smed_best-practices | Stripe Developers | Page 1

mystic remnantBOT Jul 29, 2024, 2:47 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1267493605790978150

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

frail bane Jul 29, 2024, 2:47 PM

#

#

#

in both case customerId comes from the request query string

untold hamlet Jul 29, 2024, 2:52 PM

#

Can you help me understand your specific concern?

frail bane Jul 29, 2024, 2:53 PM

#

untold hamlet Can you help me understand your specific concern?

like that i fear someone could send a request to my api with a customer id that is not theirs and access private informations

untold hamlet Jul 29, 2024, 2:57 PM

#

Your API, or the Stripe API?

frail bane Jul 29, 2024, 2:57 PM

#

untold hamlet *Your* API, or the Stripe API?

my api

#

i guess its my responsability

untold hamlet Jul 29, 2024, 3:01 PM

#

Yep, exactly. You should implement RLS or some authz middleware to check access to cus_xxx is prohibited

frail bane Jul 29, 2024, 3:02 PM

#

untold hamlet Yep, exactly. You should implement RLS or some authz middleware to check access ...

i have a more important, question tho but i see i can't open a new thread, sometimes, when a payment is past_due, or expired i don't remember the name of the status, basically when it has to be paid but fails previously, the subscription will still be on hold/unpaid, if the user buy a new subscription or add a card, it will automatically pay that old subscription invoice, even if it's older than, e.g: a month, so the 30 day subscription is already gone and the payment was "useless", but still made, which always lead to a refund, and customer complain, it could be 3 days, 5 days, 10 days wasted or a whole subscription, and lead to duped payment, i would like a way to fix that

untold hamlet Jul 29, 2024, 3:04 PM

#

You would need to void any open invoices associated to the delete/canceled subscriptions. That doesn't happen automatically so they can still be paid

frail bane Jul 29, 2024, 3:08 PM

#

untold hamlet You would need to void any open invoices associated to the delete/canceled subsc...

can i just pause the subscription and unpause on the invoice is paid ? and am i obligated to use webhooks ?

untold hamlet Jul 29, 2024, 3:08 PM

#

You should use webhooks yes

#smed_best-practices