Update Stripe credit card that was saved with SetupIntent - javascript

I've saved the credit card for later usage with SetupIntent to the customer. Let's say that the user wants to edit his card (expiration/cvc/billing, etc..) after 5 days.
What would be the workflow for it?
Documentation got me confused because they propose to create a new SetupIntent and attach it to the customer. If that's so, what should we do with the previously added card?

For very good privacy reasons, there's very little you can "edit" on a user's payment methods. Stripe allows an almost unlimited number of paymentMethods attached to a customer. The recommended flow (as I also answered on Discord) is to attach the new paymentMethod - you can simply delete the previous one(s). When you query the API for a customer's payment Methods (list), they are returned in reverse chronological order - the first one is the most recent.

Related

How to prevent shopping cart alterations in another tab when paymentintent is already created

Has anyone figured out a solution to this? I seem to have gotten to the same conclusion with no solution.
If I were to go the my app's checkout page, the payintent is created in the backend (explained the process below). So no after the payIntent is created, if i open a new tab and go the menu and add a new menu item, firestore will show the new (correct) total, but since the payment intent is created stripe charges the old (wrong) total.
What I am doing is
Every time the page loads, I send a GET request to my backend which verifies the identity of the user (using firestore/firebase).
Checks if there is a payment intent (payement intents are stored in firestore corresponding to the user)
A. if payintent does not exist under user create one
B. if payintent does exist retrieve payintent from stripe and check if it has .status===succeeded. IF it has succeeded create a new one and if it has not succeeded update the old one. The amount for all payIntents is calculated using total in firestore
(and ofc if the users cart is empty a payintent is not created)
Send back to the frontend the payInent.clienSecret and cart items to populate page
From the front end using stripe elements and confirmPayment confirm the payment
(using ngrok the page loads in about 800-1200ms so not too bad i think)
Possible solutions are using webhooks, when payintent is processing check and update the pricing but that seems like duct taped solution (if it were to even work). OR using webhooks when payment has succeeded update the payment, again seems like a duct tape solution (if it were to even work).
EDIT: possible solution 3 cofirmPayment in the backend but according to documentation that takes away 3ds authentication which is the reason I am doing confirmPayment in the front end anyways
SOLUTION: The missing piece is that you need to update the Payment Intent's amount when something is added to their cart. Once you add that I think that will solve your issue.
So a function to create payment intent and update payment intent (when there is already a payment intent created) on add to cart. And then a final update paymentIntent on the checkout page whenever they delete an item or if they edit the item
Thank you Justin Michael
I'm not sure I completely understand your question. If you confirm a Payment Intent client-side using its client secret the Payment Intent will attempt to charge whatever the current amount set on it is. Stripe will never use a previous or "old" amount.
As far as a solution, I recommend you retrieve the Payment Intent client-side using Stripe.js when your customer clicks on your "pay" button and see if the currently-set amount on the Payment Intent matches what you're currently displaying to them. If it doesn't match abort the payment process, update your state client-side based on the latest version of the Payment Intent you just retrieved, prompt the customer to confirm the new amount, and ask them to click on "pay" again.

Stripe - add a card for customer without payment

I have a customer that is logged into my application.
const customerId = '1234';
I want him to be able to add a card so he can use it later for purchasing items in my shop.
But theres many of possible requests and im not really sure which one should be used in such situation.
createSource();
createPaymentMethod();
createSetupIntent();
What is the proper way in Stripe to add a card by customer?
You'd use Setup Intents which will facilitate the authentication and saving of payment details to an existing Customer object. There's a guide here on how to achieve this.

Charging a saved card in stripe

I want to charge a saved card in stripe. But while charging the save card I also want user to enter the CVV, just as an additional check (kind of like what happens in amazon).
So far I've tried payment intent and payment method. So while creating the payment intent I'll pass the payment method id, which is in format of card_***. And I can see that the payment_intent.succeeded event on stripe dashboard and even in webhook. But in this flow I'm unable to ask the user for CVV information.
Is there anyway to achieve this through Stripe.
Here's some useful links that I found.
payment method
This is the link that I followed to achieve, it's just that I also want to ask for CVV before actual charging.
stripe doc for charging saved card
It is possible to recollect the CVC from your customer. As you mentioned, you’ll reuse the existing Payment Method, but additionally you’ll include a cardCvc element on the page where your customer can provide the CVC for their card. Then when you’re making the call to confirm the payment, you’ll pass that element into the payment_method_options.card.cvc parameter.
This is covered in more detail here:
https://stripe.com/docs/payments/save-during-payment-cards-only#web-recollect-cvc

How To Get Two Separate Nonces with Accept.js?

