Asso360 | Stripe Developers | Page 1

west pondBOT Sep 14, 2022, 7:32 AM

#

formal cliff Sep 14, 2022, 7:40 AM

#

You are correct that the flow you are using is not ideal, especially Step 1, when you pass the card detail on server-side

#

It will expose you to the PCI compliance, and in theory you should never do that, aka never let credit card information ever reach your server

#

The correct integration is using PaymentElement, yes, and display it in ionic from a webview. You will collect the card information via Stripe owned PaymentElement component

mint turret Sep 14, 2022, 7:52 AM

#

Thanks for the answer.
In Step 1 I don't allow the card details reaching the server-side, but I use a "card token" generated by the mobile App.
When I create the PaymentIntent from SDK in .NET backend, I use the card ID and not the card details (e.g.: "card_hashcodegeneratebystripe")

#

I use the Stripe Element by the client-side (app) to input card detail and generate token.
Then i pass only the card ID to the server to create and confirm the Payment Intent

formal cliff Sep 14, 2022, 7:54 AM

#

Ah okie that's great 👍

#

Btw how do you generate card token by mobile app?

#

Anw, your integration is a bit legacy but it works and nothing specifically wrong with it.

#

If you want to improve, you can switch over to collect the card by PaymentElement in the first place. But it will be in a webview and need to adapt to your mobile UI

mint turret Sep 14, 2022, 8:00 AM

#

I create the card token using the Stripe Javascript Plugin (in Ionic):

import { Store } from '@ngrx/store';

private stripe: Stripe;
stripe = await loadStripe(this.publicKey);
stripe.createToken( ... passing the card details from Stripe Element ... )

and that works ok👍

#

I face troubles when I use a card which requires 3D secure check (e.g. test card 4000 0000 0000 3220)

#

because I need to make Ionic redirect to Stripe (in-app browser) and then waiting Stripe makes a redirect to my app (using the return_url specified when confirming payment intent, step 2)

vapid knoll Sep 14, 2022, 8:03 AM

#

and that doesn't happen?

mint turret Sep 14, 2022, 8:05 AM

#

Stripes works correctly and triggers the redirect, but I face troubles with those redirect in Ionic... so I wonder if there was an alternative way to open the 3D confirmation page without using the "return URL"

#

maybe opening a popup or an internal component by the Stripe Javascript Plugin...

vapid knoll Sep 14, 2022, 8:08 AM

#

usually you don't do it this way at all(manually creating a token and manually opening the URL), you use our functions like stripe.confirmCardPayment https://stripe.com/docs/js/payment_intents/confirm_card_payment

mint turret Sep 14, 2022, 8:11 AM

#

ok! now I'll try to take a look at that docs

#

thank you, I'll let you know

#

👍

#Asso360