#techbond_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1219224334040825946

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

But the Stripe dashboard is saying that some payments made by sending card details directly to Stripe
Can you share a screenshot please ?

Why you are using tokens ? and not using Stripe PaymentSheet ?

You need to follow this guide:
https://docs.stripe.com/payments/accept-a-payment?platform=react-native

Can you share one of those charge Id ?

?

I am currently working on a company, and fixing this issue

ch_3Ou1DsGyjGYV1j4Z0gvFUsLm

Here is the charge id

And also the dashboard is saying like this

They are sending card raw directly via the API using the /tokens API

You can check this request req_4xeFxCbEP585Ni

So they need to migrate and use PaymentSheet

https://docs.stripe.com/payments/accept-a-payment?platform=react-native

So sending card details directly to Stripe issue is occurding due to PaymentSheet?

And how can I check this request?

https://dashboard.stripe.com/logs/req_...

But in this request, I can not find the card details. I can only see last 4 digits of Card Number

Yep, we don't expose full card details via the API

Hi Ynnoj. I know, but as you can see on above screenshots, the dashboard is saying that some payments made by sending card details directly to Stripe

OK, seems correct based on the request my colleague shared. You need to migrate your extension to use your payment UIs, like Payment Sheet, to adhere to PCI compliance

We will obfuscate them in the Dashboard so not to expose the card data again

Okay, I will check the codebase again if we are using PaymentSheet or not.

So you mean, if we are using PaymentSheet, we can avoid sending card details ?

Yes, you'd be using our embedded UI components to collect the data from customers in a PCI compliant manner so you won't handle the card details directly

Of course, we are using embedded UI components

Not according to this request: https://dashboard.stripe.com/logs/req_4xeFxCbEP585Ni

let me check

You're collecting card data somewhere and then using an Android SDK function to tokenize those card details via the API, which is flagging the PCI compliance requirement

Okay, I will check the codebase again, and will be back here

Thank you

This is that part you were saying that we tokenize card details?

@abstract kelp ?

Seems that way yes

So we need to avoid using this function?

Well you should avoid handling raw card data entirely. Seems like you're persisting it in state via the setValidPaymentData hook/state?

Wherever you're collecting card data there and setting it

Yeah, don't do that. If you're using RN: https://docs.stripe.com/payments/accept-a-payment?platform=react-native&mobile-ui=payment-element

Okay, Thank you. @abstract kelp

🙏