#supreeth_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1371926578845712517

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• supreeth_code, 3 days ago, 52 messages

I don't understand the question exactly

You said you got a suggestion to save during payment

What's the issue with that?

we have 2 flows by which a user can add payment methods

1 is by using our UI - where we create a stripe customer initially and our UI will load the payment intent secret to accept the payment method - only if the 2$ hold succeeds

2 - by using No code Customer portal where user can add/delete payment methods - which doesnt do any hold on the card. How do we accept the card using No code Customer portal only 2$ hold on customer card goes through

How do we accept the card using No code Customer portal only 2$ hold on customer card goes through
You can't

The customer portal is no code and has limited functionality

I was thinking of a way where we piggyback on the webhook call payment_method.attached - create payment intent there with 2$ hold, if the payment intent fails - detach the payment method ?

You could do that

One thing to note though is the customer portal uses a setupintent I believe

SetupIntents sometimes do a $0 or $1 auth on the card (where you'll be charged auth fees)

So you could do what you're saying but you'll be racking up double auth fees

auth fees are charged to customers ?

I havent seen any auth done for setup intent so far and thats why its been a leaky bucket for us

and thats the reason we had to resort to these 2$ holds on the cards

I'm double checking to make sure if customer portal does setupintent

Not 100% sure it does

too many fraud users coming in with fraud cards and the transactions dont go through

But with setupintents it's an internal optimization whether or not we do the auth

It's not every setupintent

though the cards always gets accepted by setup intents

What you're doing is the only way to make sure an auth is performed

With SetupIntents it's optimized on stripe's end before we talk to the issuer

ok

what I am suggesting is valid option right ?

Any concerns with that ?

Yes you can do it

From a technical perspective

From a compliance perspective I can't comment

Other then it might be slighly confusing for end-users that their payment method disappeared because hold failed

Yes it might be confusing to them

And they might not realize you're going to auth their card

The customer portal doesn't have language around that

And again i can't speak to the legal/compliance portion

But from a technical perspective it's doable

yeah we will document the auth/hold process

The other thing you need to make sure to take into account is the customer's default payment selection

There's a checkbox in the customer portal that lets the customer select if they want the newly added payment method to be the default

If you detach it if the auth fails then they will no longer have a default one set

Also is there a way for me to avoid double auth, where users going with option 1 already would have their hold done.

Is there a metadata I can attach to payment intent - so I check that in payment_method.attached and not create one more payment intent on that

If you detach it if the auth fails then they will no longer have a default one set - thats ok, our system is smart enough to not give them our services if they dont have any payment methods

Can they have more than 1 payment method? I just bring this up because you may want to fallback and reset their previous payment method as the default if adding the new one fails auth

That way you can avoid failed payments

Yes

You can set metadata on the payment intent to indicate it was done through the elements flow

https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_data-metadata

and we can see this metadata in the webhook call payment_method.attached ?

yes if you set it within payment_method_data it'll be set on the payment method object

ah awesome

yeah they can have more than 1 payment method

and they can set what do they want as default

but all we want to make sure is whatever card they add to stripe - we want that to be vetted with 2$ hold

what happens if we delete a payment method and that was set as default ? stripe doesnt set the previous one as default back ?

We do not

That was my point

You'd need to have logic to preserve the previous default

ok got it

I will keep that in mind!

thanks

No problem

Like say for example the customer has 1 card already and it's set as default. Say they go into the no code customer portal, add a new card, and select the box to set the new one as the default. Then, say you create a 2 dollar auth on the new card and it fails and you detach the new card. The old card is no longer the default. The customer will have no default set.

yeah got it

and I had a follow up to this

this will work fine for redirect-based cards as well right ?

Like a card that requires 3ds auth?

yes

So that's the issue with confirming a payment intent serverside

If the intent requires 3ds auth, you need a way to bring the customer online and have them complete the auth

There's no way around that

Banks decide when a card needs auth

how does off_session payments work ?

if we want to charge the customer by raising invoices later

In theory you properly set up the payment method for future use

Either via a setupintent or via a payment intent with the setup_future_usage param

That should allow you to charge them off session with minimal 3ds issues

3ds is still possible but unlikely

ok

doesnt customer portal payment method do that with setup_future_usage param ?

Customer portal uses a setupintent

So in theory you should have minimal issues with the server-side payment intent confirmation off-session

But it's still possible

so most likely it should work - for off_session payments ?

Most likely, yes

In case it fails, we just wont accept the payment method - which I think is ok

because we need the off_session payments to go through for all our invoices anyways right ?

You would

But if it's due to 3ds, you can just bring the customer to the hosted invoice link to complete auth

ok cool, in that case this payment intent can be a good thing only

Up to you. If it's only requiring 3ds, you can bring them online to complete it

how do we bring them online for server side payment intent ?

To a page on your site where you call confirmPayment client-side and use stripe.js to complete auth with the payment method id

by passing the secret ?

yes

https://docs.stripe.com/js/payment_intents/confirm_payment#confirm_payment_intent-options-confirmParams-payment_method

https://docs.stripe.com/js/payment_intents/confirm_payment#confirm_payment_intent-options-clientSecret

Is there a way to know how many payment methods of our current customers requires 3ds auth like this ?

If it's a payment intent that required 3ds, it would have generated this event: https://docs.stripe.com/api/events/types#event_types-payment_intent.requires_action

So you should be able to filter those events

Assuming you didn't pass off_session=true

oh events is the only way ? nothing will be set in payment method attribute ?

If you passed off_session=true, then we just generate payment_intent.payment_failed

correct

There's not a real easy way to check this

off_session=true while creating payment intent ?

ah ok

yes

Because that indicates to us that the customer isn't in the flow to complete auth

So we just decline

If customer is in the flow, instead we transition payment intent to requires_action

is it also same if we set off_session=true while creating invoice ?

And expect customer to complete the auth

Where do you see that param on an invoice?

And is this a subscription invoice or one-off?

This is one-off invoices

I dont think we set anything, how does 3ds work for invoices ?

I am not even sure how its working now

So default is off_session=true

https://docs.stripe.com/api/invoices/pay#pay_invoice-off_session

Assuming you call the pay endpoint

But I don't know how your integration works

There's multiple ways to integrate this

Invoices are easier though

You just bring the customer to the hosted invoice page to complete the auth if it's an off-session 3ds failure

        // Insufficient balance on the payment method will fail the payment.
        Forgive: stripe.Bool(false),
    })```

we do this

and this happens in backend

Yeah so that would be off_session=true by default

completely detached from UI

ok in that case, backend off_session payment intent would basically validate this right ?

Validate what?

3ds can happen at any time up to the discretion of the bank

sorry Validate that off_session payments will work

Payment Intent may not require it but a later invoice might

without redirects

Completely unpredictable

oh

This isn't something you can predict. Your integration needs to be able to handle it if it happens

ah ok

If its a invoice, then if we disable off_session - do we still need our own UI integration the payment to work ?

No

#1371926578845712517 message

ok

thank you

Do you know if there are test cards to test 3dsecure cases and our integrations ?

We document all test cards here: https://docs.stripe.com/testing?testing-method=card-numbers&payment-method=others#regulatory-cards