Charging a saved card in stripe - javascript

I want to charge a saved card in stripe. But while charging the save card I also want user to enter the CVV, just as an additional check (kind of like what happens in amazon).
So far I've tried payment intent and payment method. So while creating the payment intent I'll pass the payment method id, which is in format of card_***. And I can see that the payment_intent.succeeded event on stripe dashboard and even in webhook. But in this flow I'm unable to ask the user for CVV information.
Is there anyway to achieve this through Stripe.
Here's some useful links that I found.
payment method
This is the link that I followed to achieve, it's just that I also want to ask for CVV before actual charging.
stripe doc for charging saved card

It is possible to recollect the CVC from your customer. As you mentioned, you’ll reuse the existing Payment Method, but additionally you’ll include a cardCvc element on the page where your customer can provide the CVC for their card. Then when you’re making the call to confirm the payment, you’ll pass that element into the payment_method_options.card.cvc parameter.
This is covered in more detail here:
https://stripe.com/docs/payments/save-during-payment-cards-only#web-recollect-cvc

Related

Update Stripe credit card that was saved with SetupIntent

I've saved the credit card for later usage with SetupIntent to the customer. Let's say that the user wants to edit his card (expiration/cvc/billing, etc..) after 5 days.
What would be the workflow for it?
Documentation got me confused because they propose to create a new SetupIntent and attach it to the customer. If that's so, what should we do with the previously added card?
For very good privacy reasons, there's very little you can "edit" on a user's payment methods. Stripe allows an almost unlimited number of paymentMethods attached to a customer. The recommended flow (as I also answered on Discord) is to attach the new paymentMethod - you can simply delete the previous one(s). When you query the API for a customer's payment Methods (list), they are returned in reverse chronological order - the first one is the most recent.

How to prevent shopping cart alterations in another tab when paymentintent is already created

Has anyone figured out a solution to this? I seem to have gotten to the same conclusion with no solution.
If I were to go the my app's checkout page, the payintent is created in the backend (explained the process below). So no after the payIntent is created, if i open a new tab and go the menu and add a new menu item, firestore will show the new (correct) total, but since the payment intent is created stripe charges the old (wrong) total.
What I am doing is
Every time the page loads, I send a GET request to my backend which verifies the identity of the user (using firestore/firebase).
Checks if there is a payment intent (payement intents are stored in firestore corresponding to the user)
A. if payintent does not exist under user create one
B. if payintent does exist retrieve payintent from stripe and check if it has .status===succeeded. IF it has succeeded create a new one and if it has not succeeded update the old one. The amount for all payIntents is calculated using total in firestore
(and ofc if the users cart is empty a payintent is not created)
Send back to the frontend the payInent.clienSecret and cart items to populate page
From the front end using stripe elements and confirmPayment confirm the payment
(using ngrok the page loads in about 800-1200ms so not too bad i think)
Possible solutions are using webhooks, when payintent is processing check and update the pricing but that seems like duct taped solution (if it were to even work). OR using webhooks when payment has succeeded update the payment, again seems like a duct tape solution (if it were to even work).
EDIT: possible solution 3 cofirmPayment in the backend but according to documentation that takes away 3ds authentication which is the reason I am doing confirmPayment in the front end anyways
SOLUTION: The missing piece is that you need to update the Payment Intent's amount when something is added to their cart. Once you add that I think that will solve your issue.
So a function to create payment intent and update payment intent (when there is already a payment intent created) on add to cart. And then a final update paymentIntent on the checkout page whenever they delete an item or if they edit the item
Thank you Justin Michael
I'm not sure I completely understand your question. If you confirm a Payment Intent client-side using its client secret the Payment Intent will attempt to charge whatever the current amount set on it is. Stripe will never use a previous or "old" amount.
As far as a solution, I recommend you retrieve the Payment Intent client-side using Stripe.js when your customer clicks on your "pay" button and see if the currently-set amount on the Payment Intent matches what you're currently displaying to them. If it doesn't match abort the payment process, update your state client-side based on the latest version of the Payment Intent you just retrieved, prompt the customer to confirm the new amount, and ask them to click on "pay" again.

Stripe - add a card for customer without payment

I have a customer that is logged into my application.
const customerId = '1234';
I want him to be able to add a card so he can use it later for purchasing items in my shop.
But theres many of possible requests and im not really sure which one should be used in such situation.
createSource();
createPaymentMethod();
createSetupIntent();
What is the proper way in Stripe to add a card by customer?
You'd use Setup Intents which will facilitate the authentication and saving of payment details to an existing Customer object. There's a guide here on how to achieve this.

