do i need to make any changes to make the communication secure
like https
ywain
Hi irctc897. You'd need to make sure your app sends the card token to your server over HTTPS, yes
irctc897
where can i find instructions of certs and communication related to stripe
my android app directly calls stripe api
ywain
irctc897: you need to use an external server. You can't embed your secret API key in your app. The only operation that should be done in the app itself is turning the card information into a token (using our Android SDK)
irctc897
i have the publisher and secret keys in my application server
android app, gets them from application server
i will create a card object and customer object in android code after collecting info from my app customer
ywain
irctc897: someone could decompile your app and retrieve the secret API key
irctc897: apart from card tokenization (which uses the publishable key), all API calls need to be issued from your server and not from the app itself
irctc897
even if i get secret api key from server?
ywain
yes
irctc897
so when i do new Stripe().create(card, publishable_key, tokenCallBack)
at this time
only a token is created in the app
dannymichel joined the channel
it is not sent to stipe
is it so?
any help on that question
LochnessMobster3 joined the channel
tr12 joined the channel
akshat joined the channel
drale2k joined the channel
p15_ has quit
tr12
irctc897: correct
netcarver has quit
ajs_ joined the channel
kies^ has quit
peeja joined the channel
chuckweiss has quit
knownasilya joined the channel
peeja has quit
dagda1 joined the channel
s3shs joined the channel
tr12 has quit
dqsf joined the channel
kies^ joined the channel
s3shs has quit
dqsf has quit
s3shs joined the channel
Ahmed joined the channel
Ahmed
Hello
Ahmed is now known as Guest56348
Guest56348
Is there a way to transfer funds from one connected account to another?
lexton joined the channel
gtripoli joined the channel
gtripoli
i am looking for some guidance how i might be able find the particular charges that are associated with a specific transfer through the API
Genome36 joined the channel
Chetan joined the channel
Chetan
Hello
I have a query about customer id creation
Is there anyone to help out
Guest56348 has quit
YoY_ has quit
orlondow
hi Chetan, I can try to answer
Ants joined the channel
Ants
hi
orlondow
Hello Ants
Ants
might not be a technical question but I was wondering if I use stripe.js does that eliminate the need for a ASV scan?
Hi Ants. Could you clarify what you mean by "ASV scan"?
ajs_
Ants: as long as you're using Stripe.js or Checkout and serving your page over SSL (and not storing card numbers some other weird way) you should be okay: https://support.stripe.com/questions/do-i-need-...
ywain
Hi Chetan, sorry for the delay. What's your question?
akshat
Ants: Unless you feel you're so self-compliant that you're doing all your security practices right the first time around, then its safe to say that following an external set of compliance standards is not stupid.
one00handed joined the channel
Ants
i personally think that the so called set of standards are over bearing for SMB
we've spent a month trying to figure it out
our current payment processor is WorldPay
if you pulled out a RACI sheet - it almost seems like no one wants to be accountable
WP wants customer to be accountable
and go to hosting provider to check that theyre compliant
Tressa joined the channel
hosting provider says we dont do that.... you should check with payment processing
its a huge loop
loop in a QSV(?)
ywain
Ants: ultimately, merchants are responsible for PCI compliancy, but Stripe makes it easy to be compliant
Ants
they say scan the server
Chetan
@ywain : How does stripe creates the customer id
How is it unique is it based on email id ? or card ?
ywain
Chetan: like all IDs, it's just a random unique string
Genome36 is now known as Genome36_afk
Chetan
What in case of recurring payments
Ants
ywain, thats what im looking for right now... I just want to accept payment for patients and remove the whole quarterly scan requirement
ywain
Chetan: no, you can create a customer without any parameters at all. Stripe simply generates a unique ID whenever a new resource needs to be created
Ants
we are a small dr office
we'd have to jump up to dedicated hosting apparently to be able to scan our site
Chetan
if the payment fails for the particular customer in recurring case
how to handle that
Ants
even rackspace cloud doesnt allow scanning
Tressa
I updated my deposit account info over a week ago and my deposits continue to go to the wrong account...I've emailed for help but have no response,...I need help ASAP
irctc499 has quit
tr12
Ants: if you used stripe.js, you'd be eligible for SAQ-A, which requires an ASV scan only when the acquirer says it's required (which stripe does not)
ywain
Chetan: that wouldn't change the customer ID. To be notified of failed or successful recurring payments, you'd need to use webhooks and catch the `invoice.payment_failed` / `invoice.payment_succeeded` events
how the customer id is not changed at stripe end , is it a combination of email and card no
tr12
np
ywain
Chetan: the customer ID is a string that uniquely identifies the customer. It is generated by Stripe when the customer is created and never changes later
Chetan
If it keeps on failing for particular customer id , then how to handle it in recurring payment
So customer can login to stripe and change the card details , is it something like that
ywain
Chetan: no, you'd need to set up a form on your site to collect the new card information (with Stripe.js or Checkout, like you did when you first created the customer) and update the customer object with the new token in the `source` parameter: https://stripe.com/docs/api#update_customer
Chetan
So in any case customer id would be same
ywain
Chetan: yes. You'd use the customer ID to retrieve the customer object and update it with the new card token
Tressa has quit
Chetan
Thats nice
So we should have one to one mapping for the customer id and our users
even in the case of recurring payments
tr12
yes
ywain
Chetan: yes. when you first create the customer, you need to save the ID, and you'd likely want to associate it with your own user record
Chetan
Thats nice
@ywain : Really thanks .
ywain
Glad I could help :)
Chetan
It helped me alot
Could you give me any mail id where in I can reach you , if I have any difficulty
Chetan: did you send a message about half an hour ago?
Chetan
Yes
Message or mail
ywain
Chetan: I meant an email, I'm seeing a message with the same question you asked here :)
Chetan
Yes
:)
I also need the help about webhooks
About there response , various response
ywain
Chetan: sure. You can find the documentation about webhooks here: https://stripe.com/docs/webhooks. There are various types of events: https://stripe.com/docs/api#event_types. For recurring payments, `invoice.payment_failed` and `invoice.payment_succeeded` are probably the ones you want to catch
Chetan
in which time zone does stripe works for recurring payment
ywain
Chetan: Stripe will attempt the payment as close as possible to the original subscription creation, e.g. if you create a subscription to a monthly plan on the 5th at 1pm, then Stripe will try to charge this customer every 5th of the month at 1pm. Though it's possible the payment might be delayed by a few minutes or hours sometimes
tr12
Chetan: all timestamps are in UTC
Chetan
Okay
tr12
in the api, anyway - you can set your dashboard to be in whatever timezone you like
ywain
Chetan: and yes, in the API, all timestamps are in UTC as tr12 said. In the dashboard, timestamps are converted to your timezone that you set in your account settings
Chetan
Okay
ywain
damn, too slow :)
Chetan
Thanks
tr12
:P
Chetan
@ywain : how to setup the clock in UTC
ywain
Chetan: you mean in your server-side code? Most languages offer facilities to create timestamps in UTC. What language are you using?