#mick23_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1227025222360764439

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• mick23_code, 4 days ago, 48 messages
• mick23_best-practices, 4 days ago, 80 messages

Doing this via API BTW

Via SDK specifically.

I was expecting User Action = Add Card to Account, via SaaS Application - and hence SDK/API, to basically have some kind of Duplicate Card Details Check in place. Not sure if this is just because I'm in Test Stripe Account but seems a bit odd.

i.e. My next step is going to be: SaaS Application - View Cards On Account (via Stripe SDK/API)

I must be missing a piece of knowledge here. Must be more to a Stripe SetupIntent than first seems

Hi, can you share the request id where you're seeing duplicate cards? Here's how you can find a request ID: https://support.stripe.com/questions/finding-the-id-for-an-api-request

1. req_NahyBv7lAIdeEv

2. req_IKSRiIKMAkyLXd

I'm 99% sure I've entered the same details

To be clear here too. Customer Already Exists in Stripe. So I'm basically having a SaaS application to have an Add Card To Account feature. Aka. no payment intent at all.

Taking a look here

Thanks

That's what I'm seeing in the Stripe Dashboard FYI

It looks like you're creating two setup intents independently. You created this setup intent, https://dashboard.stripe.com/test/logs/req_j4WNFNDiYdlhOd at 2024-04-08 22:21:08 UTC and confirmed it at 2024-04-08 22:21:09 UTC. Then, at 2024-04-08 22:33:45 UTC, you created another setup intent https://dashboard.stripe.com/test/logs/req_4mR0smm89eKTj7 and confirmed it at 2024-04-08 22:33:45 UTC. This just means that you went through the SetupIntent flow twice at different time stamps.

So my instant thought is.... yes... but

So I'm in testing mode here

The User Action I'm trying to replicate is basically "Add Card to Accoutn"

So I think what you've said is correc

t

What I'm wondering then, is..., what have I not done? And/or, How has Stripe allowed two "Setup Intents" to happen for the same card details?

This may be where my lack of understanding in the terminology is. My understanding of a "Setup Intent" is basically a situation of "Here's my card details, charge me later" - Which in my mind translates to "Add Card to My Account" - But sounds like this may not be quite aligned.

What am I missing?

Do I need to do something like "Setup Intent 1) Send to Stripe - 2) Save ID in SaaS Application DB - 3) SaaS: If StripeSetupIntentIDExistsInSaaSDB(), Then DoSomething()? ........ I'm not too sure. As clear I can't save the card details to check for duplicates, that's why Stripe exists re. PCI stuff etc.

I'm not clear what I need to do here.

I'm going to be testing this stuff with another 50x of the duplicate card details in the next week alone. But ultimately for a genuine customer, I only want them to be able to add 1x Unique Card to Stripe Account, as I plan to (rightly or wrongly.... please do correct me if my approach is wrong...), have a page in SaaS Application for "My Card Details" which essentially queries Stripe API for the obfuscated list of Valid and Expired Card Details - You know, just like you get on Amazon when buying things.

I see, you would want to look at the fingerprint of the card in this case: https://support.stripe.com/questions/how-can-i-detect-duplicate-cards-or-bank-accounts. Are you able to review this artcile and let me know that is what you're asking?

Just had a skim of that info, and it's fairly brief - doesn't really help

FYI, bit of feedback for Stripe - That terminology for "Fingerprint" is super confusing. In the card of Thumbprint Authentication, ya'll need to think of a new name for that.

But I get the concept now I've read that

So what I'm confused by is, how do I get said "Fingerprint"?

Doesn't seem to be returned by the APIs (and assuming SDKs) for either the Stripe.js or the SetupIntent.server tech.

How do I get this info? Is there docs on how I get this info and/or architect how to save/check this on my SaaS app end?

I'm sure I've missed something in the docs, as they are vast. But I don't recall seeing how I achieve this outcome.

I'm just skimming through the PaymentMethods Object in the API - https://docs.stripe.com/api/payment_methods/object

It is on the Payment Methods object: https://docs.stripe.com/api/payment_methods/object#payment_method_object-card-fingerprint nested under card

Yeah I see that. But that doesn't explain what I need to do to solve this problem.

Seems as though Payment Methods --< Cards

Fairly standard

But when a User is on SaaS Application trying to Add Card To Account, how do I as a developer prevent them doing 2x Add Card To Account, with duplicate card details?

That's the bit I'm not following

I basically need to present to the user "Sorry, the card you have entered is already registered" or whatever.

That is correct, you would store this data internally on your end and then look at the fingerptint of the card and surface a message saying that the card is already registered.

Right ok. So what is the mechanism to achieve this?

So far, I've got to the basic v0.1 of Add Card to Account, as exampled via those two duplicate cards I've managed to add.

What steps do I need to take to prevent this from happening?

It's not clear in the docs.

