sean-setupintents | Stripe Developers | Page 1

knotty iron Jan 6, 2022, 11:44 AM

#

@limber scroll hi! you need to do this on the client side in Javascript as described in the docs, for two main reasons

PCI compliance since you don't want the raw card details on your server
A SetupIntent runs 3D Secure(a page from the bank for the customer to authenticate the payment or saving their card), which is one of the main purposes. The functions in our JS library handle showing that in a popup for the user to complete, it's inherently client side, which is why the way Stripe integrations are designed is to create the Intent object on the backend first, then complete everything on the frontend

limber scroll Jan 6, 2022, 11:49 AM

#

@knotty iron For sure, I'll be taking the card details with js, 100%. My question is (apologies if it wasn't clear) do I need to create the Setup Intent with JS, once I have the payment elements token for a card. Can that step (step 6) go on the server, or does that also have to be in js along with the card collection details? They look like they could possibly be two distinct steps, one step js, and one step server side.

#

For example, does the server return any urls to redirect the user for 3D secure instead of a pop-up?

#

I can't tell if the following is possible:

Collect card details payment token ins js
Submit token from js to server
Create Setup Intent on server, and then that creation may return urls for 3D secure to send the user to.

knotty iron Jan 6, 2022, 12:00 PM

#

do I need to create the Setup Intent with JS
that SetupIntent is always created on the server. (that's what Step 4 is)

after creating it, you 'confirm' it, which is when you supply the card information and the Setup intent validates/authenticates/sets up the card and saves it to the customer. That's Step 6. It always has to happen on the frontend calling that function in our JS SDK as the docs describe, for reason of my 2) reason in my initial reply

knotty iron Jan 6, 2022, 12:01 PM

#

limber scroll I can't tell if the following is possible: 1. Collect card details payment token...

you can build things this way (confirming the SetupIntent on the server) but we highly recommend against it, again, we see 3DS as inherently client side which is why the integrations are designed that way.

#

there won't be any guides for doing it that way, but you can call https://stripe.com/docs/api/setup_intents/confirm on the backend (or pass https://stripe.com/docs/api/setup_intents/create#create_setup_intent-confirm on creation for the same effect). If you want to redirect to a URL for 3DS when it's required you have to pass a return_url and parse the response from confirming the SetupIntent to get the URL to redirect the customer to. https://stripe.com/docs/payments/3d-secure#manual-redirect

#sean-setupintents