#mr-duck_api

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• mr-duck_api, 1 hour ago, 190 messages
• mrduck_connect-account-capabilities, 1 day ago, 16 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1252744911741124771

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

Hello

Hi there!

By "authorization", are you referring to account verification during onboarding or something else?

Are you testing Connect or simply creating a new merchant account at stripe.com?

Im testing connect yes

So essentailly,

I have a student, who pays a fee to get a tutor, we take a fee off, and we pay the tutor.

Thats how the overall flow should go

However I have a few questions

do both tutors and students a customerid?

For example, I made a "tutor" account, wich does appear here

it has a stripe id and everything

however, in my payment, I am not sure if i am supposed to be having a customerId or not

I see, okay

In this case, the Tutor should have a Connected Account and the Student will be a customer

yep i think thats what i have rn

Only the Tutor should go through connect onboarding. The Student just needs to provide their payment details once you're ready to charge them for the service

Im unsure as of how to set up this connect unboarding, ive added these fields too, but it just says failed to attach PaymetnMethod

This screenshot is not connect onboarding. The screenshot appears to be the card element

yep

Okay, let's take a step back for a second

ok, my manager wants me to make the onboarding without using hte stripe UI

but yes let me know what the proper next step is

Oh interesting. That's definitely more developer intensive. I assume this means you're working with "Custom" connected accounts?

yes i believe so

We really recommend using Stripe-hosted onboarding or embedded components so it's much more streamlined and your team doesn't have to keep tabs on changing compliance requirements: https://docs.stripe.com/connect/custom/onboarding

are there any changes in terms of payments?

if we were to use the stripe hosed onboarding

As in, what the student experience will be? no

ok im going to try smth, can u keep this tab open for like another 20 min before closing it?

We usually don't keep long-running threads but happy to stick around for a bit longer if you need help

hi

so

I managed to find out some of the previous Dev's work on the stripe, and it seems he was using hte stripe elements

  const { token, accountType, firstName, lastName, addressLine1, city, country, postalCode, province } = req.body;
  
  if (!token || !accountType || !firstName || !lastName || !addressLine1 || !city || !postalCode || !province || !country) {
    return res.status(400).json({
      success: false,
      error: 'Missing required fields',
    });
  }

  try {
    const user = req.user;
    const userDoc = await db.collection('users').doc(user.uid).get();
    const accountId = userDoc.data().stripe.accountId;

    if (!accountId) {
      return res.status(400).json({
        success: false,
        error: 'No Stripe account ID found for user',
      });
    }

    const account = await stripe.accounts.update(accountId, {
      individual: {
        first_name: firstName,
        last_name: lastName,
        address: {
          line1: addressLine1,
          city: city,
          postal_code: postalCode,
          state: province,
          country: country,
        },
      },
    });

    await stripe.accounts.createExternalAccount(accountId, {
      external_account: token,
      default_for_currency: true,
    });

    await stripe.accounts.update(accountId, {
      tos_acceptance: {
        date: Math.floor(Date.now() / 1000),
        ip: req.ip,
      },
    });

    await db.collection('users').doc(user.uid).update({
      'stripe.confirmed': true,
    });

    return res.status(200).json({ success: true, account });
  } catch (err) {
    console.error(err);
    return res.status(500).json({ success: false, error: err.message });
  }
});```

However, when I try to send a message with this

Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.

i get this information

Is this being thrown when creating a token?

Do you have a request ID you could share with me?

sure one second

2024-06-18T22:40:41.697418+00:00 app[web.1]: GET /api/analytics 500 177.193 ms - 286
2024-06-18T22:40:41.681620+00:00 heroku[router]: at=info method=GET path="/api/account-details" host=tutredstage-266226951372.herokuapp.com request_id=a69bd73d-a4b5-48fa-b712-9b6336506352 fwd="24.64.55.46" dyno=web.1 connect=0ms service=166ms status=500 bytes=546 protocol=https
2024-06-18T22:40:41.697702+00:00 heroku[router]: at=info method=GET path="/api/analytics" host=tutredstage-266226951372.herokuapp.com request_id=19d1ec5a-cbe0-4971-8d3e-6f5de536fd51 fwd="24.64.55.46" dyno=web.1 connect=0ms service=182ms status=500 bytes=546 protocol=https

Not sure if that helps but I do see a request_id

19d1ec5a-cbe0-4971-8d3e-6f5de536fd51

That ?

