Suppose the event/use-case "Buy Online", in the event table, the entry may look like
Event: Customer buys products online
Trigger: Same as Event?
Source: Customer
Use Case: Buy Online
Response: Confirmation Code, Validate Credit Card
Destination: Customer, Payment Verification System
If a Payment Verification System is called in the process to Validate Credit Card, do I include it? It isit the final response?
No, it is not the final response, but only a part of this use case.
The Validate Credit Card is an extension (not an include) of the main use case, as it is optional (there are other way to pay online).
Related
In my mobile app when the user has selected some items, I would like them to be able to review their order and see a preview of their bill (the price of each item, subtotal, taxes and total). However I would not want them to pay immediately. Once they place the order, they will not be charged until the order is accepted.
Do I calculate the user's subtotal, tax and total on my server or does stripe provide an api to handle these?
I've read the docs on invoicing and checkout, and checkout seems to be the api for my situation but I'm not 100% sure.
It depends on how you define "place the order" and "order is accepted". Normally when the Stripe's Checkout Session page is displayed to your customer and they push the "Pay" button, the transaction will be executed immediately (they paid), then the customer can be redirected back to your page or app.
If you want to somehow delay the payment until a specific timing (that you want to review or execute some logic, before eventually "accept" the order), you can consider using Checkout with Setup Intent.
We are using Stripe.js + Elements + Webhooks, our payment methods are Cards, Sofort and SEPA.
Our question is on the usage of webhooks: Is it normal to always wait for the payment_intent.succeeded event before sending out a booking confirmation to the buyer? With some payment methods (SEPA, banking) this takes hours/days/too long.
What are best practices here? Only wait for payment_intent.processing?
We are selling courses, some of which may be booked shortly before the course starts, so we cannot wait a long time for the payment_intent.succeeded event. But then how do you deal with fake bookings?
Lets say we offer a course:
Somebody buys it using e.g. SEPA payment method.
He clicks "Order now!" on our page -> We get event payment_intent.processing
We send out confirmation -> He can access the course
He never pays, there is never a payment_intent.succeeded event, but he was still able to access it.
Alternatively, we wait until payment_intent.succeeded event -> But in this case participants cannot book a course on the same day using SEPA.
How is this case handled usually? Do I need to pay for Stripe Radar to identify fraud/fake transactions before I get the payment_intent.succeeded/payment_intent.failed event?
Any help is much appreciated!
Stripe Radar only works for card payments - https://stripe.com/docs/radar/risk-evaluation#not-evaluated.
Yes, you should only send out booking confirmation to the buyer only upon receipt of payment_intent.succeeded webhook. Otherwise, like what you mentioned, if the payment fails, you would have provided access to the course for free.
If you want to receive payments immediately, then you should limit the available payment methods to card payments only.
As the Stripe documentation mentions - SEPA and SOFORT are both delayed notification payment method, which means that funds are not immediately available after payment.
Maybe you can consider offering SEPA / SOFORT as an option only if the customer is making payment X days before the course starts. You would want to check what is the maximum time for the payment to arrive in your Stripe account for either of these payment methods :
https://stripe.com/docs/payments/sepa-debit/accept-a-payment
https://stripe.com/docs/payments/sofort/accept-a-payment
I'm trying to use Stripe checkout in a first-come, first-served buying process. Multiple buyers may be trying to buy the same item at the same time, and only the one who completes the stripe checkout process first should get it. At the moment, the stripe checkout session duration requires me to 'book' the stock item and only release them back into stock once the session duration expires (even if they close the tab).
Is there a way to set up Stripe Checkout in a way that would detect whether the item has already been purchased by another buyer (e.g. the stock is no longer available), and for example show an error when the user tries to pay?
If not, any suggestions as to alternative ways of implementing this functionality while still using Stripe?
