I'm developing an application using react native and Stripe api in order to handle all the sensitive information about the users and their credit cards.
I'm trying to manage a digital wallet inside the application: one user can add/delete or see a list of their own cards (directly inside the mobile app). I am very confused about this point. For now I'm using my server side as an intermediate between my application and Stripe.
For example to add a credit card I give the possibility to insert card information using a form, then i create the token, and finally I send that token to my server-side (POST /users/cards body:{tokenId}) endpoint which, using stripe.createSource({ customerId, tokenId }), I can save a card into a customer object (In my DB I store only the customer ID).
For delete a card I use this endpoint of my server: DELETE users/user_id/cards/card_id and this endpoint use stripe.deleteCard({ customerId, cardId }) to delete the specified card from customer.
For get the list of cards: GET users/cards/ and the endpoint use stripe.listCards(customerId). My questions are: Can I do this? Is there a better solution? Is this PCI compliance? Can i use my server as an intermediate between my clients and Stripe?
The second point is simple: in a checkout phase (in the client side) how can I let the user to choose which credit cards use for the payment and create a token with that? Can I send the cardId to my server in a POST request? Is it secure?
Related
I am currently using paypal-rest-sdk and want to accept payment using the cards.
In both sdk's (paypal rest and paypal checkout), when I create an order, in response there is an approve URL:
{
"href":"https://www.sandbox.paypal.com/checkoutnowtoken=token",
"rel":"approve",
"method":"GET"
}
Which will take you to this page:
The payment with PayPal account (logging in) is working, it correctly redirects to the return URL.
However, the "Pay with Credit or Debit card" option is not working.
After filling the card information when I click on continue button a loading screen appears and nothing happens after that.
I have seen solutions using PayPal smart-buttons, but can it work using "Pay with Credit or Debit card" option?
What do you mean by "paypal-rest-sdk" ? The PayPal-Node-SDK is deprecated, do not use it for anything. Use the current Checkout-NodeJS-SDK.
Follow the Set up standard payments guide and make 2 routes on your server, one for 'Create Order' and one for 'Capture Order', documented here. Both routes should return only JSON data (no HTML or text). Inside the 2nd route, when the capture API is successful you should store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, which is the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) immediately before forwarding your return JSON to the frontend caller.
Pair those 2 routes with the frontend approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
I'm receiving a confirmation token after successfully paying through the Stripe API.
I'd then like to give paying customers access to an API endpoint, which they'll query to receive data. But only paying customers should be successful in querying the API. So how should I think about doing this? I'm entirely new to online payment systems.
I was thinking like this:
User -> Stripe -> Payment confirm -> Payment token
User -> Send token to endpoint -> Check token is valid? -> Return data if so
Is that right? If so, how would I check the token? I thought Stripe might have a way to verify a token. Or should I build my own db for this purpose?
My app is running in Node and Express.
Access to the service should be handled wholly in your own system, you could do this by associating a particular payment with a customer in your own database. If the customer pays at Stripe, then you could be notified about that via a webhook [1], and then you could "turn on" access for the authenticated user for example.
How you associate a particular payment with customer can also be handled in your system, for example, creating PaymentIntents and then saving them mapped against your customer in your own DB.
[1] https://stripe.com/docs/webhooks
I'm new to Square and want to implement it in a React Native app with a Node backend.
I see that there is a method to save the customer's card details.
https://github.com/square/square-nodejs-sdk/blob/master/src/api/customersApi.ts#L230
But there is also the payment form?
https://developer.squareup.com/docs/payment-form/how-it-works
Firstly, I cannot see if the payment form is even available in React Native - information seems very scarce.
Secondly, even if I do implement that form, I can't see a way to connect it to the customers API endpoint.
I don't want to use in-app payments (i.e. google or apple pay). I want to be able to save card details like Amazon does, and use them whenever a user places an order in app (probably triggered by a node process). I'm not sure if I'm going about this the correct way, guidance would be appreciated.
In-App Payments SDK will be the way to go (and there is a React Native plugin already). The In-App Payments SDK is basically a mobile Square Payment Form, that you linked to. It will generate a secure nonce, and you can use the nonce to save the card on file. The next time the customer comes, instead of bringing up In-App Payments, you can simply call CreatePayment in your backend, with the customer_id and the customer_card_id as the source.
As for "connecting it to the Customers API" - you don't connect it directly per se. You would collect information from the customer, on your own, and pass it directly to the Customers API to create a customer. You can then call CreateCustomerCard using the nonce (generated by In-App Payments), and the customer_id that you just created, to save the card to this customer profile.
I want to make sure the card the customer has entered is actually a valid card. Stripe.js only validates its format, it doesn't ask for an authorization from the card issuer. But it seems Stripe requires you to create the customer to authorize the card, but this is a bit silly since the logical flow should be this:
Validate form input via stripe.js, and obtain token if format is valid
Authorize token via backend API (PHP/Ruby etc)
If authorized, create card + customer using token, add subscription/charge customer
If NOT authorized, return to form with appropriate error, and do not create the customer/charge.
How do you actually achieve this in Stripe? Is there a dedicated Stripe\Card::authorize($token) method or something similar that can be used?
When you save a card to a customer Stripe does a $0/$1 authorization on the card. You can pass the card when you create the customer, and the customer would only get created if the authorization succeeds. In addition, you can specify the plan and card when creating the customer, the customer and subscription would only get created if the card is valid AND the charge for the first period of the subscription goes through.
the scenario you describe is covered here:
https://stripe.com/docs/charges#auth-and-capture
api is here (also available in php/java/go/node/curl)
https://stripe.com/docs/api/ruby#create_charge
During Stripe OAuth, I'm trying to create myself as a customer for my users such that I can pay them with my own credit card.
I've gotten 2 error messages when using Stripe's CreateCustomer API call:
When manually entering my card info as a "dictionary" (in PHP, i.e., array).
OAuth based requests must use card tokens from Stripe.js, but card details were directly provided.
When generating a card token first and feeding that instead into CreateCustomer()
Your card was declined.
Is creating myself as a customer for other Stripe users not possible?