#newb1

So is the card element in the iframe but your keypad is outside the iframe?

the card element is your api, inspecting shows its in an iframe

the keypad's on my site, as is the form

keypad works for all other fields in my form

just can't target the card elemtn field

Gotcha. I'm not sure if this is possible actually. Let me check with a colleague

fyi like so

k

sidenote, kiosk server is win10 pro, can't use native on screen keyboard because extraneous keys like tab and space and other methods of circumventing broswer lock

this appears to be a xss issue

So I discussed this some with a colleague and they think that programmatically filling in the card element is blocked in the same way that we prevent the card element from being prefilled with card details (for security purposes)

programmatically?

Yeah assuming you're attempting to programmatically fill in the card element with javascript, no?

Based on input to the keypad

no

yes

but that's not the issue, native on screen keyboard works fine

Because that's a native device keyboard. Your jquery one is attempting to use javascript to fill in the card element, right? So behind the scenes it's different

the javascript isn't filling in the field

Oh

How does it work then

the js just creates the keypad

users have to type characters

I understand. But since the keypad is created with jquery within the webpage, it must use javascript to fill in the fields with each typed character, right?

yeah

i guess that's a way to look at it, but again, that's not the issue

it's the iframe that's blocking it

due to xss

ok talking myself in circles, that is a js issue

i get it, but what's the solution

wait doesn't android etc osk use js?

why does android native osk work?

I don't know if it will be possible currently with our security precautions. I can open up an issue internally to get folks to check on this/provide input, but it may be a bit before I get a response. So, I recommend you write into support: https://support.stripe.com/contact/email and mention my Discord handle: codename_duchess so that I can grab the ticket and provide you with an update when I hear back

The android keyboard is a native keyboard even though it's onscreen (in the same way windows can have a native on screen keyboard)

what other options are there for this situation then

i looked at payment links

but it's all capture, i just need to auth

i use setupintents, not payment

otherwise that'd be a great solution

Wait how would payment links solve this problem?

instead of card element it would be a qr code the user could scan

but in looking at it, code sends to a payment page

no option that i could see to just auth, not capture

even if i went with capture, it charges minimum .50

so can't set capture to zero

unless i'm missing it, is there a way to have a payment link that only authorizes?

will likely use payment links in this manner now that i know about it though

So after you collect the customers' payment info, how long after are you going to capture funds for the payment?

it's not a capture, it's an auth

the only time it ever gets captured is if they don't show for the reservation, which is rare

that's why setupintents api is used

Gotcha. But how long after the auth would you capture in that scenario

Or can it vary wildly

Will it ever be > 7 days

well successful capture depends on the user's bank as you know

Yeah

but we've never lost a dispute

All I'm asking is what's the max possible amount of time between your auth and capturing their funds

If they don't show for a reservation

i don't have a specific memory of the longest time delta, i think one was two months later

too rare to recall

Ah ok

So separate auth and capture with payment links isn't an option then

and the capture is done in the stripe dash as creating a charge

think you're thinking subscription with delayed capture

No I'm not. Just separate auth and capture with a single payment

That would be an option if the time delta is a max of 7 days

But not an option for you

If you're ok with implementing your own qr code you could use a checkout sesion: https://stripe.com/docs/payments/save-and-reuse

that's basically what i'm doing now, setupintents

Yeah so that could be an option, but there's not a built in qr code like with payment links

You'd need to implement it yourself

ok but how do i do that

obviously i can create a qr code

but what would it point to

and how would it capture the card details and put them in our dashboard

k wait let me think about that for a second

youre saying create like a qr code which when scanned, would send user to a page on their device

where they could use whatever payment source

(like in payment links)

but that page would have the card element in it

api that is

You could do it that way if having a user pay on their device is acceptable for your flow

You wouldn't need to use the card element. You could use a checkout session if you like

But either way works

checkout session i guess

as it's not a payment

Well you can use Sessions or Elements. Either would work with SetupIntents

is there anything in the docs about nfc

i couldn't find

that owuld be the best solution, attach an nfc reader to the kiosk and let them scan their card that way

but not sure if stripe api grabs that

That would be our terminal product: https://stripe.com/en-gb-us/terminal

For accepting in person payments

This is what the flow would be for you: https://stripe.com/docs/terminal/features/saving-cards/overview

is it weatherproof

I don't think so but not sure

k will look into it, thanks for your assistance