#dmilic_best-practices
plush estuaryBOT
👋 Welcome to your new thread!
⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1331193403458719857
📝 Have more to share? Add more details, code, screenshots, videos, etc. below.
Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.
- dmilic_best-practices, 4 days ago, 21 messages
- dmilic_best-practices, 4 days ago, 11 messages
plucky portal
Why do you need a CVC token?
thorny cloak
Our backend needs it. We are migrating from old stripe component which supported stripe.createToken(cardCvcElement)) and we want to try not to modify our backend code if possible.
plucky portal
OK, but how are you using a CVC token in your server code?
thorny cloak
I dont know but I can ask my collegue that works on that
Do you want me to ask him and show you how we use it ?
plucky portal
I just want to have a better understand of how your integration works and why you have that requirement so I can recommend an updated approach. I would guess you want that to facilitate CVC recollection for charging saved card, but want to be sure
thorny cloak
Give me a few minutes to check with him and give you an answer on that
plush estuaryBOT
sharp meadow
Hi @plucky portal 👋. This is how our backend integration works. We are using payment intents api but the legacy version of the flow. In one request, on the backend side we are creating a payment intent and instantly confirming it with the prop confirm: true. Also for security reasons on each payment we are requesting cvc recollection, we are adding it in the payload like this: stripePayload.payment_method_options = { card: { cvc_token: cvcToken } }.
So by now, frontend when calling our backend route for payment always sent us a cvc_token which they generated by using stripe.createToken.
does that make sense to you and do you need more info?
haughty patio
Hi! I'm taking over from my colleague. Please, give me a moment to catch up.
I don't think you can migrate without changing the backend.
When you use Payment Element to confirm a PaymentIntent, CVC will be checked automatically. You don't need to pass it anywhere yourself.
sharp meadow
I forgot to mention, like your collegue said, the main reason why we are using this approach is because we want to have cvc recoolection for saved credit cards on each payment. At the moment when we implemented that feature that was the only way we could do it. Also we are creating and confirming payment intent on the backend side.
haughty patio
You mean, if the customer chooses to use the saved card instead you want them to have to provide the CVC, right?
If so, how have you implemented the saved cards?
plush estuaryBOT
sharp meadow
On the frontend side we are sending a request to our backend and backend contact stripe using stripe.paymentMethods.list() to get the list of the customers saved payment methods. When using a saved card, before we send a request to backend to confirm payment we are retreaving from stripe cvc_token and we are sending cvc_token and payment_method_id to backend. And backend work like i mention in 2 posts before.
on the frontend side also for inputing a cvc we use CardCvcElement from stripe. we are JS based so we use stripe js packages. Now we are migrating to payment elements because we are integrating amazon pay which doesnt work with our current integration.
is that enough info?
swift arrow
👋 taking over for my colleague. Let me catch up.
with PaymentElemenmt you don't really need to fetch the PaymentMethods yourself you can actually display saved payment methods https://docs.stripe.com/payments/save-customer-payment-methods#display-existing-saved-payment-methods
and you can recollect cvc https://docs.stripe.com/payments/save-customer-payment-methods#re-collect-payment-details as well
sharp meadow
we will try to fetch payment methods drrectly and see how iit goes.
and about this cvc recolletion. So this is a property in the function for creating a payment intent stripe.paymentIntents.create , by now we used stripePayload.payment_method_options = { card: { cvc_token: cvcToken } }.
ok with this prop required_cvc_recollection can the flow stay the same?backend will create and confirm the payment intent in the same request and we will set required_cvc_recollection prop to true, ando provide the cvc_token all in one request? How can we get the cvc_token on the frontend side?
plush estuaryBOT
sinful sail
Hey! Taking over for my colleague. Let me catch up.
How can we get the cvc_token on the frontend side?
Why you need to get the cvc_token ?
sharp meadow
we need to recollect the cvc when customer pays with saved credit card. I explained it in the thread, and i explained our payment flow
we are sending the cvc_token to backend, backend is creating payment intent, confirming it in the same request and also pass cvc_token
sinful sail
we need to recollect the cvc when customer pays with saved credit card
I understand this yeah, but why? Would you mind sharing the motiviation behind ?
sharp meadow
This is how our backend integration works. We are using payment intents api but the legacy version of the flow. In one request, on the backend side we are creating a payment intent and instantly confirming it with the prop confirm: true. Also for security reasons on each payment we are requesting cvc recollection, we are adding it in the payload like this: stripePayload.payment_method_options = { card: { cvc_token: cvcToken } }.
So by now, frontend when calling our backend route for payment always sent us a cvc_token which they generated by using stripe.createToken.
We used this approach as we had some limitations, the main reason why we need cvc_token is so that we can recollect cvc on each payment for customers that are paying with saved credit cards (security reasons).
on the frontend side we used card elements and we are now merging to payment elements as we also need to implement amazon pay.
so the main question is how can we get the cvc_token using payment elements?
sinful sail
Thank you so much for the detailed exaplanation
You can't collect just cvc with Element
I think the only option here is to use cardCVC element
https://docs.stripe.com/js/element/other_element?type=cardCvc
sharp meadow
so there is no way i can get the cvc_token from the Payment Element? we can use cardCVC element when paying with customers saved credit cards because they need to enter only cvc there, but for normal payment when you need to enter all of the card details i think we need to use Payment Element because we need to also implement Amazon Pay which we can not use with card element?
if we use Payment Element on the frontend for the normal payments where you need to enter all of the card details, how can we force cvc recollection if you take in considiration our flow that i described you?
does payment element already have a option to force cvc recollection?
sinful sail
You can't use Amazon Pay with card element yes
sharp meadow
does payment element already have a option to force cvc recollection?
sinful sail
if we use Payment Element on the frontend for the normal payments where you need to enter all of the card details, how can we force cvc recollection if you take in considiration our flow that i described you?
If you want to confirm the payment from the frontend and not from your abckend, then you can use what my colleague suggested previously, use Element to display the saved payment method and configure Element to re-collect the cvc
#1331193403458719857 message
sharp meadow
ok that means i can not use payment element and still create and confirm payment on backend and recollect the token. We would need to change our payment flow and confirm the payment on frontend
haughty patio
You mean if you use payment_method=pm_xxx instead of Payment Element's PaymentMethod redisplay feature?
haughty patio
... This doesn’t affect payments where the CVC check couldn’t be performed or is unavailable. For example, wallets like Apple Pay or off-session payments don’t require it.
https://docs.stripe.com/disputes/prevention/verification#cvc-check
This means CVC shouldn't be re-collected when you're attempting an off-session payment.
sharp meadow
hmm i think this is similar flow like ours, flow where payment are finalized on server. And i see that it has an option to enforce cvc recollection https://docs.stripe.com/payments/finalize-payments-on-the-server?platform=web&type=payment#enforce-cvc-recollection
haughty patio
Yes, but the saved PaymentMethod is selected from the Payment Element?
sharp meadow
yes, and we can use Payment Element
haughty patio
Then yes, you can recollect CVC by following this section of the guide.