I can generate a token with the createTokenWithCardAsync function, but then I don't know how to use the token to go through with the payment process.
Would anyone know which functions are in the 'expo-payments-stripe'? The actual stripe functions like stripe.customers.create() or stripe.charges.create() do not work. So far I just know of 2 functions compatible with that package, the one I mentioned above and createTokenWithCardFormAsync...
Ultimately I would like to attach the token to a customer so that they don't need to put their card details everytime they want to purchase something.
Also at the moment of token creation I do not charge any money, just want to 'keep' their info just like uber does.
thanks!
Customer creation and Charge creation on Stripe is a secret-key only function, therefore cannot be done on your client-side (your mobile app which can only use your publishable key).
Therefore, the flow here is:
Create a Token on your app (as you are)
Post the token to your backend endpoint
Your backend endpoint (written in say, node using stripe-node) calls stripe.customers.create() with the Token ID, attaching the Token to the Customer
Charge creation later also has to happen server-side, not client-side.
Related
I have installed package react-native-payments in react native project, and i have token from that response, using that token i wants to do payment with stripe, is that any api available? to use apple pay token with stripe.
basically we have to check with token which will get from apple pay and then can able to pass in strip payment api method, Is any thing available from api side ?
The react-native-payments library has a Stripe-specific plugin that you can use:
https://github.com/naoufal/react-native-payments/tree/master/packages/react-native-payments-addon-stripe
As documented, this plugin will allow you to receive Stripe-chargeable tokens as part of the PaymentResponse.
Once you have the Stripe Token you'll need to send it to you server where you can save it to a Stripe Customer to make charges with. If the token you get back from the library has a tok_ prefix that means that it's a legacy Token, so you'd likely want to convert that to the newer PaymentMethods API. To do this you would create a new PaymentMethod and pass in card: { token: "tok_xyz" }. From there you can save the newly created PaymentMethod (will have a pm_ prefix) to a Stripe Customer:
Create a Stripe Customer: https://stripe.com/docs/api/customers/create
Save the PaymentMethod: https://stripe.com/docs/api/payment_methods/attach
You can then use the Customer/PaymentMethod duo to process payments using all of Stripe's APIs.
I am implementing subscriptions to a premium service on a website using Paypal as the payment service. I have successfully created a Catalog Product and Billing Plan through the API, and I am able to get to the payment page on Paypal, but it's not clear how I'm supposed to persist a user identifier through the purchase process.
I assumed it would be something along the lines of passing a user id somewhere, but there's nothing in the Paypal documentation about this. I need to be able to let the user make a purchase and have the Paypal webhook send the confirmation to an endpoint on my site, and that's where I'd expect to get their user id to toggle the subscription on their account on my end.
Is there something I'm missing? There has to be a way to do this cause I'd imagine it's a pretty common use case. If anyone has information or has done this before, I'd love to hear. Thanks.
The only truly secure way I've found when using javascript SDK, is to securely generate a unique custom_id on your server side associated with the user.
Then when you create the buttons, the 'createSubscription' function takes custom_id as a parameter.
Then use a webhook to receive events from your subscription and the custom_id will be present in the body of all BILLING.SUBSCRIPTION events under resource.custom_id.
I am able to get to the payment page on PayPal,
You are vague about what you are doing here. There are multiple ways (and some ways have multiple versions) of accepting subscriptions via PayPal, so it is important that you provide full details about the method you are using.
The time to associate a created subscription ID with a user ID is when it is approved, in the onApprove function if you are using a Smart Payment Button: https://developer.paypal.com/docs/subscriptions/integrate/#4-create-a-subscription
Currently, I'm using the following third-party libraries to integrate with Braintree:
https://github.com/ferndopolis/react-native-braintree-card
https://github.com/kraffslol/react-native-braintree-xplat
But I'm not able to find any method to save card details. Is there a rest API call available to save card details?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact
support.
Both of the third-party libraries you linked to are wrappers for our client SDKS and have documentation that show that you will need to return the resulting payment method nonce to your server-side to use. A payment method nonce is a secure, one-time-use reference to payment information. It's the key element that allows your server to communicate sensitive payment information to Braintree without ever touching the raw data.
