#LucidLaw
nocturne orbit
rose nimbus
Hello ๐
In order to perform 3DS auth, the customer has to be on-session (present) and need to authenticate via the model. There isn't a way to perform auth via the API.
If you've setup the subscription integration correctly then you should only expect to see 3DS prompt for the first payment. After that, stripe would attempt to create subsequent payments by telling issuers that the customer isn't present (off-session). Which shouldn't prompt for 3DS auth
however, issuers/banks control when 3DS is required
young hemlock
Thank you so much for your response
rose nimbus
NP! ๐ Good luck
young hemlock
Sorry, what do you mean by "customer has to be on-session"
You mean in the wesbite?
rose nimbus
yes, think of it as customer going through check out
young hemlock
So bottomline, I can't use the curl APIs to complete a 3Ds purchase/subscription
rose nimbus
that's correct, the customer would need to complete 3DS auth (can't be done by the merchant)
young hemlock
So what are my options? We have tried the JS checkout where it generate the stripes card form and works really fine. We can complete with 3d cards
But what we to do now is let the users manage their cards as well
Like they have 3 cards
And they have a default card, we want to use that card for the payment. We don't want them to be typing the details again in the form
Would it be possible to achieve it?
rose nimbus
Have you had a chance to look at customer portal?
https://stripe.com/docs/customer-management/integrate-customer-portal
It allows your customers to manage their payment details
This page has the overview of the features
https://stripe.com/docs/customer-management
young hemlock
No I haven't thank you for this, I will check it.
We we're kind a expecting to be all API based for our subscription feature
so we can also use it for our apps
but it seems like its not possible
To get you an idea on what our flow is.
- User 1 is Mentor, he charge $5 per month for subscription
- User 2 is student, he has multiple cards
- User 2 subscribe to Mentor and during payment he choose what card to use for payment
I just check the customer portal, thank you again for this, but I think this is not where we want to go.
We would just like to create a subscription feature but having an option to choose cards
Is there any other way we can accomplish this?
Apologies for this, we are new to stripe.
rose nimbus
No problem at all ๐
When you say user 2 has multiple cards, how exactly are you storing them? Are you using SetupIntents for this?
young hemlock
What we have done so far is
- create a token (using all card informations)
- then attach that token to customer
- so now customer now has cards
then during subscription, we're expecting to use a selected card id (example card_1MHRhSLlkdPoC87spmLIP9oj) to complete a purchase
We haven't tried SetupIntents, exactly what I'm trying to understand now but seems pretty complicated if using the API.
rose nimbus
Just to double check, are you creating card tokens by passing in raw PAN?
https://stripe.com/docs/api/tokens/create_card
If so, you may be responsible for PCI compliance that may be required.
young hemlock
Correct.
first, generate token from the card details
https://api.stripe.com/v1/tokens
then attach to the customers
https://api.stripe.com/v1/customers/cus_n1erVnfBrrxtbq/sources
young hemlock
If so, you may be responsible for PCI compliance that may be required.
thank you for this, yes the marketing mentioned this as well.
rose nimbus
Yeah I'm not sure how 3DS would work with this exactly since it uses Sources API (which has been deprecated)
My understanding is that if 3DS is prompted by the issuers/bank then the customer would have to be present (on-session) to complete it.
Same goes for the newer APIs such as PaymentIntents and SetupIntents (which Subscriptions API uses)
young hemlock
Yes correct, I think we will use the JS for this, but my question now is
during the payment, instead of putting the bank details on the form, would it be possible to skip that and use the user's cards?
rose nimbus
You can list customer's existing sources by calling the API and then either set the selected source as default on the customer OR set the selected payment method as default_payment_method on the subscription creation
https://stripe.com/docs/api/subscriptions/create#create_subscription-default_payment_method
Does that help @young hemlock ?
young hemlock
to confirm, it is different from default_source?
what is the example value for that?
it says here "This takes precedence over default_source"
sorry late reply, was reading and testing it as we speak
molten saddle
default_payment_method is basically the same thing but it uses our newer Payment Methods API. So if you have both set it will try using the default_payment_method instead
Oh and I see you already got that and are testing, sorry misread that a bit
young hemlock
Okay thank you for that.
