#Analva

hi there! Can you share more about why you don't want to do it using stripe.js?

Yes, because we have a payment gateway written in PHP that accepts cards details from UI and handles all operation on it's own. We have it working with direct Stripe API as expected. But now we got a new request to use this other Payment proxy and I want to follow the same protocol by just adding a code that will handle an integration. If I have to use stripe.js I have to rewrite a whole application and some use cases that we have right now(like split payment between different gateways) will stop working.

So that is why I am asking, is there a way to do the same thing using just stripe API or some PHP based library that I can include into a code.

@quaint rampart Do you have an idea how can I achieve my goal?

just so you're aware, we actively discourage you from collecting the raw credit card numbers in your custom form and then using the Stripe API directly to tokenize the cards because by handling raw card numbers directly you become subject to the full PCI compliance standards. In your case this means you’d have to submit a SAQ D form annually to prove that you are PCI compliant [0]. It’s a 40 page form and trust me, not a headache most people want to be dealing with.

[0] see https://stripe.com/docs/security/guide#validating-pci-compliance under "API Direct" as this is what your integration would be classified as.

I completely understand what you mean as I was submitting this form just last week. We have to do it anyway, as we have other payment methods have payment data in them. So the least I can do right now is to have them all in one place and with the same structure. This way at least it is easier to have control

So my question remains the same, is there a way to do it?

sure, you can create a payment method via the API : https://stripe.com/docs/api/payment_methods/create

To handle card information directly, you'll also need to enable the setting here : https://dashboard.stripe.com/settings/integration

Let me try that

I did not quite understood what I need to do here:
If I would be using a stripe.js my flow would be like this:

1. Create payment intent
2. Authorise payment using Stripe.js
3. Capture payment intent

Now I am not using step 2, so how do I connect payment intent with proper card. Can you help me to understand this part?

1. Create PaymentIntent
2. Collect Payment Method details via your frontend and then make the request to create the PaymentMethod via the API request to Stripe

Step 1 and 2 are interchangable i.e. you can do either one first. Once you create the PaymentMethod, you would have a pm_ object, which you would pass into payment_method [0] https://stripe.com/docs/api/payment_intents/create#create_payment_intent-payment_method

or you can merge them together as well. e.g.

curl https://api.stripe.com/v1/payment_intents \
   -u {{STRIPE_SECRET_KEY}}: \
   -d amount=1000 \
   -d currency=usd \
   -d confirm=true \
   -d payment_method_types[]=card \
   -d payment_method_data[type]=card \
   -d payment_method_data[card][number]=4242424242424242 \
   -d payment_method_data[card][exp_month]=12 \
   -d payment_method_data[card][exp_year]=2022 \
   -d payment_method_data[card][cvc]=123

Thank you! Let me test it out

@quaint rampart Is STRIPE_SECRET_KEY a key for stripe account we are creating Payment intent in?

yes.

Unless you're using Stripe Connect, in which case, it would be your platform's secret key, and you would use the Stripe-Account header [0] to create the PaymentIntent on the connected account

[0] https://stripe.com/docs/connect/authentication

I do not have that key, as it is hidden behind proxy. Let me share a diagram with you maybe it will make more sense

This is something we were thinking to do using Stripe.js

But I would like to replace that step 2 and do not use frontend at all

I looks like there is no way to do it without updating Proxy API

you can't do it without a secret key, so you're going to need to make the necessary changes

Got it, thank you