rnash | Stripe Developers | Page 1

feral lanceBOT Dec 12, 2022, 9:55 PM

#

noble fossil Dec 12, 2022, 9:59 PM

#

Hi there! No, this isn't possible. The point of using Elements is to have customers type their payment details directly and share these with Stripe. At no point should your client-side code have direct access to raw card numbers.

eternal glade Dec 12, 2022, 10:00 PM

#

I get that, but it has to in the scenario. The generic card swiper requires that because they don't work with the stripe card element

#

because I can't scrub the returned string of text from the card swipe for the card data and fill the card element with it

#

because it's in an iframe

#

and, like I said, I have it working if I do something like this:
`StripeConfiguration.ApiKey = _sharedStripeSettings.StripePlatformKey;

        var paymentModel = CalculatePayment(transaction.CardAmount ?? 0);

        var options = new PaymentIntentCreateOptions
        {
            Amount = paymentModel.TotalWithFeesStripeFormatted,
            Currency = "usd",
            ApplicationFeeAmount = paymentModel.DataScoutFeesStripeFormatted,
            Description = transaction.Comment,
            Metadata = new Dictionary<string, string>(),
            Confirm = true,
        };
        options.AddExtraParam("payment_method_data[type]", "card");
        options.AddExtraParam("payment_method_data[card][number]", ccNum);
        options.AddExtraParam("payment_method_data[card][exp_month]", expMonth);
        options.AddExtraParam("payment_method_data[card][exp_year]", expYear);
        options.AddExtraParam("payment_method_data[card][cvc]", cvc);
        
        var service = new PaymentIntentService();

        var requestOptions = new RequestOptions();
        requestOptions.StripeAccount = _parishStripeSettings.ConnectAccount;
        var response = await service.CreateAsync(options, requestOptions);`

#

I just want to be able to do that on the client without having to expose my Api key

noble fossil Dec 12, 2022, 10:04 PM

#

Right, the above is possible but any requests to create PaymentIntents should only be done server side so you don't expose your secret key.

eternal glade Dec 12, 2022, 10:06 PM

#

right

noble fossil Dec 12, 2022, 10:06 PM

#

Raw card data will need to be passed to your server if you don't use Stripe Checkout, Elements, and/or the mobile SDKs

eternal glade Dec 12, 2022, 10:07 PM

#

So I can't create the PI on the server, return the client_secret to the client and then pass the raw card data to Stripe with the client_secret and raw card data to confirm the payment?

noble fossil Dec 12, 2022, 10:10 PM

#

That's correct.

eternal glade Dec 12, 2022, 10:12 PM

#

Man... That's a bummer

#

ok thank you

noble fossil Dec 12, 2022, 10:13 PM

#

This comes back to PCI regulations and making sure card data is handled in a secure manner

eternal glade Dec 12, 2022, 10:13 PM

#

Sure. I get that. It pushes the PCI compliance onto us, and you all can't be sure we'll handle it properly

#

I get it

#rnash