Do I need my own server to use the Stripe interface?

I want to implement payments in my application through Stripe. I read their documentation and he goes on to mention that I will use my own server to blame someone after I extract the token from Stripe. ( lane documentation )

lane documentation

Why do I need a server to charge my user, why can't I just call the Stripe API methods to just charge - what am I doing on my server? Is there any way to charge without creating my own server? Can a fire base be sufficient?

thanks

+6
source share
2 answers

Let me expand on what they say a little with my interpretation:

In our mobile library, we take the burden of compliance with PCI, eliminating the need to send card data directly to your server. Instead, our libraries send map data directly to our servers, where we can convert them to tokens.

This means that often one gets a credit card number and is expected to store it for future use (for example, a customer enters it on their account page so that they can be charged monthly), but this requires you to comply with PCI standards, which may to be a headache. Stripe saves you from this burden - they will store a credit card, and if you want to take care of it later, you can just give them the token that they generated, which represents this credit card.

Your application will receive the token back and can then send the token to the endpoint of your server, where it can be used to process the payment, establish recurring billing, or simply save it for later use.

This is explained in the next section https://stripe.com/docs/mobile/android#using-tokens

Using the payment token, however, it was received, your API secret key is required to call the API from your server. (For security reasons, you should never embed your API private key in your application.)

(This was mentioned by the drrom.)

Since you need a secret key to call the API, you will need to make it from your own server, so you need a server.

Note. I did not use Stripe, which I remember, I'm just trying to share my reading of documents.

PS I think your second question is separate, but some popular and simple Java Webapp hosting options are Heroku and AppEngine. For something like this, however, you can go with a serverless approach, for example. using AWS Lambda https://aws.amazon.com/lambda (Google has the Alpha stage equivalent https://cloud.google.com/functions/ )

+4
source

Yes. The reason you need a server is mainly to protect the secret key that Stripe provides you with. You do not want to embed the secret key in your mobile application, which offers protection against it from scratch. Someone might just parse your application, even if it is confusing, and try to find a secret key that is helpless.

References

This Q&A on the Stripe website answers it explicitly, but does not go into details.

This blog post explains an end-to-end process that may be enjoyable to read for context.

Alternatives

... though, I would recommend setting up your own so that you can maintain as much control as possible. The definitions and features of HTTP and REST are beyond the scope of this question, but be sure that the amount of code to get this work is trivial (despite the initial training / effort on your part).

+4
source

Source: https://habr.com/ru/post/1011868/


All Articles