"You can list customer's existing sources by calling the API and then either set the selected source as default on the customer "
- thank you for this but I'm actually going back to my problem
I did this, I already selected a source but it doesn't work if the source (card) is a 3Ds
as you guys mention, it won't be possible via APIs
when doing a subscription with a 3Ds card
POST
https://api.stripe.com/v1/subscriptions
- customer
- items[0][price]
this is the response
"code": "subscription_payment_intent_requires_action",
"message": "Payment for this subscription requires additional user action before it can be completed successfully. Payment can be completed using the PaymentIntent associated with subscription.latest_invoice. Additional information is available here: https://stripe.com/docs/billing/subscriptions/overview#requires-action",
molten saddle
Can you try passing off_session=true when making your subscription update call? https://stripe.com/docs/api/subscriptions/update#update_subscription-off_session
young hemlock
okay let me try
molten saddle
Actually on second thought, that will only be appropriate if the user is not around on your website when you are making that call. I am looking in to what to do when the user is with you and you need to update their subscription like this
young hemlock
Still the same response after passing off_session=true
Okay thank you so much, I'm looking as well. We are really stuck on this for 2 weeks now
molten saddle
Can you try payment_behavior=pending_if_incomplete? https://stripe.com/docs/api/subscriptions/update#update_subscription-payment_behavior
young hemlock
okay let me try
molten saddle
You may end up wanting to use a different payment behavior, but I think this may be it. It tells the subscription how to react if the customer can't pay immediately
young hemlock
"message": "Setting payment_behavior to pending_if_incomplete has no effect when creating a subscription.",
this is the response
"allow_incomplete" works
but I'm trying understand now why
checking dashboard...
molten saddle
Actually, I just realized I may have misread your problem initially. Was there a reason you couldn't get your user to complete the 3DS auth on that latest invoice? For some reason I initially read this as things completely erroring out, but that actually sounds like it worked and you may just need to get the user to complete that payment
young hemlock
Okay, how can I get the user complete that payment?
No worries about misreading it
I might have not explained it clearly as well
molten saddle
You have a couple of options. You can send the user to your website and display the 3DS modal to them there. Basically you would take the payment_intent from the latest_invoice on your subscription and go through this flow with it
https://stripe.com/docs/payments/3d-secure#when-to-use-3d-secure
Or you can use the invoice's hosted_invoice_url which is a stripe hosted page where they can complete the payment. There is also a setting in your dashboard for us to automatically send out a link like that whenever a subscription payment needs 3DS auth https://stripe.com/docs/billing/subscriptions/overview#requires-action
young hemlock
thank you so much
I'm checking now
Okay I just tried "hosted_invoice_url"
and it works pretty fine
but does user really need to input the card information again?
checking the other option now..
molten saddle
They shouldn't need to put in the full card details again as far as I know. If the payment_intent is in a requires_action state, the hosted invoice page should just have a button that brings up the 3DS modal I believe. Would you mind setting up another invoice like this and sending me the ID?
young hemlock
Okay wait
in_1MHUmGLlkdPoC87sQCLa6aKb
this is the card being auto fill on the form
but I used this card number "4000000000003063"
mm/yy and cvc is wrong as well
or this is because its all a test?
molten saddle
I thought it should work even in test mode. Looks like your invoice is in the right state as well. Looking in to if I was right about what should happen here. I could have sworn there was a very easy way to do this with the stripe hosted invoice page...
young hemlock
thank you
I'm checking now as well
I think I found it now
the value of
next_action.use_stripe_sdk.stripe_js
gaves me the URL like
https://hooks.stripe.com/redirect/authenticate....
and it was the confirmation form
molten saddle
Yeah, so if you bring a user to your page and call handleNextAction on the payment intent's client secret, Stripe.js will direct them to complete 3DS on that payment