i am a noob-API-authentication | Stripe Developers | Page 1

late aurora Jun 22, 2022, 4:58 AM

#

👋 Happy to help

#

I'd suggest using Stripe Node library instead of using your own API call

#

Here's the doc for payment integration: https://stripe.com/docs/payments/accept-a-payment?platform=web&ui=elements&html-or-react=react

#

Secret key should be used at backend, not frontend

dusk granite Jun 22, 2022, 5:02 AM

#

late aurora Secret key should be used at backend, not frontend

Ok that's what I thought, but how would I pass the secret key into the authorization headers?

#

Also, I am using <CardElement/>, so I am not redirecting to stripe to complete payment, everything is done on my website. I am getting the error after i click the 'pay' button

#

pay button is the submit button for the form that contains the CardElement

late aurora Jun 22, 2022, 5:06 AM

#

Can you share the code at /payment where you make request to Stripe?

dusk granite Jun 22, 2022, 5:08 AM

#

app.post("/payment", async (req, res) => {
const { id } = req.body;

try {
const paymentIntent = await stripe.paymentIntents.create({
amount: 15000,
currency: "USD",
payment_method: id,
confirm: true,
});

res.json({
  // clientSecret: paymentIntent.client_secret,
  message: "Payment Successful",
  success: true,
});

} catch (error) {
console.log("Error", error);
res.json({
message: "Payment failed",
success: false,
});
}
});

rocky dock Jun 22, 2022, 5:08 AM

#

👋 Stepping in, give me a few mins to catch up

dusk granite Jun 22, 2022, 5:09 AM

#

.
.
.
this is the frontend code for the onsubmit button, if it helps

#

const handleSubmit = async (e) => {
e.preventDefault();

const { error, paymentMethod } = await stripe.createPaymentMethod({
  type: "card",
  card: elements.getElement(CardElement),
});

if (!error) {
  try {
    const { id } = paymentMethod;
    const response = await axios.post("/payment", {
      id: id,
      headers: {
        Authorization: `Bearer ${process.env.REACT_APP_STRIPE_SECRET_KEY}`,
      },
    });

    if (response.data.success) {
      console.log("Successful Payment");
      setSuccess(true);
      setMessage("Successful Payment");
    }
  } catch (error) {
    console.log("Error", error);
  }
} else {
  console.log(error.message);
}

};

rocky dock Jun 22, 2022, 5:13 AM

#

Are you including secret key in frontend? It's incorrect. Secret key should only be used in backend

dusk granite Jun 22, 2022, 5:14 AM

#

rocky dock Are you including secret key in frontend? It's incorrect. Secret key should onl...

ok i understand. I only included it for this error because I have no idea how to add authorization headers to fix this error.

#

I will remove it

rocky dock Jun 22, 2022, 5:14 AM

#

The error you see seems to come from backend

dusk granite Jun 22, 2022, 5:14 AM

#

do you have any ideas on how to include authorization in the headers to authenticate stripe

#

yes it is from backend, it printed in my vscode terminal

rocky dock Jun 22, 2022, 5:15 AM

#

To fix it you have 2 choices:

Include secret key in authorization header and do a raw REST request to Stripe endpoint
Use Stripe official Node API and you just set the key in our SDK's instance once you imported

#

I strongly recommend 2, like 99% of Stripe user would do that

#

https://stripe.com/docs/api/authentication?lang=node

Stripe API reference – Authentication – Node

Complete reference documentation for the Stripe API. Includes code snippets and examples for our Python, Java, PHP, Node.js, Go, Ruby, and .NET libraries.

#

Please take a look here

dusk granite Jun 22, 2022, 5:18 AM

#

rocky dock Please take a look here

ok i will take a look. Thank you for your help

#i am a noob-API-authentication