Soba-card | Stripe Developers | Page 1

lethal swan Jun 21, 2022, 9:37 AM

#

Hi there!

graceful flax Jun 21, 2022, 9:38 AM

#

Hi Soma!

lethal swan Jun 21, 2022, 9:39 AM

#

The recommended flow is the opposite:

Create a SetupIntent on the server
Then use the setupintent.client_secret on the frontend to collect the payment method
This is covered here: https://stripe.com/docs/payments/save-and-reuse?platform=web

graceful flax Jun 21, 2022, 9:39 AM

#

Ahh yes that was what I was thinking

#

but the flow that i mentioned is allowed by the api correct? i.e. it is *technically *possible

#

i'm wondering what is the security advantage of doing it in the way specified by the link?

lethal swan Jun 21, 2022, 9:44 AM

#

but the flow that i mentioned is allowed by the api correct? i.e. it is technicallypossible
technically yes, but I wouldn't recommend this:

how would that flow handle 3DS?
also you would be allowed to do that only if your business is PCI compliant https://stripe.com/en-fr/guides/pci-compliance

autumn yoke Jun 21, 2022, 10:00 AM

#

Hey, taking over here. Let me know if there's any follow-up Qs I can answer!

graceful flax Jun 21, 2022, 10:21 AM

#

Hi there!I I see I think So a managed to answer many of my questions :)

#Soba-card