landfight | Stripe Developers | Page 1

mighty pantherBOT Feb 23, 2024, 9:23 PM

#

formal geode Feb 23, 2024, 9:23 PM

#

Require them to login via email

#

Then only allow 1 trial per email

#

Basically have logic in your application to prevent creating a new session if they already trialed

near zinc Feb 23, 2024, 9:24 PM

#

so when they reach the checkout page, they have to login via email and then i configure it in the dashboard to only allow 1 trial in the email?

near zinc Feb 23, 2024, 9:25 PM

#

formal geode Basically have logic in your application to prevent creating a new session if th...

can you explain this a bit more? also would love any links to documentation if possible

formal geode Feb 23, 2024, 9:26 PM

#

No this would all need to be in your code

#

Have them sign in on your website

#

Then in your code prevent them creating a new session if they've already trialed

desert cairn Feb 23, 2024, 9:27 PM

#

@near zinc an user can make your app easily think that he is not the person from the previous trial, because after deleting cookies and using proxy or vpn your app cant know anything about that user, to force them to log in will make it more difficult as they need different emails verified to acquire the trial, also add SMS verification that way not many can abuse your trials

#

sms auth will purify it alot for many, not all

near zinc Feb 23, 2024, 9:29 PM

#

yeah so currently users sign in via magic link email or via oauth with google and discord login

desert cairn Feb 23, 2024, 9:29 PM

#

creating emails is easy, so still he can abuse with different mails and using proxies, so your app cant know that he was the person from previous , abusing your trials

#

add SMS TOTP auth when registering

#

so it becomes difficult for him to abuse your trials

#

he still can use temp sms but ye you cant do anything more

#

maybe use a CDN for machine learning analysis over incoming traffic so persist knowledge over different ASNs

#

it will be difficult for you to do that all by your self

near zinc Feb 23, 2024, 9:32 PM

#

what's the easiest way for me to prevent them from doing this in the future without compromising the UX / friction of creating an account or logging in?

also thanks for the help @desert cairn

desert cairn Feb 23, 2024, 9:34 PM

#

assuming your app is not static and completely synced with your backend server then maybe using those

#

but if your not that big of a company what ive said earlier, force them to login, email and sms totp auth that would be good enough

near zinc Feb 23, 2024, 9:36 PM

#

i was thinking if they already have a stripe customer id in our db (which is only inserted when a checkout is completed) cant i just block them from reaching that checkout page? since i can assume they have already trialled, but this wouldn't work if they create accounts with other emails correct?

desert cairn Feb 23, 2024, 9:37 PM

#

it is up to you but to give appropiate suggestions can you tell me about if your app is static or synced with a backend server

#

bcs your backend server gotta make unique JWT's accross all users and from that user specific token so you should grant/load user specific access from your API from your app by sending network requests to your APi from where you load functionality...

#

and your app can only persist knowledge of a user if he doesnt change ip, doesnt delete app data(on phone)/cookie

#

so forcing them to create account to appeal for a trial together with a forced SMS TOTP auth will make a standard user unable to claim multiple trials

mighty pantherBOT Feb 23, 2024, 9:51 PM

#

opal jasper Feb 23, 2024, 9:58 PM

#

Catching up, give me a bit of time

#landfight