#treehugger_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1309526343423361074

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Yep, safe to expose the cs_xxx ID overall. We actively encourage this for 'order confirmation' pages. Generally though our recommendation is to use webhooks for fulfilment flows like you're describing as it isn't always a guarantee your user is redirected to the success_url

I don't understand how I could use webhooks for something like this. Could you give me an example of how something like this might work?

Well, you'd listen for checkout.session.completed events which fire when the customer completes the session (and in your case the auth/hold is made). Then you can process the event async as you need and make the API request to capture the payment

I wouldn't rely on the success_url redirect for a business critical flow like you describe. It's better suited for an order confirmation page, etc