#DaanVDH

Hi 👋 sorry, but I don't immediately recognize CardAwaitNotification, would you mind pointing me to where you're seeing that?

type PaymentIntentNextActionCardAwaitNotification struct {
    // The time that payment will be attempted. If customer approval is required, they need to provide approval before this time.
    ChargeAttemptAt int64 `json:"charge_attempt_at"`
    // For payments greater than INR 5000, the customer must provide explicit approval of the payment with their bank. For payments of lower amount, no customer action is required.
    CustomerApprovalRequired bool `json:"customer_approval_required"`
}
``` It's in the go SDK

type PaymentIntentNextAction struct {
    AlipayHandleRedirect            *PaymentIntentNextActionAlipayHandleRedirect            `json:"alipay_handle_redirect"`
    BoletoDisplayDetails            *PaymentIntentNextActionBoletoDisplayDetails            `json:"boleto_display_details"`
    CardAwaitNotification           *PaymentIntentNextActionCardAwaitNotification <------- Here       `json:"card_await_notification"`

👋 Hopping in to help!

Good evening

Can you clarify what docs you're following/what you're trying to do? card_await_notification doesn't involve redirecting to a URL at all -it just gives information on when the next attempt will happen and whether approval is needed or not (see https://stripe.com/docs/api/errors#errors-payment_intent-next_action-card_await_notification)

I'm trying to figure out, what needs to happen when a user pays with a card and their bank requires them to confirm the payment in their App/ on their website. I thought that was where CardAwaitNotification was for but apparently it's not.

I couldn't really find any info on this

What you want is RedirectToUrl and you need to reading through https://stripe.com/docs/payments/3d-secure#when-to-use-3d-secure - but really I would strongly suggest using our Stripe.js library for this and not handle the flow yourself.

What are the advantages or using the stripe.js library? I've already setup the RedirectToUrl logic like this:

                
if pi.NextAction != nil {
                    switch pi.NextAction.Type {
                    case stripe.PaymentIntentNextActionTypeRedirectToURL:
                        sm.RedirectUrl = pi.NextAction.RedirectToURL.URL
                        sm.RequiresAction = true
                        sm.RequiresRedirect = true
                    default:
                        sm.RequiresAction = false
                        sm.RequiresRedirect = false
                    }
                } else {
                    sm.RequiresAction = false
                    sm.RequiresRedirect = false
                }```

If you want to expand to other payment method types it gets unwieldy to handle all the different possible actions yourself

I'm only using Card, iDeal, Bancontact and Giropay at this point, for those you wouldn't need any of the other redirect flows right?

I believe those are all ones that only emit redirect_to_url as a next_action and you're welcome to keep using this, but there are definitely other Payment Method types that require other actions

It's ultimately up to you - I do think you'll find it easier to use Stripe.js (we also document these flows better) but if manually redirecting is working for you then feel free 👍

I'm probably sticking to those 4 methods in the foreseeing future, the main drawback I have with using the JS SDK is the limited styling options, so I'll probably stick to manual redirects, thanks for your help!

one last thing before you go - if you're using your own UI for accepting card details then you're going to want to look into PCI compliance (https://stripe.com/docs/security/guide#validating-pci-compliance)

I'm doing all the payment stuff over WSS and I'm not persisting anything but the payment method, I should be good right?

I don't know what WSS is, but if you're sending the raw card details to your server then you definitely need to be double checking your PCI compliance

It's like HTTPS for web sockets, so everything is encrypted

You'd still need to fill out the SAQ-D form though - it doesn't matter if you don't store the data, if you're sending the raw card details to us on your own then you have to meet the SAQ-D bar (definitely read through https://stripe.com/docs/security/guide#validating-pci-compliance)

I'll give it a good read, thanks for the help