Stripe connect transfers and payouts without verification

I am trying to clarify things associated with Stripe Connect's paymentIntent and transfers endpoints. The thing is that I do think that I do not understand the flow perfectly and even do not know if I did choose the best solution for my application.
I am using the separate charges and transfers method and for the account type I did choose custom.
What I want to achieve is the following:
Get money from user A and send it to user B (user in this context is my platform user not the Stripe Account or Customer). I want to take my cut while I send the money to user B. It leads to a question, if I do need to create both the Stripe Customer and Account. And if the user B who gets the money after transfer is not acting as a company, why would I need to collect industry and other legal information from him/her just to make payout?
What I did:
First of all I do create Stipe Customer and Account for my platform users. Then I:
Create PaymentIntent to take money from (Stripe Customer A). Includes the Stripe fees
Create Transfer of the PaymentIntent and transfer it to (Stripe Account B).
Now I want to create payout of the transferred money. Do I have to trigger the payout endpoint for this case?
The 3 last steps in code:
Create paymentIntent
const paymentIntent = {description, amount, currency, customer_id, transfer_group, payment_method, confirmation_method: 'manual', confirm: true};
const response = await stripe.paymentIntents.create(paymentIntent);
Create transfer
const transfer = { amount, currency, destination: destinationAccount, transfer_group };
const response = await stripe.transfers.create(transfer);
stripe.paymentIntents.confirm(response.client_secret, {payment_method: response.payment_method})
Now money is taken from Customer A and transferred to Account B but I have no idea what legal information I need from my platform users to be able to create payouts? All my Stripe accounts/customers did accept the tos_acceptance also while adding a new source. None of my platform users are industry nor a company. They are individuals doing their things.
To follow the flow which you mentioned you need to create stripe Connect account for each of your customer B. As you need to do payouts to there bank accounts they need to be completely verified by stripe this shows legal information required for verification as per country
Though your end users are individuals you need to completely prove them for authenticity as you are involving them in legal fund transfer and making there sub-merchant accounts.
And you don't have to trigger the payout end point as it is automatically handled by stripe and you can also change it either you want to do payout weekly/daily/monthly etc and also set for custom payouts from dashboard settings.

Accept Credit Card Payments via JavaScript

I have a Square Account. I also have a web page. On this web page, I'm collecting credit card details (name, number, expiration date, cvv). I want to charge the user an amount against the credit card details they've provided. I thought that Square had an API that allowed this. However, I don't see it. It looks like everything has to be done on the server.
Isn't there a way to securely do this from JavaScript purely on the client-side? It seems riskier to send details over the internet to a server, just to pass that information onto Square.
At this time, I have the following:
var creditCardNumber = '....';
var credidCardHolderName = 'Joe Smith';
var creditCardExpiration = '10/2020';
var creditCardCvv = '...';
var purchaseAmount = 50.50;
Is there a way to charge the purchaseAmount against the user's credit card using JavaScript on the client-side via Square? If so, how?
Thank you
You can't cut your own server out of the equation entirely. That would mean you would never get to know about the order. Money would just appear in your account.
You shouldn't be collecting credit card information though. Look at the Square Documentation for online transactions.
As part of the process, the user is redirected to Square's website where the credit card information is collected. You never need to send the credit card details to your server.
Merchant - Create a POST request: . Package the order information as a JSON message. NOTE: Currently, Square Checkout cannot calculate
shipping costs or taxes dynamically, those totals must be provided in
the POST request as line items in the order.
Add an authorization token to the header.
Merchant - Send the generated POST request to Square Checkout and process the response:
Save the returned checkout ID.
Automatically redirect the customer to the returned Checkout page URL.
Customer - Provide payment details using the Square Checkout UI.
Square Checkout - Process the transaction and sends email confirmation to merchant and customer.
Merchant - Verify the transaction results.
To process the payment you probably need to send some API credentials which wouldn't be safe to show on your frontend. That's why you may need some backend for that.
And of course you would allow customer to change the payment amount, which usually isn't OK.
Square documentation has got few nice diagrams and images showing how their API works and how to understand integrating it, e.g.
Take a look at "Get started" guide on their website, especially how it works.
Unfortunately, I am unable to find the specific documentation you would need to do this. It appears you need to log into the developer portal using your account credentials. If you are unable to find the documentation you need then you should reach out to Square support. That being said, I can give you some basic guidance.
DO NOT store any credit card information in your website. Do not store in javascript variables, send to your sever, or store them in any database. There is specific code Square will have you use that keeps that data secure and ensures it only ever is shared with Square.
Try digging around in the documentation of the product you're trying to use. What you are trying to accomplish should be found in some kind of "Setup" or "Get Started" type documentation that will be prominently displayed.

Categories