#mulo_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1290251880173142077

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi, let me help you with this.

one time use
Do you mean one-time payment, or one-time visiting of the URL?

one-time visiting of the URL

No, unfortunately. You can set a short expiry time, but I am not sure this solves your problem: https://docs.stripe.com/api/checkout/sessions/create#create_checkout_session-expires_at

But why are you concerned about customers sharing their Checkout Session URL exactly?

Could it be seconds too?

But why are you concerned about customers sharing their Checkout Session URL exactly?
So basically I have a discord bot which any member of the guild could gift premium. The process starts by clicking buttons, which gives user ID and the server ID in which they have been pressed. With this and other data the backend can then eventually create a stripe session linking said user to the server id.
I do in between steps by first redirecting to my website to decrypt this info, but once on a checkout session there would be nothing preventing anyone from sharing that url.
Unless I guess the checkout session could be set to expire in less than a minute. Tho even then is not 100% guarantee it would theoretically match the user if the link is shared.

Could it be seconds too?
Yes

I think I am not entirely getting what are you trying to protect, and why. What would be the benefit of someone sharing their Checkout Session link with others?

Trolling for example

impersonating another person

from the one that actually made the payment

This is solved by Discord authentication, not sure what Stripe Checkout has to do with this.
Are you protecting Discord user IDs?

even with discord authentication, once a stripe url session is created, the url could be shared

the point is not discord, I guess the only way to achieve this would be one-time url session visit

You're still not answering my question. What piece of information are you trying to protect exactly?
Because I don't why would anyone need to share their Checkout Session URL, and even if they did how this can be abused.
This is not related to Stripe, but I am just trying to understand your concern, since it seems like you're trying to solve a non-existent problem. Or I might be missing some nuance.

the userId linked to the discord server id I pass to the checkout session.

which I pass as custom field data

Because I don't why would anyone need to share their Checkout Session URL
Trolling for example
impersonating another person
from the one that actually made the payment

This is not related to Stripe
It could be, im inquiring if stripe offered a form of solution or workaround to this possibility. You said no so that was what I wanted to know.
Discord in-app purchases might be one of the solutions i'd imagine

impersonating another person
How would you do this with just the user ID?

say I click the buttons that will create the checkout session, then I share that url to another person. Is not gonna be me making the final payment

So, someone else will pay, and you will get the premium. How is this impersonating another person?

coz it will show that user 1234324 made the payment, even tho potentially might not be him

Why would someone want to pay for me? I don't see any incentive for someone to do this.

it's a corner case, where certain recognitions could be abused

Alright, I'll leave it at that. Do you have any more questions about Stripe integration?

That's it! Thanks for the answers 👍