baller | Stripe Developers | Page 1

heavy groveBOT Jun 5, 2023, 4:50 PM

#

valid bluff Jun 5, 2023, 4:50 PM

#

Hi 👋

What kind of Tokens are you trying to pass?

buoyant creek Jun 5, 2023, 4:51 PM

#

these are django authorization bearer tokens passed in the Authorization header, my backend uses this to authorize requests

#

I also pass a sessionid cookie, django uses this for user sessions

#

I successfully pass this information through the metadata for the payment intent, I just wanted to know if its secure or recommended to do this. Is the metadata or the request stripe sends encrypted? Is it okay to send secure info over this?

valid bluff Jun 5, 2023, 4:53 PM

#

This data should be safe to pass in metadata on the Payment Intent. The webhooks are sent as TLS encrypted POST body data.

buoyant creek Jun 5, 2023, 4:53 PM

#

ok very nice thanks

#

I had one more question, its maybe more django related but was hoping you could help

#

I'm having trouble actually calling my API, I have the tokens and auth header, and I try to manually create a request and call my view with it, however I get 401 error, saying the session is invalid. I'm not sure why this is happening, as I grab the session and pass that information through metadata. Maybe I'm not sending the session properly in the request? I send it as a cookie sessionid=value, and that works.

donate_sub_request = HttpRequest()
            donate_sub_request.method = 'POST'
            try:
                # donate_sub_request.POST = {'from_account': checkout_session['metadata']['from_account'], 'to_account': checkout_session['metadata']['to_account'], 'amount': checkout_session['metadata']['amount']}
                print(f"payment metadata: {checkout_session['metadata']}")
                donate_sub_request.META['HTTP_AUTHORIZATION'] = f"Bearer {checkout_session['metadata']['token']}"
                donate_sub_request.META['HTTP_COOKIE'] = f"sessionid={checkout_session['metadata']['sessionid']};"
                donate_sub_request.META['HTTP_CSRFTOKEN'] = get_token(donate_sub_request)
            except KeyError:
                print("key metadata doesn't exist, make sure metadata is being passed to event")
                return JsonResponse({"success": False, "message": "key metadata doesn't exist, make sure metadata is being passed to event"}, status=400)
            if checkout_session['metadata']['payment_type'] == 'payment':
                create_donation_view = CreateDonationView.as_view()
                donate_sub_request.POST = {'from_account': checkout_session['metadata']['from_account'], 'to_account': checkout_session['metadata']['to_account'], 'amount': checkout_session['metadata']['amount']}
                response = create_donation_view(donate_sub_request)
                print(f"response from server: {response.status_code}")
                print(f"response content: {response.data}")```

#

Is there maybe an easier way to do this and get past auth since I'm calling it from my server

#baller