You can listen for checkout.session.completed events and add some event handler logic to retrieve the Session object while expanding the line_items:
https://stripe.com/docs/payments/checkout/fulfill-orders
https://stripe.com/docs/api/expanding_objects
This will allow you to inspect the price and product IDs for the completed Session. You could then have some logic to expire any other Checkout sessions so no other customers are able to go through the payment flow:
https://stripe.com/docs/payments/checkout/managing-limited-inventory
https://stripe.com/docs/api/checkout/sessions/expire
You can use the paymentIntent that allows you to confirm or reject the payment later. You can create the paymentIntent for all the customers are trying at the same time and next take the first one and confirm only this paymentIntent and reject the others
Read the Stripe documentation:
Stripe | PaymentIntent
So I am using Stripe-Js Payment elements and need to get the card brand (e.g visa, mastercard)
But it seems that brand is only available on cardElement's onChange. I only get the payment method type when onChange is triggered
paymentElement.on('change', function(event) {
// event.brand
});
Now I know I could get the brand details if I do confirmPayment but I need this brand first before doing a payment due to some business-related logic that needs to be done before placing the payment.
Is there a way to get the card brand of what user entered before doing confirmPayment using Payment Elements?
Thanks a lot
Payment Element does not return card brand in any event of StripeJS. This is only possible in Card Element with onChange event as you mentioned.
Another possible way in Payment Element is to go with server-side confirmation instead of using client-side confirmation. At step 6 of the doc, make an extra call to PaymentMethod Retrieval API to get card information including card brands from the PaymentMethod ID (pm_xxx) in the response of stripe.updatePaymentIntent. After checking the card brand, then make a PaymentIntent confirmation call at the server.
Please note that sign up is required to use server-side confirmation since it is currently in beta.
The steps below illustrate my problem with Stripe's PaymentIntent flow, but you could come up with something similar for the other payment gateways I've looked at where the final notification of a successful payment is sent asynchronously from the payment gateway to the merchant site.
Customer adds 10 x item A to their shopping cart, total now $100
Customer goes to checkout page. Server creates a Stripe PaymentIntent for the $100 total and sends the 'client_secret' to the browser.
Customer's browser displays the checkout page, showing $100 total, and Stripe's payment form.
Customer opens a new tab, and adds 10 x item B to their shopping cart, total now $200.
Customer returns to checkout tab, and completes $100 payment with Stripe (nothing the site can do to prevent this - it's all happening client side)
Asynchronously, Stripe notifies the site via webhooks that we've got a $100 payment. What do we do now?
The payment total no longer matches the cart total. Do we have to refund the payment and cancel the order? How do we notify the customer? We've probably already shown them an 'order complete - thank you' page, because we had no way of knowing the total was wrong until the asynchronous notification arrived. The customer's probably left our site already. What do we do with their shopping cart?
-- Some further background to all this:
I used to always turn to Stripe whenever my clients wanted to take online payments on their websites, because Stripe's synchronous model made my code nice and easy. The customer would enter their card details, Stripe would then return a token representing the payment, finally my server side code would check all the details were correct, use Stripe's API to collect the money, and return a 'thank you' message to the customer's browser.
But now it seems Stripe are moving away from this model to an asynchronous model (PaymentIntents), where your server is supposed to listen for notifications for completed payments, before fulfilling orders. In Stripe's terminology, we should set up 'webhooks' listening for the 'payment_intent.succeeded' event.
All the other payment gateways I've used in the past also have an asynchronous model, in the sense that your webserver has to wait for some kind of callback from the gateway notifying us of the payment, before we can safely start processing the order. PayPal calls it 'Instant Payment Notification', Worldpay called it 'Order Webhooks', Adflex called it 'Server2ServerNotification'... etc.
Where I'm struggling, is trying to cope with things that might happen during the gap between checkout starting, and payment notification being received. Given that these payment gateways are all using these kind of asynchronous models, there must be a simple solution to this (and similar) problems, but I'm really stuck - any suggestions would be much appreciated.
I think the main point you're missing here is that the PaymentIntent amount is set server-side. This means that when your customer opens a new tab and adds more items to their cart, you should be updating the PaymentIntent on your server to reflect the new amount. Then when they switch back to the other tab and complete the payment, you should have the total amount reflected in your PaymentIntent.
Your customer might still see the checkout process for an amount different to what is actually being charged, in which case I suggest you look at implementing websockets to make sure they always see the total amount in their shopping cart.