#dan_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1297942431160995944

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello

To be clear, you are a plugin and you are using your user's API keys?

Also, the request example you shared above is not using Elements here.

Which is why you get an error about sending raw PANs

Now several customers are complaining because some OTA channels like Vrbo.com us virtual credit card numbers from reservations that we need to charge directly because the guest already inputted their credit card information during checkout on Vrbo.com - but our customers can't charge those CC numbers directly via Stripe due to PCI Compliance requirements.

As a business who already integrates with other payment gateways and OTAs, we (www.mapro.io) are already PCI Compliant, but our customers (vacation rental property management companies) are not. That shouldn't be a problem because card numbers are entirely maintained by our systems and we don't expose full credit card information to our customers (the property managers), we just expose the Charge/Refund/Void buttons for them. That works fine with other direct charge integrations (Authorize, Yapstone, etc) but not with Stripe.

For that to work with Stripe, I need to be able to create PaymentMethod objects with credit card numbers, instead of collecting them via Stripe Elements. As an experiment, we tried doing that, and received an email with some instructions regarding PCI compliance, etc.

What I need help with: we need to streamline the process of PCI compliance so that we can flag our customers' accounts as "PCI compliant under www.mapro.io". I believe we (MAPRO) must become an "official client integration" for this to happen, so our customers don't have to go through PCI compliance themselves unnecessarily.

I tried reaching out to Stripe's sales department to inquiry on how to proceed and they sent me an invite to this Discord channel.

How can we proceed so that we (MAPRO, who is PCI Compliant) are able to create PaymentMethod objects passing full credit card numbers directly to Stripe, on behalf of our customers' accounts (property management companies who are not PCI compliant) ?

To clarify: we will be receiving those credit card numbers from PCI compliant travel agency OTAs like Vrbo.com, Expedia.com, Hopper.com etc - and our end customers (property management companies) will never see those numbers, just their Last4 and guest names.

It would be too cumbersome to require our end customers to go through PCI Compliance (and they don't need to, since they won't be touching credit card numbers themselves). Other SaaS like ours already support this, like www.hostaway.com for example, and their Stripe customers don't need to go through PCI compliance because Hostaway, who is PCI compliant, does it for them. We need instructions on how to be able to do the same thing for our Stripe customers.

Thanks!
Daniel

Yeah so you need to use Stripe Connect here and have your platform approved to pass raw PANs.

This won't work if you are doing this as a plugin where you use your user's API keys.

I see.

We highly recommend against that to begin with, but it also makes what you are trying to do impossible.

As passing raw PANs would have to be enabled on each of your user's accounts.

Yeah, that's what I wanted to avoid. So "Stripe Connect" is the solution we're looking for, then?

I will read about "Stripe Connect" then.

We attach our customers' existing Stripe accounts to our main "Stripe Connect account", or do we need to use our main "Stripe Connect account" to onboard child accounts, one for each property manager?

Will I be able to create a "Stripe Connect" account fully online by myself, or do I need to be connected with someone inside Stripe to start this process?

Yes you can connect already-existing accounts to your platform using OAuth: https://docs.stripe.com/connect/oauth-standard-accounts

And no, you don't need to be connected with anyone. You can test this end-to-end and set up everything yourself

I'd start by reading through the documentation at https://docs.stripe.com/connect

And then you can login to your account and go to https://dashboard.stripe.com/test/connect to get started with testing

Thanks Bismarck for your help! I'll look into "Stripe Connect" and follow the instructions and reach out if I have any more questions.