#zzking

Yes it's not populated but it should be set. Note that specifying off_session = true when confirming PI meanings telling Stripe this is an off_session transaction

when you say "confirming", do you just mean "create a paymentIntent on Stripe" ?

I mean the step of Confirm a PaymentIntent. There are basically 2 steps: Creating PaymentIntent vs. Confirming PaymentIntent

Set off_session to true to indicate that the customer is not in your checkout flow during this payment attempt—this causes the PaymentIntent to throw an error if authentication is required.
ie. look at this example ruby code, you see off_session = true and confirm = true

  intent = Stripe::PaymentIntent.create({
    amount: 1099,
    currency: 'jpy',
    customer: '{{CUSTOMER_ID}}',
    payment_method: '{{PAYMENT_METHOD_ID}}',
    off_session: true,
    confirm: true,
  })

yes, I set confirm as true . Do you have any examples of how to "confirm" the paymentIntent from our side ?

OR do you mean by setting "off_session:true". and "confirm: true" I already finish the two steps that you were referring to ?

Yes I mean you already finish 2 steps above! Just a note!

cool, thank you. In the test that I made (setting off_session to true and confirm in the paymentIntent ) , I did receive a payment_intent.payment_failed event , which is expected since I was testing with a 3DS required card. But at the same time I see there are other ways to setup the off_session as well . For example I can also do "setup_future_usage: 'off_session' " as indicated here : https://stripe.com/docs/payments/payment-intents . But if I do it this way, then I don't receive a payment_intent.payment_failed anymore after I created the paymentIntent, instead I received a payment_intent.requires_action event.. So.. which way exactly should I use to indicate the paymentIntent is "off_session" ?

I think you mixed it up. The ideal flow is

1. In your first request with Customer online, use setup_future_usage = off_session. This tells Stripe "Okie here is first time, I have the Customer online and ready to let them authenticate". We then move the PI to requires_action and give you instructions
2. Next time on your 2nd requests, you use confirm = true and off_session = true. This tells Stripe "Okie this is the 2nd time, I have this Customer already authenticated as I told you". Then we will try to proceed with it. Still the bank can still decide to request authentication and it could be failed

thanks for your answer. Actually our use case is : our customers would like to store their clients' card details and then charge them later either on a regular base or ad-hoc base. So ideally we would like to

1. Enforce a SCA when customer's client's enter their card details for the first time (WITHOUT any payment, though),
2. Afterwards our customer would be able to collect payments from their clients based on the saved card details.. and I'm aware SCA could still happen in this case, but with "off_session: true" it should be regarded as a merchant-initiated transaction, so hopefully SCA will only be triggered rarely.

I'm searching Stripe docs myself. And I found this :https://stripe.com/docs/payments/save-and-reuse (setup Intent). TBH I'm a bit confused which API should I use for my use case . SetupIntent ? PaymentIntent ? or either is fine ? From what you described to me, it seems PaymentIntent should be enough ?

Hey! Taking over for my colleague. Let me catch up.

The guide you shared is a very good start, and it looks like covering your use case.

You'll be using SetupIntent APIs first to collect the payment method

the you'll use the PaymentIntent API to charge the customer off session

Then your colleague's reply seems to suggest I can use paymentIntent API to collect the payment method. Is that so ?

1. In your first request with Customer online, use setup_future_usage = off_session. This tells Stripe "Okie here is first time, I have the Customer online and ready to let them authenticate". We then move the PI to requires_action and give you instructions

Yes my colleague suggest you to use just the PaymentIntent APIs, which is for saving payment method during a payment:
https://stripe.com/docs/payments/save-during-payment

It's up to you to use what is best for your use case. When using SetupIntent you don't charge the customer just collecting the PaymentMethod. While when using PaymentIntent following the second guide, you charge the customer and you save their payment method for future usage

I see, since we're not charging them when we collect payment details , probably I will start from SetupIntent. One thing to ask/confirm : is it true that as long as customer's clients authenticate the card when they enter the credit card details for the first time, then the chance that SCA would still happen afterwards should be rather low ? (I know it might still happen from time to time)

Yes but you need to expect that sometimes the bank issuer may request another authentication.

thanks. when you say "that sometimes the bank issuer may request another authentication." , do you just mean "although the chance of SCA happening is low after clients authenticate the card for the first time, SCA could still happen in the later payments " ?

yes

great, thanks for the help. I will dig further and most probably come back with more questions 🙂

Welcome!

Hey, taking over here. Let me know if there's any follow-up Qs I can answer!