pure_apple-tokens | Stripe Developers | Page 1

urban thunderBOT May 2, 2024, 11:15 PM

#

tired iceBOT May 2, 2024, 11:15 PM

#

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

pure_ece-callback, 4 hours ago, 27 messages
pure_elements-ece-stripejs, 3 days ago, 28 messages
pure_docs, 6 days ago, 24 messages
pure_docs, 6 days ago, 8 messages

urban thunderBOT May 2, 2024, 11:15 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1235731522842263592

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

oak relic May 2, 2024, 11:18 PM

#

yeah they are just for you and get consumed as soon as they are used

#

pure_apple-tokens

whole ore May 2, 2024, 11:26 PM

#

Got it, so the Stripe token and the confirmation token should be merchant-specific. What about the pk_token that is used to create the Stripe token?

oak relic May 2, 2024, 11:27 PM

#

same

#

and really you don't see that anywhere if you use our Elements

whole ore May 2, 2024, 11:28 PM

#

Yeah, I am. I'm just making sure from a security perspective that an attacker who had access to say, the Apple Pay token and/or the Stripe token, that they wouldn't be able to authorize or capture a random customer's funds.

oak relic May 2, 2024, 11:31 PM

#

correct they can't

whole ore May 2, 2024, 11:44 PM

#

What security is there for retrieving information on tokens? Could that be done using just the publishable key?

oak relic May 2, 2024, 11:53 PM

#

yes but there's not much info

#

you can test all of this in Test mode

tired iceBOT May 2, 2024, 11:56 PM

#

whole ore May 3, 2024, 2:05 AM

#

Hi @obsidian canyon. Do you have more information about the pk_token? Am I right to assume that's a token generated by Apple and not Stripe? It's the token passed to POST tokens call during the confirm event.

obsidian canyon May 3, 2024, 2:15 AM

#

Are you talking about the PKPaymentToken (https://developer.apple.com/documentation/passkit_apple_pay_and_wallet/pkpaymenttoken) ?

Apple Developer Documentation

PKPaymentToken | Apple Developer Documentation

Contains the user’s payment credentials.

#pure_apple-tokens