For reference, here's the code snippets from the docs I've used... (hopefully this copy and pase works...)

public class StripeJavaQuickStart {
public static void main(String[] args) {
Gson gson = new Gson();
Stripe.apiKey = "sk_test_tbc123";

post("/create-intent", (request, response) -> {
  SetupIntentCreateParams params =
    SetupIntentCreateParams
      .builder()
      .setCustomer(customer.getId())
      // In the latest version of the API, specifying the `automatic_payment_methods` parameter is optional because Stripe enables its functionality by default.
      .setAutomaticPaymentMethods(
        SetupIntentCreateParams.AutomaticPaymentMethods.builder().setEnabled(true).build()
      )
      .build();

  SetupIntent setupIntent = SetupIntent.create(params);

  Map<String, String> map = new HashMap();
  map.put("client_secret", setupIntent.getClientSecret());

  return map;
}, gson::toJson);

}
}

Yeah that worked well thankfully

This is a public channel so you should not share your secret key, I know this is your test key but it would not hurt to be careful

Yeah just edited that, thanks for the reminder

If the card is already registered, would you want the customer to add another card? Or, would just want to charge the existing saved card?

It's a good question. And honestly, I don't know in the real world.

For example, I know personally that when I use certain services I choose to use Card A vs Card B as an active choice.

But in this specific setup, I don't think that's particularly relevant.

The workflow I'm aiming to get in place is fairly basic: 1) Create Customer (SaaS + Stripe) 2) Add Card to Account (preventing duplicates) 3) Subscribe to Product using Prefered Payment Method *(TBC as I think Stripe has this, but I'm not on to that point of my learning yet)

So back to basis, PCI stuff asside.... , I'd have a "Customer Credit Card Details" database table, 123 123 123 123 for their card details (etc...) - Which would be a Unique Key. That's basically what I'm trying to achieve here. To prevent duplicates.

It's just 100x more complicated with APIS/PCI/SDKs etc. But the basic principles remain the same.

In this case, if I were you, I would first look at your database and build the UI to surfaced the already saved payment method. Then, you can add a logic to either ask the customer to add another payment method > trigger SetupIntents.

At this stage, after the customer provided the details, you can look at the fingerprints and decide to either save it or surface an message saying that the card was already registered.

Sounds like you're right, but it's that architecture I'm struggling to understand from the Stripe docs.

That is not surfaced on Stripe docs as it's a more advanced flow

At present I have an "Add Card to Account" page in SaaS (I haven't build the Cards In Account page yet... that's my next step)

Think this is the main challenge I'm facing, the Stripe docs are too basic (but very good BTW!) for anything more than basic use

I think the only piece is piece where you need to store the data and the later look to confirm if thet fingerprint already exists.

So for this specifc question, what data would I need to store from the SaaS/SetupIntent API --> Stripe API/SetupIntent Response to the SaaS DB to save a "Fingerprint" of an effective "Pseudo List of Credit Cards" - I'm not following this bit.

This is a snippet from the docs, which doesn't seem to mention the "Fingerprint" (apologies for the formatting)

{
"id": "seti_123",
"object": "setup_intent",
"application": null,
"cancellation_reason": null,
"client_secret": "seti_ABC123_secret_TBC123",
"created": 1678942624,
"customer": null,
"description": null,
"flow_directions": null,
"last_setup_error": null,
"latest_attempt": null,
"livemode": false,
"mandate": null,
"metadata": {},
"next_action": null,
"on_behalf_of": null,
"payment_method": null,
"payment_method_options": {
"card": {
"mandate_options": null,
"network": null,
"request_three_d_secure": "automatic"
}
},
"payment_method_types": [
"card"
],
"single_use_mandate": null,
"status": "requires_payment_method",
"usage": "off_session"
}

You would store the Payment Method object after the payment method details were created . Then, create another SetupIntent if the fingerprint does not exist

Hmm. Interesting. Have I misunderstood something then.

So when you say Payment Method, what are you referring to specifically?

i.e. Stripe Elements

So I've used;

<h1>Add Card</h1>
<form id="payment-form">
<div id="payment-element">
<!-- Elements will create form elements here -->
</div>
<button id="submit">Submit</button>
<div id="error-message">
<!-- Display error message to your customers here -->
</div>
</form>

After the SetupIntent succeeds, the response would have a pm_ object id

You can retrieve that object, https://docs.stripe.com/api/payment_methods/retrieve and look there

I'm further along than I was earlier, so thanks for that. I'm going to have to log off for this evening. But I'll have a read through those links. Seems like my next steps is to basiaclly build a "SaaS: View Stripe Payment Methods on Account (API/SDK)" to view that info and hopefully the next step will reveal itself.

The Stripe Docs really lack decent technical level process flows so it's almost impossible to create an A --> B --> C type diagram for this stuff, hence these conversations

Happy to help!

Now that I've managed to get Card Details stored against a Customer though, that's another step in the right direction so that's the main thing.

Anyhow, thanks @jaunty pecan I've got the next steps I think. Will leave you to deal with the guest 🙂

Happy to help!