#swb

Hi there

1/ So by default when you pass a Customer + Ephemeral key we display the saved payment methods. I can't remember if the iOS SDK will allow you to do this, but if you exclude the Ephemeral Key then saved Payment Methods won't be shown.

2/ We only collect what is required by the payment method. So for Cards only country/zip will be collected. If you always want to collect name and full billing address then you should do that outside payment sheet

3/ Are you using a SetupIntent from a Subscription here? Or outside the Subscription flow?

4/ When you saw "raw unencrypted card numbers" are you stating that they aren't redacted? What are you seeing exactly? You should see a redacted PAN being passed.

Re: #4 - see the attached screenshot of the relevant part of the POST body being sent by PaymentSheet to the /setup_intents endpoint.

What is that from? You are logging that somewhere? What does it look like in the actual request in your Dashboard?

We intercepted the call with Proxyman (https://proxyman.io) in development, running our build in the emulator

Outside of the subcription flow. We are just creating a setupIntent for the Customer

Ah okay well then yeah overall this is expected as you are intercepting the HTTP request that is being sent from the client to Stripe which will contain the card details. This shouldn't be possible in a live environment from my understanding.

Are you collecting card details ahead of when you create the Subscription?

Like you create the Sub later when the Customer isn't on-session any more

Basically asking why are you using a SetupIntent outside of the Sub flow to collect card details

Our desired use case is as follows:

1. Create a Customer
2. Add a Default Payment Method to the Customer using the PaymentSheet (but don't charge the card)
3. Create a Subscription that will not immediately be charged
4. (optional) Customer can add new payment methods, optionally selecting a newly added method as their new default (so the Subscription automatically charges it going forward)

We are not setting a payment method directly on the Subscription - just on the Customer

There is no specific reason we are using a SetupIntent - we are doing so only because we understand it to be the only way to add, but not charge, a payment method to a Customer. If there is a better integration pattern for our use case above, please let me know 🙂

So when you create the Sub that will not be immediately charged, is that a $0 Price or a Trial? Or are you just creating an incomplete Sub with a $$ invoice and then charging within 23 hours?

We are creating it with a Trial to offset the billing anchor

In some but not all cases, a Trial will not apply, and the Subscription will be billed right away.

Gotcha

So when you create a Subscription with a trial there will be a pending_setup_intent created: https://stripe.com/docs/api/subscriptions/object#subscription_object-pending_setup_intent

It is recommended to use this SetupIntent to collect the payment method

Instead of creating another one

Then that PaymentMethod will be set as the default

And you would create a separate one if you wanted to collect a different PaymentMethod for the Customer after the Subscription creation

Gotcha. And what if we are simply interested in managing payment methods on the Customer, not on the Subscription? What would be the simplest way to create a new Payment Method on the Customer with the PaymentSheet and mark it as the Customer's default?

You would update the Customer's invoice_settings.default_payment_method (https://stripe.com/docs/api/customers/update#update_customer-invoice_settings-default_payment_method) after the PaymentMethod is attached via the SetupIntent. So it would require an extra server-side request in this case.

Awesome. Thanks, @daring geode 👍 Really appreciate the help