
I can appreciate how our client app (again, which currently does embedded signing) can prepare an envelope 'request' offline, and then send that request once we have connectivity. However the REST API guide says the user in fact "signs" the doc while offline -- how does the user ever get to the Docusign interface to do signing?
from the docs
To use Offline Signing, the customer using a client application to
create an envelope on an Internet-capable device, such as a smart
phone or tablet, that is not connected to the Internet and has a
recipient fill out and sign (or initial) the envelope documents. When
the device later connects to the Internet, the client application
uploads the envelope information to DocuSign where it is processed.
Does our offline app (running, say, in/as a Chrome app) somehow connect to local client Docusign software onboard the laptop or mobile device while offline? Any pointers to more complete documentation?
From the docs:
"IMPORTANT: Access to the offline signing capability is limited by
integrator key information. If your integrator key does not have the
correct authorization, you cannot use offline signing. Access to the
offline signing capability will be evaluated on a case-by-case basis."
The reason is because your software would be responsible for providing the legal evidence that the transaction actually happened with the proper security checks. This requires a tighter business arrangement and agreement between your company and DocuSign.
Please get in touch with your business development manager and they can set up a time to talk.
-mb

Resources