#Amer Bearat

hello! can you share the request ids of each?

it'd look like req_xxx [0]

[0] https://stripe.com/docs/api/request_ids

req_q18WyNONXybOXX

this is not retuning charge object list

req_OeQ5rAP4HIKXzg

this is retuning

their totally different projects

the api version of that req_q18WyNONXybOXX is 2022-11-15.
the api version of req_OeQ5rAP4HIKXzg is 2020-08-27.

In v2022-11-15 : https://stripe.com/docs/upgrades#2022-11-15
Charge no longer auto-expands refunds by default. You can expand the list but for performance reasons we recommended against doing so unless needed.

Generally, i recommend that you always explicitly specify the version when you initialize Stripe : https://stripe.com/docs/api/versioning

I'm calling stripe rest API to Create Customer. Then, Create Payment, Then, Attaching payment method to Customer. Lastly, creating payment intent. I'm using 4 API calls. are there any of those steps I can combine?

I'm calling stripe rest API to Create Customer. Then, Create Payment, Then, Attaching payment method to Customer. Lastly, creating payment intent. I'm using 4 API calls. are there any of those steps I can combine?

You can attach the PaymentMethod to the customer at the same time the customer makes payment. You can look at https://stripe.com/docs/payments/save-during-payment

the main bit here is to include setup_future_usage=off_session

is it something like this:

String paymentIntentBody = 'amount=' + AMOUNT +
'&currency=' + CURRENCY +
'&payment_method_data[type]=card' +
'&payment_method_data[card][number]=' + CARD_NUMBER +
'&payment_method_data[card][exp_month]=' + CARD_EXP_MONTH +
'&payment_method_data[card][exp_year]=' + CARD_EXP_YEAR +
'&payment_method_data[card][cvc]=' + CARD_CVC +
'&customer_data[name]=Steve Simpson' +
'&customer_data[email]=ss@test.com' +
'&confirm=true' +
'&setup_future_usage=off_session';

is there a reason why you're passing in raw card data when creating the PaymentIntent?

We are implementing the solution in Salesforce and does not support .js library

We have to create payment method using api

i'm not entirely certain what that means, but just so you're aware, if you collect raw credit card numbers in your custom form and then use the Stripe API directly to tokenize the cards, you become subject to the full PCI compliance standards. In your case this means you’d have to submit a SAQ D form annually to prove that you are PCI compliant [0]. It’s a 40 page form and typically, not a headache most companies want to be dealing with.

[0] see https://stripe.com/docs/security/guide#validating-pci-compliance under "API Direct" as this is what your integration would be classified as.

oh good know thank you

so we have to use the library

you seem to be missing the customer id in what you pasted

In order be PCI compliance we have to use stripe provided form and use Stripe.js library?

you can choose not to use stripe.js and still be PCI compliant. It's just more onerous to prove that you're PCI compliant

Do you have documentation i can follow to be PCI compliant?

i suggest you go through this page : https://stripe.com/docs/security/guide#validating-pci-compliance

btw i did not include the customer id cause i did not create a customer yet. i thought you said in this one api call we can do the 3 things create custom, create a payment method, and create payment intent.

uh no, i think there's a misunderstanding.

You can attach the PaymentMethod to the customer at the same time the customer makes payment. You can look at https://stripe.com/docs/payments/save-during-payment

You'd want to refer to the guide for the exact steps - you need to create a Customer first, then create a PaymentIntent (with the PaymentMethod details if you already have them) and Customer id