I'm new to develop things in JS and i was wandering aroud Stripe techno.
I have a project to make a site where you can buy credits, let's say for 24h, to use for accessing extended functionnality (not a pr0n site :) )
Things i want to do is:
User buys credit (for 24h, 48h, 1 week)
The credits are stackable (if I buy 2x 24h I have 48h)
When user's credit hits 0, sends a command to client side to "close access"
All stack is in JS client side and NodeJS server side.
I have no clue how to develop this with Stripe integration. Does Stripe have a function to do this, or should i use the token they return and build a thing with Redis and EXPIRY keys ?
Thanks for reading and in advance for your answers.
As your business, you need to use 2 features of stripe:
Subscription feature (https://stripe.com/docs/subscriptions/quickstart). It is used to charge your customer in period time you defined. Beside of that, you are able to create a plan for recurring billing.
Events feature
(https://stripe.com/docs/api#events). The stripe system will notify you any events what made changes on your account. Let's say when the subscription of the customer is expired. The stripe system will raise an alert to url you registered to receive the events.
Hope information above will give you more ideas to work on the stripe system.
Related
I am creating a mobile marketplace however, I don't know how to allow my user who has created an account with firebase also create a stripe account and having that connect to my app so that when they create a listing for a product, they can receive money in their stripe accounts after someone buys their specific product.
My question is, does anyone know how I can do that? I tried following the stripe instructions but realized that they are only making an account and after they sell an item, they arn't getting payed. How would I program that? How would they get payed? For firebase functions, I am using Js. My mobile app is made using flutter and my backend is firebase.
You can make a payout system "add to each user a field which holds the total gained money and when this user collect a specific amount you can send money from stripe to his bank account" because it's not right to connect each user with Stripe as it or any other payment gateways allow to connect the app with one account and it requires some information to be able to receive money .. etc , you see that you put private key and other key to connect with stripe and those keys and you should hide'em with env properties so no one can see'em
I hope you got what i want to say
Stripe Connect has a 3 different charge types to select from : https://stripe.com/docs/connect/charges
In general, you would either create the charge on your platform then transfer the funds to the connected account, or create a charge on the connected account. You would want to follow one of the two guides below depending on which charge type [0] you choose :
https://stripe.com/docs/connect/collect-then-transfer-guide
https://stripe.com/docs/connect/enable-payment-acceptance-guide
Following the flows mentioned above, funds will accumulate in the connected account's balance and will be available to be paid out. You can read about connected account payouts in more detail here : https://stripe.com/docs/connect/bank-debit-card-payouts
You would probably want to write in to Stripe support if you need further guidance on how Stripe Connect works as a product.
This documentation provides detailed steps on how you can
process payments with Firebase using a stripe account.
It walks you through customizing and deploying your own version of
the open-source cloud-functions-stripe-sample.web.app example
app using stripe payments whose source code is available at this
GitHub link.
Also have a look at this stackoverflow thread where a
stackoverflow user has shown how he has integrated Firebase with his
stripe account using Firebase functions.
For a detailed description on how you can create a stripe account for
Firebase Flutter, go through this article.
I'm working on an Android app in react-native and the app communicates with an API I'm working on for the app. The API is built with Laravel and Laravel Passport.
I know that Android apps can be decompiled so any secret keys stored within the app could be easily found. This is the reason for my current approach.
You can only gain an access code during registration. The application uses anonymous accounts so if you lose the access token, it's too bad. The app makes an API request to /api/register which creates the account and returns an access token. The app would store the token and use it to make further API requests.
The problem is that the registration route does not use any client secrets or access tokens. It is very easy to automate requests to the route and create an army of bots. I could potentially limit the amount of requests like a lot of API providers do but that wouldn't stop the issue.
I've heard about payload hashing but this usually requires a salt that is in both the app and api. Again, this is not secure and couldn't someone just hash it themselves if they know the salt to spam requests? Maybe I'm misunderstanding how payload hashes work.
Hopefully someone can assist.
You'll probably want to use something to detect the user agent hitting the route. This package has a lot of useful features:jenssegers/agent. For example, it offers crawler detection:
$agent->isRobot();
Depending on your hosting provider, you may have access to tools that automatically blacklists ip addresses after X number of requests per minute (or other metrics). I know AWS offers this service.
Another option is antonioribeiro/firewall. Track users based on ip or geography and redirect/block accordingly.
I'm at this junction at the moment and the route I'm taking is one where the user is challenged to solve a simple puzzle:
registration process on app/web picks up a challenge from my registration server
the challenge is shown to the user with the input fields: email/username, password and the answer input for the challenge
it all gets sent to the registration server and if the answer is incorrect, the registration is denied
This "are you human" challenge is what will stop bot-registration so it needs to be a little smarter than the one coding the bots, so a selection of various challenges on the server would be nice.
I'm thinking of "select the n-th value from the dropdown", "select the first/last option", "write the color 'blue'" or "what whole number is between 3 and 5", and so on, for which variables can easily be generated by the server, the challenge and answer input can easily be created by the registration script, and it's easy and not very time consuming for the user to solve.
Another option I'll explore is to throttle requests by IP, combined with black-and white-listing those.
I am currently redesigning a website and looking for a solution on how to add a paid version of the site.
