#ralphsaridar-ReactNative

hello

Hi

Ive followed the youtube video on stripe/reat-native-stripe

every step

yet I still receive an error with the sk

Can you check your Dashboard Request log, and find the request that failed?

one sec

where can I check this

the requests

https://dashboard.stripe.com/test/logs

ok

what should i show you

POST /v1/charges
Status
400 ERR
ID
req_3fWDmXLUW8z3Fn
Time
8/11/21, 11:48:57 am
IP address
150.107.241.206
API Version
2020-08-27
Latest
Source
Stripe/v1 NodeBindings/8.170.0
Idempotency
Key – 84daf3f4-30ec-4cad-9ea7-b4601824c887

token_already_used
You cannot use a Stripe token more than once: tok_1JtUSDGCJMztZgE066vMEqKJ.

Was this useful?

Yes

No
{
"description": "CashMyStock",
"amount": "18900",
"currency": "usd",
"source": "tok_1JtUSDGCJMztZgE066vMEqKJ",
"capture": "true",
"metadata": {
"order_id": "34"
}
}
Response body
{
"error": {
"code": "token_already_used",
"doc_url": "https://stripe.com/docs/error-codes/token-already-used",
"message": "You cannot use a Stripe token more than once: tok_1JtUSDGCJMztZgE066vMEqKJ.",
"type": "invalid_request_error"
}
}
Request POST body
{
"description": "CashMyStock",
"amount": "18900",
"currency": "usd",
"source": "tok_1JtUSDGCJMztZgE066vMEqKJ",
"capture": "true",
"metadata": {
"order_id": "34"
}
}

what went wrong

@distant cove

Let me take a look

deal thank you

This is a server request

the error is also different than "invalid secret key" that you have mentioned

I think this is a different problem, but shall we focus on the failed ConfirmPayment first? It would appear as a request from client

so error from both front and back end ?

There could be different errors

thats the video I followd

https://www.youtube.com/watch?v=SH2bi-1MUNM&t=537s

same concept as it is written

is it possible that I receive this error because of an error on the backend ?

Response body
{
"error": {
"code": "token_already_used",
"doc_url": "https://stripe.com/docs/error-codes/token-already-used",
"message": "You cannot use a Stripe token more than once: tok_1JtUSDGCJMztZgE066vMEqKJ.",
"type": "invalid_request_error"
}
}

this error

Okie I see

Please delete or redact above message

you wouldn't want your key exposed here as a public space

So that value sk_test_xxx is a Secret key and should only be used in server

on client (React Native) you want a client_secret key, which is a secret from a PaymentIntent, but safe to be handled on client side

Can you share the code you use to obtain PaymentIntent from the server?

paymentIntent should be done from the server side correct ?

yes

will send it just give a bit of time

because im the front end developer

im contacting the backend

Anw, can you share again where are you seeing that "invalid secret key"? with actual value redacted?

yes

      confPay = async() =>{
              //console.log(stripePk.)
              const {error} = await confirmPayment(props.token,{
                  type:'Card',
                  billingDetails:{
                      email:'joe@hotmail.com'
                  }
              });
              if(error)
                  console.log("Error: ",error.message)
              else
                  Alert.alert("Payment","Successful")
              //apiPayment.complete
      }

if(error) console.log("Error: ",error.message) thats where it is logging it

I will send you the log one second

Error: Invalid client secret: sk_test_1234567890

ok, that value comes from the props.token, isn't it? Where are you taking that props.token?

yes

Where are you getting that value from?

        APIPayment.getClientToken().then((res)=>{
          this.setState({payment_token:res})
        })


then

    
            <OverlayComp 
                  ref={this.paymentRef}
                  visible={true}
                  token={this.state.payment_token}
                  onClose={()=>this.setState({overlay:false})}
                  onchange={(t)=>this.changeData(t)}  />

so mainly im getting the value from the backend

okay, so backend is returning wrong value

We will need to see how is backend implementing this method

1 second

what the backend developer is doing

in the function is just returning the string of pk_test_

sk_test

nothing else

Ok, there are 2 incorrect things

developer is sending back the secret_key that he gets from stripe after creating the account

1. Backend should return the Publishable Key (pk_xxx) instead of the Secret Key (sk_xxx). The Secret key should never been exposed to client by any mean

ok I already have my publish key in front end in an .env

Hmm ok? So the function from backend should return the client_secret of a PaymentIntent

It's a different thing than both Secret Key and Publishable Key

https://stripe.com/docs/payments/accept-a-payment?platform=react-native&ui=custom#react-native-create-server-side

For example in Node js

const paymentIntent = await stripe.paymentIntents.create({
  amount: 1099,
  currency: 'jpy',
});
const clientSecret = paymentIntent.client_secret

It's a client_secret created per PaymentIntent, not the secret key of the account

ok just a question

so I as a front end developer should send him the data for the amount and currency

and in return I receive the clientSecret correct ?

in order to continue on

That could work, be generally you don't want client to send amount/currency to server, but the server to pre-define it

proccess goes : ```
I send POST request (Front)
I receive data back (Back)
I send POST request (Front)

shouldn't amount and currency be dynamic data?

Because, a customer and send fake amount to your server, then get result and use your service with $1 for example

If you allow your client to define amount/currency, any customer can reverse-engineer your app and try to send fake amount, to exploit your system

hmm so how does have to be

Define amount/currency on server

I need to step down for the day. My colleague @sacred wing would continue to assist you 🙂

thank you so much

hello jonny

so these are static values

they dont change, just define them and thats it

Hey @past torrent ! Just catching up

Hey how are you

So just a question

Amount and currency are static values?

They can be static or variables, however you're calculating them

Yes but like how should i change the values

If orakaro thats its not recommend it to send it back to the server in a POST request

Im working on an ecom app

Generally true yes as they're susceptible to your request being interfered with (i.e. changing the amount)

So if clients amount is suppose 5000$ how does the server know the amount

Generally people have their prices defined by a database of products which have associated price values. The server can then look them up

can I add the backend developer to this thread please?

yes yes products prices are from the database but like the user is going to choose 50 product A which will lead his total of suppose 1000$

how does the server know this amount

thats what I mena

mean*

That's up to your to configure that! I guess you could send the IDs of your products to the server and the server calculates the price

yes yes no problem but like thats what I mean

I shoud send him a POST request

but in the body, dont send the amount directly

we configure it our own way

correct?

Yes, a POST to your backend which will:

• Send the IDs of the products the user is buying
• Your backend will lookup those products, and calculate the total
• Create the PI with Stripe using that calculated total as the amount parameter

Does that make sense?

yes yes as I said above

thanks

Cool!