elitemobile0301 | Stripe Developers | Page 1

cinder sedgeBOT Jun 15, 2023, 4:46 AM

#

steep root Jun 15, 2023, 4:47 AM

#

Hello orakaro,

#

Nice to meet you here

#

Now I am integrating Stripe API into my Android App

#

I am calling stripe apis directly with my google firebase functions

#

For payment methods, if i call stripe api directly, it will make any risk?

#

It does need PCI compliance?

marsh flare Jun 15, 2023, 4:50 AM

#

If you don't expose the card information anywhere then you are good

#

What do you use in Android app? Stripe SDK?

steep root Jun 15, 2023, 4:51 AM

#

I am using Stripe API

#

because Stripe SDK doesn't provide some details for Payment Method such as fingerprint

#

When I create payment method, I called a function in Stripe SDK, but to retrieve payment method, I called stripe api directly

#

fun ApiClient.stripeCreatePaymentMethod(
stripeCountry: StripeCountry,
card: Card,
listener: StripePaymentMethodListener?
) {
PaymentConfiguration.init(QEXApplication.context, stripeCountry.publishableKey)

val metadata = mapOf(
    "card_mode" to card.cardMode.rawValue,
    "card_holder_name" to card.cardHolderName,
    "is_pin_verified" to card.isPinVerified.toString()
)

val cardNumber = card.cardNumber
val expMonth = card.expMonth
val expYear = card.expYear

val cardParams = CardParams(cardNumber, expMonth, expYear, metadata = metadata)

val paymentMethodCreateParams = PaymentMethodCreateParams.createCard(cardParams)

val callback = object : ApiResultCallback<PaymentMethod> {
    override fun onError(e: Exception) {
        // Listener;
        listener?.onError(e)
    }

    override fun onSuccess(result: PaymentMethod) {
        GlobalScope.launch(Dispatchers.Main) {
            val stripePaymentMethodId = result.id!!

            // Stripe Retrieve Payment Method;
            val stripeRetrievePaymentMethodResult = stripeRetrievePaymentMethod(stripeCountry, stripePaymentMethodId)

            when (stripeRetrievePaymentMethodResult) {
                is ApiResult.Success -> {
                    // Listener;
                    listener?.onSuccess(stripeRetrievePaymentMethodResult.value)
                }
                is ApiResult.Failure -> {
                    // Listener;
                    listener?.onError(stripeRetrievePaymentMethodResult.exception)
                }
            }
        }
    }
}

stripe(stripeCountry).createPaymentMethod(paymentMethodCreateParams, callback = callback)

}

#

Here is code that I create Stripe Payment Method

marsh flare Jun 15, 2023, 4:53 AM

#

Sorry this doesn't look safe. You have access to card.cardNumber here for example

#

If you accidentally log it somewhere, you will technically be exposed to PCI Compliance

steep root Jun 15, 2023, 4:54 AM

#

I am using custom card field to get card details

marsh flare Jun 15, 2023, 4:55 AM

#

Yes that's where it doesn't comply to PCI

#

because Stripe SDK doesn't provide some details for Payment Method such as fingerprint

#

I don't think so. If you use our PaymentSheet component for example, after you receive the webhook event on backend, you should see fingerprint https://stripe.com/docs/api/payment_methods/object#payment_method_object-card-fingerprint

Stripe API reference – The PaymentMethod object – curl

Complete reference documentation for the Stripe API. Includes code snippets and examples for our Python, Java, PHP, Node.js, Go, Ruby, and .NET libraries.

#

Would that help?

steep root Jun 15, 2023, 4:57 AM

#

Yes, but I have some logic

#

After getting payment method, we need to charge immediately

#

so I need to get card details once it is created

marsh flare Jun 15, 2023, 4:58 AM

#

The PaymentSheet can well do that. It collects and charge right away

steep root Jun 15, 2023, 4:59 AM

#

We can't use PaymentSheet

#

Actually we use third party card readers to get card number and exp date from customer's card

#

My business does need it, so I couldn't use PaymentSheet

#

This will make any risk?

#

Actually It is android pos app

#

Do you have any idea to create pos app using third party card readers?

marsh flare Jun 15, 2023, 5:03 AM

#

No I don't, but I get that you retrieve card information from them before touching Stripe APIs.

steep root Jun 15, 2023, 5:04 AM

#

Yes, I am getting card information from card reader, and then I call Stripe API directly to create Payment Method

marsh flare Jun 15, 2023, 5:04 AM

#

However that stills count as API Direct integration here https://stripe.com/docs/security/guide which requires SAQ-D

Integration security guide

Ensure PCI compliance and secure customer-server communications.

#

You could write into Support for more details

steep root Jun 15, 2023, 5:06 AM

#

Ok, Thank you

#

One question

#

For SAQ D, where can I get it?

#

How it will be done?

cinder sedgeBOT Jun 15, 2023, 5:06 AM

#

steep root Jun 15, 2023, 5:07 AM

#

Hello Alex,

#

Nice to meet you here

violet thistle Jun 15, 2023, 5:07 AM

#

hello! if you reach out to Stripe Support - https://support.stripe.com/contact, they'll be able to advise you on that!

steep root Jun 15, 2023, 5:08 AM

#

Yes, sure

#

I will contact them too

#

Before contacting them, I would like to know more things

#

Do you have any experience with SAQ D?

violet thistle Jun 15, 2023, 5:09 AM

#

unfortunately not, we mainly help with developers who want to integrate directly with the Stripe API here on this channel which is why we recommend reaching out to Support with your questions about the SAQ D

steep root Jun 15, 2023, 5:10 AM

#

Ok, I see

#

So When I call Stripe API directly for Payment Method, It will make any risk?

#

It does need any PCI compliance?

violet thistle Jun 15, 2023, 5:14 AM

#

I'm sorry but I don't really understand the question. I would really recommend that you reach out to Support for help

steep root Jun 15, 2023, 5:15 AM

#

ok, I see

#elitemobile0301