I'm using Authorize.Net Accept.js for a custom cart with subscriptions using the ARBCreateSubscriptionRequest API, where we pass it the payment nonce as an opaque data element.
Although this works, it has these 3 faults that occur on ARBCreateSubscriptionRequest (subscriptions) but do not occur on CreateTransactionRequest (single payments):
It does not confirm CVC (card code).
It does not confirm valid card expiration date.
It does not confirm available funds to start the subscription.
Working with Authorize.Net tech support, they confirmed that the proper procedure is to:
Use CreateTransactionRequest to create the initial payment of the subscription, thereby giving an immediate response and getting around the listed problems above.
Then, they said to follow this with a ARBCreateSubscriptionRequest where the start date is the next term of their subscription.
Granted, yes, even without a CreateTransactionRequest, but solely using ARBCreateSubscriptionRequest when the subscription initial payment kicks in 24 hours later, the card will fail and a webhook message can be sent to my cart to let me know to disable whatever I enabled. However, an immediate response would be more suitable and would certainly alleviate potential customer frustration and merchant frustration. Plus, if one is shipping something with the purchase, it is crucial for the merchant to know that the purchase worked.
So, for instance, let's say I charge $9 a month on a subscription. The first payment would be with CreateTransactionRequest for $9 for the current month. Then, create ARBCreateSubscriptionRequest with a delay to start on the first day of the next month, and an interval of every month. So, the customer gets processed (pass/fail) on the initial $9 immediately on purchase. Then, when the next month kicks in, their subscription engages for $9/month thereafter.
Okay, I understand this 100%. But here's where I'm not getting a clear answer in the docs or in a support ticket. The CreateTransactionRequest and the ARBCreateSubscriptionRequest both need their own unique payment nonce.
Key Problem: If Accept.js is used to generate a single nonce, how do I get two nonces? If I use Accept.js to generate the second nonce, does it invalidate the prior one? I'm confused and the documentation doesn't explain.
If you want to validate card information from an Accept.js nonce, process an initial transaction and then create a subscription, you might try the following sequence:
Use createTransactionRequest with the nonce and set createProfile=true. The gateway will process your transaction including validating the card number, expiration and CCV. If successful, a customer profile is created.
Use the customer profile to create your subscription.

Accept Credit Card Payments via JavaScript

I have a Square Account. I also have a web page. On this web page, I'm collecting credit card details (name, number, expiration date, cvv). I want to charge the user an amount against the credit card details they've provided. I thought that Square had an API that allowed this. However, I don't see it. It looks like everything has to be done on the server.
Isn't there a way to securely do this from JavaScript purely on the client-side? It seems riskier to send details over the internet to a server, just to pass that information onto Square.
At this time, I have the following:
var creditCardNumber = '....';
var credidCardHolderName = 'Joe Smith';
var creditCardExpiration = '10/2020';
var creditCardCvv = '...';
var purchaseAmount = 50.50;
Is there a way to charge the purchaseAmount against the user's credit card using JavaScript on the client-side via Square? If so, how?
Thank you
You can't cut your own server out of the equation entirely. That would mean you would never get to know about the order. Money would just appear in your account.
You shouldn't be collecting credit card information though. Look at the Square Documentation for online transactions.
As part of the process, the user is redirected to Square's website where the credit card information is collected. You never need to send the credit card details to your server.
Merchant - Create a POST request: . Package the order information as a JSON message. NOTE: Currently, Square Checkout cannot calculate
shipping costs or taxes dynamically, those totals must be provided in
the POST request as line items in the order.
Add an authorization token to the header.
Merchant - Send the generated POST request to Square Checkout and process the response:
Save the returned checkout ID.
Automatically redirect the customer to the returned Checkout page URL.
Customer - Provide payment details using the Square Checkout UI.
Square Checkout - Process the transaction and sends email confirmation to merchant and customer.
Merchant - Verify the transaction results.
To process the payment you probably need to send some API credentials which wouldn't be safe to show on your frontend. That's why you may need some backend for that.
And of course you would allow customer to change the payment amount, which usually isn't OK.
Square documentation has got few nice diagrams and images showing how their API works and how to understand integrating it, e.g.
Take a look at "Get started" guide on their website, especially how it works.
Unfortunately, I am unable to find the specific documentation you would need to do this. It appears you need to log into the developer portal using your account credentials. If you are unable to find the documentation you need then you should reach out to Square support. That being said, I can give you some basic guidance.
DO NOT store any credit card information in your website. Do not store in javascript variables, send to your sever, or store them in any database. There is specific code Square will have you use that keeps that data secure and ensures it only ever is shared with Square.
Try digging around in the documentation of the product you're trying to use. What you are trying to accomplish should be found in some kind of "Setup" or "Get Started" type documentation that will be prominently displayed.

Categories