#AM-3DS
lyric bluff
In that case can i use the setup Intent? I want to prompt 3D secure before confirming the payment. Essentially the user clicks book now. The 3D secure flow happens if necessary, then I check if we should charge the user and confirm the payment.
glossy hull
Yes, you can most certainly use the setup intent, 3DS will be prompted when the setupIntent is being confirmed, for more information regarding the setup and flow please refer to: https://stripe.com/docs/payments/save-and-reuse
lyric bluff
What if I already have created a setupIntent for the user when they register in my app?
Does that make a difference? Should I delete the first setup Intent?
This is the flow I have in mind now.
The user registers and we create and confirm the setup Intent.
This is for monthly payments
If the user wants to make a one off purchase.
I need to pre-empt 3DS.
So I will create a new setupIntent and confirm it to prompt 3DS
Once complete I will continue as normal and charge for the purchase if necessary.
- Is this ok in terms of a payment flow?
- Creating Setup Intents when the user already has one confirmed?
- Do I need to delete previous setupIntents?
- Is it a good idea to do so anyway to refresh 3DS for off-session monthly payments?
sour steppe
Hey! Taking over from @glossy hull - let me just catch up and I'm happy to answer your Qs
lyric bluff
๐
sour steppe
If the user wants to make a one off purchase.
I need to pre-empt 3DS.
This is not the case if you're using the same Payment Method that was already authenticated for the recurring payments with the Setup Intent
lyric bluff
So it can never happen? Even if the one off purchase is on session?
I just want to avoid having to handle 3DS in the middle of my business logic.
sour steppe
So it can never happen? Even if the one off purchase is on session?
That'll depend on the usage parameter passed on the creation of Setup Intent: https://stripe.com/docs/api/setup_intents/create#create_setup_intent-usage
If you pass off_session then it covers both on and off session payments
Of course there is no guarantee that the bank won't request additional auth/3DS โ so your flow should handle accordingly
lyric bluff
Yes, exactly so it is possible 3DS will be prompted and I will need to "handle accordingly"
I would prefer to create a new setup Intent (if that is allowed) and handle 3DS first before I start the server side business logic. So I will have 2 requests. First handles 3DS. Then I charge for the payment (I have some logic that determines if the user should be charged).
sour steppe
You're likely just going to confuse matters with the extra Setup Intent as you'll end up with an additional Payment Method object for what would be the same payment instrument (credit card in this case). In most cases you only need a single Setup Intent per payment instrument
lyric bluff
Can I refresh an already existing setupIntent?
sour steppe
Equally you can handle 3DS and save the card during an initial payment which would consolidate your flow/logic: https://stripe.com/docs/payments/save-during-payment
sour steppe
Can I refresh an already existing setupIntent?
You can't no. Once confirmed, the Setup Intent is immutable
lyric bluff
Ok, so to be clear. Your suggestion is to not worry too much about 3DS prompts from already created setup Intents as this will be rare. It may still occur so you should have something to handle this though.
Because if I create an additional setup Intent I will have 2 for the same instrument (card)
In that case can I not just delete the old one?
sour steppe
Generally they would be rare but can happen if the bank deems the payment in question requires auth. So you would need to handle that yes
The Setup Intent once confirmed is irrelevant really. The Payment Method object it authenticates is what you're using to facilitate future payments
lyric bluff
Ok so I delete the payment Method and create it again using the setup Intent API
sour steppe
In that case can I not just delete the old one?
They can't be deleted no. Only cancelled but that's only possible when it's not status: 'succeeded'
sour steppe
Ok so I delete the payment Method and create it again using the setup Intent API
Well, you could. But then you're just introducing an additional authentication check with the user that might not have been necessary
lyric bluff
Well not necessarily what if I set the setup Intent three_d_secure to automatic?
sour steppe
That's the default behaviour though. What would you expect to be different? https://stripe.com/docs/api/setup_intents/create#create_setup_intent-payment_method_options-card-request_three_d_secure
lyric bluff
Then what additional authentication check will I be forcing the user to go through?
sour steppe
Because if you delete the Payment Method and then create a new PM with the same card and attempt to authenticate it with a Setup Intent, then it's likely the bank will ask for authentication again
Where as, you could just use the already authenticated PM with the likelihood of the bank wanting authentication again being very low
lyric bluff
Hmm, ok so your saying there is no normal way to pre-empt 3DS for each transaction?
sour steppe
Yes, with a Setup Intent exactly as you're doing. But even with that approach 3DS is assessed on a per transaction basis so there's a chance the bank may request it
Basically confirming a off_session Setup Intent with the desired Payment Method is the best approach here to facilitating both recurring (off session) and one-time on session payments
lyric bluff
๐