For example, say I have a <select> drop-down box with 20 elements inside. However, I want 15 of these 20 elements to be disabled unless the user has a paid account. At this time, that is the extent of what I need to differentiate between free/paid versions.
I'm planning on adding the ability to register an account and log in, as well as some type of payment processor (recommendations are appreciated for this! - currently looking at using Django/Python). I just don't know how to best go about managing two different levels of the website, and allowing those additional options to paid members.
I'm working with calculators that are pure Javascript. Using Bootstrap for the page design. As far as anything else goes, I'm open.
To do that, you'd have to add a field with a default value of NULL to your database, let's call it "subscription", into your users table. Then, everytime a user login to your website, fetch the subcription value and write it into a session variable. The last thing you have to do to ensure free members aren't allowed to perform any actions the subscribed members can is checking the content of the session variable while :
building your html, or you could check it on the client side with javascript right after the premium element has loaded (this is for user experience only since a client can remove any html attribute whnever they want)
and
while recieving the data of the premium element on the server side, accept it if the user is premium, reject it if they're free (again, just checking the session variable should do the job).
So as you can see, it's much more about preventing free users to gain access at the paid members options than allowing paid members to browse a completly new version of the website designed specifically for them.
I will try to give you a blunt idea maybe this might help you.
So lets say a user has paid for your service you can flag a token in yours app's backend if a particular user is paid or not. So whenever the user logs in your app next time you can get the status of the logged user.
Once you get the status of the logged user you can enable or disable ui elements.
I hope this made some sense.
So I've been messing around with node.js and twilio these past couple of days. I managed to get it running and create a nice little system of keyword checks and responses. The problem is I need a way to prevent a conversation from going beyond X amount of exchanged messages. Anything that can get the user to stop messaging or get twilio to stop accepting them would be great.
I've looked into things like blocking their number, or even trying to activate the STOP keyword for them but nothing came up. The best I thought of was creating a counter of inbound and outbound messages and sending a final messaging stating "You've reached the conversation limit. You'll be charged X amount per every new message sent and received" to scare them off.I'm not really sure if that option is ethical or even legal.
I don't want to wake up one day and find that I owe $5000 in SMS fees because my numbers were spammed even after users have already gone through every possible dialogue option. Any help is appreciated.
EDIT : I think I've found my answer so I'll post it here in case anyone else has the same thought. https://support.twilio.com/hc/en-us/articles/223181648-Is-there-a-way-to-block-incoming-SMS-on-my-Twilio-phone-number-
Twilio billing is prepaid (for me), so i don't think you will "owe $5000". They could burn thru your credit and if you are set up for auto top up, that could be an issue.
That being said there are different ways to keep on top of spending without coding. I would recommend taking a look at the following:
Account Triggers - Get notifications
Projects - Isolate your numbers/apps that are in production
Some Coding Ideas
I am guessing you are using a twilio number to bridge two users that gives anonymity. What you proposed should be possible.
Use a function to query your logs and rate limit with your own logic
Docs: Usage Records
Use a database, record transactions, and query the data base with your own logic
Note: if the incoming message is generated by an incoming sms/mms, an incoming fee will be charged regardless of if the message is relayed or not.
Additionally, there are rate limiting npm modules available (I have not explored them). ex// npm limiter
As mentioned in the comments, this specific question is off-topic. However, I'll state few things.
As of now, you can't control incoming messages. Twilio does that for you. For example, twilio charge you only for numbers validated as spam-free. You can get more information from their support agents.
From your side, you can try few other things.
Control the outgoing messages (For instance, detect spam, and do not send automatic replies if any)
Stick into a basic plan
For controlling the incoming load to your application, there is a library called queuep(npm install queuep). You can easily write the spam detection logic and avoid a load of messages. There are other benefits such as throttling and memoization.
But this does not guarantee that you are not charged for the load if any. That is because, charging happens even before the message is received by the NodeJs application. Only possible place to control this is through the twilio admin panel
I am trying to create a website that will allow people to post items for sale and then receive a payment through paypal once the item is purchased. Ideally I would have them link their paypal account to my website, before they post any items, and user would checkout via paypal. This would be a very similar setup to what ebay has with paypal. Can someone point me to what type of integration this is? Also could someone point me to the proper docs? I don't think i'm using the correct terminology so I'm not finding anything. I am a developer so i'm not afraid to code this up. Thanks
If you want to create this kind of integration you will need to make a few user experience decisions first. The flow of Ebay allows a person to link a payment method to their system and upon purchase directs them to an Ebay paypal checkout page that acts as a payment using stored credentials to do a transaction with the Ebay paypal account. Internally Ebay then performs other transactions from their account with other user's registered payment information to mediate the exchange. It is not directly user-to-user. The first question you as a developer need to answer is : Do you want to use the pre-built paypal experience or design your own with paypal integration?
The simplest pre-built experience causes your users to be directed away from your website to paypal where they handle their transactions and then are returned to your site along with a REST payload that informs your site whether a transaction was successful or not.
Another service offered by paypal is called Paypal Payment Advance which allows them to provide you with a template integration on your website which performs the transactions on your domain. To learn more about that, see here.
The custom experience requires you to learn the Paypal developer API and how Paypal operates and stores credentials which can be found here. This option is only if you really want to have complete control of everything and are willing to put in the work. It is also the most difficult option, but gives you the greatest control over the end experience.