Its being thrown when im trying to make a payment

for example

I just made a new account called "Donkey Kong", which does appear in my dashboard

Can you share the account ID for that account?

It should look like acct_... and you'll likely see the ID in the URL if you click into the account view in the Dashboard

sure one second

acct_1PTAptP1Ayy0iYI8

I am not getting this error here:

he provided key 'sk_live_*********************************************************************************************xvqQpG' does not have access to account 'acct_1PTAptP1Ayy0iYI8' (or that account does not exist). Application access may have been revoked.

but i dont have an sklive key

i replaced both of them with a test

Please don't share any secret keys here.

const stripe = require('stripe')(DEV ?

yes i wont send

but

test mode secret keys make sense for your current testing

yep

But Im getting this error, even tho i havent added this secret live key

like i dont have an sk_live

Right, so something in the code you're using is attempting to access account acct_1PTAptP1Ayy0iYI8 with a live mode secret key. That key doesn't have access to account acct_1PTAptP1Ayy0iYI8 since it's a test mode account

im guessing probably

  const { token, accountType, firstName, lastName, addressLine1, city, country, postalCode, province } = req.body;
  
  if (!token || !accountType || !firstName || !lastName || !addressLine1 || !city || !postalCode || !province || !country) {
    return res.status(400).json({
      success: false,
      error: 'Missing required fields',
    });
  }

  try {
    const user = req.user;
    const userDoc = await db.collection('users').doc(user.uid).get();
    const accountId = userDoc.data().stripe.accountId;

    if (!accountId) {
      return res.status(400).json({
        success: false,
        error: 'No Stripe account ID found for user',
      });
    }

    const account = await stripe.accounts.update(accountId, {
      individual: {
        first_name: firstName,
        last_name: lastName,
        address: {
          line1: addressLine1,
          city: city,
          postal_code: postalCode,
          state: province,
          country: country,
        },
      },
    });

    await stripe.accounts.createExternalAccount(accountId, {
      external_account: token,
      default_for_currency: true,
    });

    await stripe.accounts.update(accountId, {
      tos_acceptance: {
        date: Math.floor(Date.now() / 1000),
        ip: req.ip,
      },
    });

    await db.collection('users').doc(user.uid).update({
      'stripe.confirmed': true,
    });

    return res.status(200).json({ success: true, account });
  } catch (err) {
    console.error(err);
    return res.status(500).json({ success: false, error: err.message });
  }
});```

accountID?

like the line with the account id?

Unclear without some additional logging

hmmm ok one second

If you decide to go the route of custom onboarding (instead of Stripe-hosted onboarding), you'll need to manually collect bank account or debit card details to use to pay out funds to the tutors: https://docs.stripe.com/connect/payouts-bank-accounts?bank-account-collection-integration=direct-api&bank-account-collection-method=manual-entry

This is where that "Sending credit card numbers..." error is coming from. Some code is trying to pass raw card numbers to create a token, then use that token to update the external account for a connected account

so the way its currently implemented, like this, this is not the stripe elements onboarding right

Correct, that is not stripe hosted onboarding but a custom form that's collecting this information

gotcha

thats why its pretty buggy etc

That's fine to do but note that this comes with additional PCI compliance requirements

makes sense. Is there any reason to not want to do the stripe onboarding way?

other than making it super customizable

That's really the primary reason. Most folks who go with their own form really want a lot of control over the look and feel of onboarding

ah but then it will need constant changes/editing to make sure it has the proper compliance correct? Which causes a lot more issues down the line

like this

Right, exactly

how long do u estimate it would take to shift this custom one to a stripe onboarding one? just so i can give a number to my manager on average would u say

That's hard to say. Depends on what other code you may have to change. Connect overall can be complex so if you're just getting started with ramping up on Connect overall, I recommend giving yourself a few weeks minimum and test end to end

You'll probably find these test values helpful as well: https://docs.stripe.com/connect/testing

gotcha so either way, you dont believe there is a quick bandaid solution that can get it to work from this state either way correct? Because it seems that on the student end, things are set up, but from the tutor end thats where the problems are

I think there are a few things to a "quick" solution here:

• Work with our Support team to enable working with raw cards in test mode: https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis
• Review your environment variables to ensure you're using the test mode secret key instead of a live mode secret key

That said, this will get your test mode environment up and running but it still leaves unanswered questions about what you want to do in live mode. If your team does not want to work with raw PANs in production, it's not worth continuing to test with this test environment