I've a project which connects different businesses who can sell their own products on my app and the payment gateway I used is Stripe. They connect their stripe account to my app through Stripe Connect and I charge on their behalf.
Now I would love to let the users to embed the paying form into their website as well through an iframe.
Are there any security issues that I should be aware of?
Note: I'm using the Stripe.js to process the payments so I don't need to worry about PCI Compliance
Thank you
Related
I'm working on a POS app where users can buy things from owners. How can I send the money directly from the user to the owner in nodejs?
Thanks
You need to use Stripe Connect in order to send funds to another account with Stripe.
Stripe Connect is a huge topic and needs lots of research into account types and fund flows: https://stripe.com/docs/connect.
I am building an ecommerce store like amazon where sellers can sell and they receive money when a product is bought.
I am using stripe api with nodeJS for handeling payments. What is exactly the process of paying a user with stripe?
On their documentation they said of creating an account then transferring fund but in the process what about taking user's payment details like their bank account.
What are the steps which I need to follow for a paying a user out?
You'd need to use Stripe Connect. Each merchant you pay will need to be a connected account to your platform.
We are developing an application for restaurant usage, in that we have integrated Stripe Payment Gateway. Our application is having 3 types of users, Admin, Restaurant and Customer. Admin will take a charge from Merchant for using the application in each order they place through the application.
To manage this Payment Transaction we have used Stripe Connect, for example, if Customer is paying $2 then admin will take $0.5 as an application fee, and the merchant will receive the $1.5, but here the question is who will pay the Stripe Charge. We need that, Merchant will bear the Stripe Charge.
Here is the screenshot of a successful transaction. Can anyone guide me about this make sure?
You should review the different types of charge flows available when using Connect. Based on what you've described, it sounds like you want Direct charges, with the fees paid by the connected account, but it really depends on the details of your business. You can review the fund flow diagram to see if it matches what you need.
Can I get users to enter credit card details on the PayPal site, rather than my own when setting up a recurring payments profile for direct credit card payments?
When setting up a recurring payments profile for a user who wishes to subscribe to my service, I currently follow the standard recurring payment flow (as shown in the PayPal API examples):
Use the REST API to create a billing plan and agreement.
Redirect the user to the PayPal site.
User logs in/registers on PayPal site and confirms their acceptance there.
PayPal redirects them back to my site for final confirmation of the billing agreement.
Once they have confirmed on my site, billing commences and we start listening for IPN's.
However, it seems that if you want to use direct credit card payments (i.e. the customer does not have/want a PayPal profile), you have to capture the credit card details on your own site and pass them through to PayPal on the API call. Is there a way to move the credit card detail capturing to the PayPal site itself?
Yes, PayPal supports this arrangement; they call it hosted pro or hosted sole solution. However, it's classic, not the new REST.
PayPal's newer direct credit card APIs use vaulting, but I don't believe they come with a fully PayPal-hosted page that would avoid all PCI complications for you.
You might also want to look at Braintree's solution, which integrates into your page but handles encrypting & tokenizing the card details so you don't have to worry about PCI.
I have a client who has content that he wants to publish on the web (and potentially for iPad). He wants the viewer to pay to subscribe for the content.
Is there a service out there I can integrate with to for handling the accounts and collecting the monthly subscription fee (using credit cards or something else)?
There are several services out there that can help you with this - Recurly (where I work), Chargify, CheddarGetter, Spreedly, etc. These services handle the recurring billing aspect, customer management, email communication, following up with failed payments, etc. You'll also need a payment gateway (to process the cards) and a merchant account (for the payment gateway to deposit the funds into).
Authorize.net and PayPal both have recurring billing features, but the logic for upgrading/downgrading accounts is not there or difficult to use, and you'll still need to handle customer communication for failed payments and other actions.
You need to use a payment gateway here, which will be responsible for handling the transaction between your site and the many different payment networks. There are a lot of operations happening in between, so you might want to check out the wikipedia article for a step by step information on that.
We personally use authorize.net in our company for many of its advantages, some of which are:
It has an API that makes it easy to integrate with any language.
It is a trusted brand already, proven by the number of merchants that use them.
It is secure.
It provides the service with a reasonable price.
Most of major payment gateway providers do support recurring billing or subscription plans, paypal,authorize.net etc, most of the time you have to log in to your account admin console and configure a plan, and send the payment plan id with the payment request to the payment gateway. some payment gateway providers, like Braintree supports to create recurring billing plans dynamically and assign users to that plan at the run time it self, how ever it's always better to go for a local payment gateway provider or a payment gateway which provides low fees, if your preferred payment gateway provider is not supporting recurring billing anther options is to store cc details on the server and and handle it your self but it's a great risk to store cc details on the server, and you will have to follow PCI standards and it's hard.