#maaaaaaaaaaah_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1219681634580697108

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• maaaaaaaaaaah_api, 4 days ago, 20 messages

Hi 👋

I am currently not using the checkout or other stripe elements, I am storing the card id (not payment method) based on the stripe token that Stripe v2 sends back. If possible, I'd like to keep using the cards without implementing a PaymentMethod.

Would it be possible to have the PaymentIntent and CVC check happen on the server-side without any frontend elements?

Hi @kindred lantern , thank you for the help!

No that isn't possible

Does it mean that I need to have:

• A SetupIntent (server-side);
• A PaymentMethod (not only a customer card);
  and
• A PaymentIntent.

So I can send the cvc value and have it be validated?

If that is true, how should one handle such PaymentIntent if server-side validation is needed?

Should I use the 'confirm' and 'confirmation_methods' in a way I manually trigger it? If so, do you know if the CVC check would happen right after such PaymentIntent goes through?

Sorry it's not clear what you are trying to do.

CVC checks are short lived and cannot be stored (even by stripe).

Sorry, I'll try to be more clear, one moment.

I am currently using stripe api v2 to create payments, these payments happen on the server-side after the order has been validated. The resources used would be v2 resources, such as, Charge, Customer, Card, etc.

From there, a new request appeared, that is to require 'cvc' validation for the card as part of the checkout workflow.

With that, I read the stripe docs and noticed I could use a cvc_update token through the PaymentIntent but it did not work because I needed to further specify other properties that I do not know yet the best practice, those properties would be regarding setting up the 'confirmation_method/confirm' properties to be manual and etc, the error message I got back was "The parameter payment_method_options[card][cvc_token] cannot be used when creating a PaymentIntent unless confirm is set to true.".

From there, I reached out here via another thread, I then stopped investing time in the solution above and went with the SetupIntent > PaymentMethod > PaymentIntent > Card element workflow from the request id above. After that, it does seem that the payment and therefore charges are created but no cvc validation happened (it is understandable given I'm on test mode)

I'm not sure what you mean by V2 resources. Charge, Customer, and Card are all in the /v1 space

I now would like to understand if one can validate the CVC without introducing the cards or other elements from StripeJS (client side) and have it all happen via backend

Also we recommend using the most up-to-date Stripe.js

I'm not sure what you mean by V2 resources
I meant the script we need to add in order to have access to Stripe in the client side and methods such as Stripe.createToken({})

SetupIntent > PaymentMethod > PaymentIntent > Card
This also makes no sense and is bad practice

If you are going to process a payment youl should create/save the payment method at the same time

Also we recommend using the most up-to-date Stripe.js
I am in the process of that now, but would like to keep the previous code working while adding an extra layer on the fraud part by recollecting customer's cvc and have Stripe validate from there

This also makes no sense and is bad practice
I was under the impression that the best case scenario would be to setup a intent and have the PaymentMethod be configured from there and that I'd need to inform the cvc value at a later point when creating the PaymentIntent

thank you for pointing that out

Given the context that you just provided and the fact that I'd like to change only the 'Payment' part of it all.

Is there any straightforward way of recollecting/validating the CVC? My goal is to keep using Customer, Charge (I can get this one from PaymentIntent) and Card while having the ability of informing and validating the cvv before the order is saved to the database

Well, if you are still using an older objects while you work on updating to the latest version of Stripe.js, you could collect the cvc yourself, using a CVC update token https://docs.stripe.com/api/tokens/create_cvc_update, and pass that parameter when confirming a Card payment intent https://docs.stripe.com/api/payment_intents/confirm#confirm_payment_intent-payment_method_options-card-cvc_token

I see, thank you.

I tried to do that but I got the following error "The parameter payment_method_options[card][cvc_token] cannot be used when creating a PaymentIntent unless confirm is set to true." which I did not understood very much.

Does the above mean that I should be creating the PaymentIntent with the confirm property set to true already or that I needed to update some other attribute?

Also, does the result of the above confirmation happens asynchronously as in a webhook call or would I receive the error on spot?

Okay hold on a sec

let's stop

I tried to do that but I got the following error "The parameter payment_method_options[card][cvc_token] cannot be used when creating a PaymentIntent unless confirm is set to true." which I did not understood very much.
You set this parameter when you call the API confirm endpoint

let's stop
Understood, sorry.

You set this parameter when you call the API confirm endpoint
As in the following?

{
  "confirm": true,
  "payment_method_options": {
    "card": {
      "cvc_token": "cvctok_19.."
    }
  }
}

No

right, as the api endpoint, sorry ><

Well... it depends on whether you are trying to create and confirm the payment intent in the same API call

If you want to confirm (as in charge) the payment intent in the same API call as when you create it, then yes you would set "confirm": true

I would like to create/confirm in the same API call, as we speak, 'Charge' is the last part of the order process

Okay then that approach woudl be correct

Alright, understood

Thank you for all of your help and sorry for bothering

I'll proceed with the PaymentIntent and the cvc_token + confirmation options

Tricky questions like this are why we staff this server 🙂

One last question, in stripe v2 we would have the card token be generated via Stripe.createToken({}) is there any alike tool in v3?

Once again, thank you so much

I apologize for any inconveniences caused

👋 hopping in here since snufkin has to head out soon

I'm not fully sure how the v2 version works, but Stripe.js v3 also has createToken w/ card element (https://docs.stripe.com/js/tokens/create_token?type=cardElement)

roger that

Thank you @kindred lantern and @edgy peak for the help

Have a great day / week