Braintree does not have a REST API at this moment, however you can use one of our server SDKS to run a Customer Create API Call, which will save that customer's payment information into the Braintree Vault. Additionally, you could run a Payment Method Create API Call as well to save the card details.
Since apparently you're not reachable for API questions via email, I guess I'd have to put all the questions in here since it would be tedious to create one for each of them.
So we're planning on creating a webhooks system for our integrations to create a better experience for our users. There are a few pieces that are missing for our end to support having a Podio integration that runs 100% on webhooks.
Support organization level webhooks instead at the space level.
Send full object payload in the webhooks push so we don't need to fetch the resource again. Or at least provide a delta of changes.
Have a secret token header that you send with each request so we can assure the authenticity of the data (that it's actually from Podio and it's not someone trying to hack our system).
Github does a great job with this: https://developer.github.com/webhooks/#delivery-headers.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials. Do you automatically delete that webhook or do we need to contact the user or you guys to get rid of it?
Trello for instance deletes all webhooks associated with a token if it's revoked or a second option is our server sends a 410 Gone back and the webhook, well you guessed it, it's gone.
Do you think something like this is feasible in the near future?
Thanks for your insights :)
Seems pretty valid point. Are there any particular org operations that you are interested to have webhooks for? Can you also describe some use-cases for org level webhooks?
Sending full object payload is pretty complicated because items in Podio can be extremely big and it might be not needed for webhook to get all details. That's why we keep it small and tiny and let Podio partners build own complicated solutions based on webhooks.
Secret token is not much needed if there is only item_id sent in webhook. Let's review it on item modified scenario.
1) User (or anything else) modifies item
2) item.modified webhook is triggered with item_id
3) 3rd party app receives webhook
4) 3rd party app makes a call to Podio API (if it's needed) and gets all required information from Podio API
So, if webhook request is fake, then Podio API will return same item details and nothing is affected. If you want to have some extra layer of security: why not making webhook URL unique and specific to webhook? Then only Podio will know which URL to use to trigger this webhook.
Ability to unsubscribe from a webhook if the client revokes the OAuth credentials.
Sorry, but I don't understand your question. Can you please re-phrase it as new StackOverflow question?
According to the documentation the paypal payment method should be able to do Authorization & Capture just fine. The following excerpt under the PayPal authorizations excerpt specifically states how to go about it:
First get payment approval and execute the payment as you normally would do for a PayPal payment. Once you successfully execute on the payment authorization, PayPal responds with a new set of HATEOAS links, including a capture link that you use to capture the payment.
So if im following correctly the flow for doing Authorize & Capture is as follows:
Create a Payment
Redirect User to HATEOAS link approval_url to get them to sign into paypal.
Be returned to success (or cancel, but not in this example) link.
Get the Payment to see what's changed, get the shipping address / etc....
Let the customer review the details
Execute The Payment to commit to the hold on funds.
At this point an AuthorizationID / HATEOAS Link should hold information about the authorization.
Some time later use the authorization ID to Capture, and voila, we're done.
Now this is all fine and dandy, but in my tests on the sandbox environment I'm having trouble retrieving the authorization ID anywhere.
Here's my HATEOAS Links I receive from my Execute Step:
As you can see, only the self reference is returned, according to the documentation there should be one capture link at the least that should have the authorizationID in it.
Also, nowhere in the response body is any authorization ID. However, If I look at the payment in my sandbox paypal dashboard:
And once I drill down into it:
Sure enough if I call the Authorization.Capture API call against 8B633793L37511009 it captures as you would expect. However I can't find a programmatic way to determine this number.
How am I supposed to store the authorization number so my tooling can capture later when our business conditions have been met?
In the beggining, when you create the payment with intent authorize you should be getting an authorization object within the response. This object has the id you need for the capture later.
Check this blog post to see if you're missing something fundamental in the picture.
I followed the tutorial and executed the sample requests via curl. As you can see, I got the authorization id under transactions->related resources->authorization->id
Then I used the id in the URL and successfully captured the payment.
Hope this helps, if it doesn't, please elaborate and maybe I will be able to help you further. Good luck!