#stripe

ivanjaros: if you use checkout or stripe.js, you're only in scope for SAQ A

tr12: ok, i see. i hopes that wasn'the case. thanks for the info.

ivanjaros: not using stripe.js because you're trying to avoid javascript is a little bit like amputating your hand because you're tired of clipping your nails

:)

like, yes, this is going to involve less nail clipping

but you're not going to like the rest of it

:P

tr12: We have been working with the Woocommerce API for our shopping cart. We would like to build the entire front end with our custom code. At the point of checking out (cc details), can we use StripeJS and have the order data go from Stripe to Woocommerce in the backend?

jen_: yes

Is that the typical workflow since we do not want to touch CC data.

jen_: you'd need to reverse-engineer the form post that woocommerce expects you to make with this token

but that shouldn't be particularly hard

This is my first encounter with APIs so pardon my ignorance…any sample scripts out there for us to review? I am sure there are many who work with both of these systems.

wc will come with its own form / js which makes some post to woocommerce's backend

if you want to rewrite the frontend, you need to make sure whatever frontend you write makes the same sort of post to woocommerce

I don't know of any example code for that particular situation

Hi guys, where do you suggest me to put the create account verification fields FORM ? inside the app, or on the server? and, is there an already made form i can use?

but you should be able to just look at the request being made by looking at the network tab of your browser as it makes this request, and seeing what the structure of that request looks like

is there a list of stripe servers? i would need to white list the ip ranges for the webhook endpoint(s)

spi7fire: you could do either. you'd want to write your own form

ok, let me digest this…thanks tr12

r3wt: https://stripe.com/docs/ips

tr12 : why would i wanna write my own form? its always the same verification fields Stripe asks for

spi7fire: you're using managed accounts, right?

thanks tr12

jen_: np

tr12: yes

spi7fire: then there are multiple ways of doing the onboarding - it's not always going to look the same

when i've implemented it on test mode i kept getting more and more missing verification fields

spi7fire: and the layout of the html form is not the hard part of this problem

(and you are probably going to want to customize this to the look & feel of your own site)

tr12: i guess you're right, i'm just not sure how should i implement it, should i make it a single long form inside my app, should i popup a secured html form in https server..

ok i'll just start and see how it goes :)

spi7fire: stripe is only going to ask for the bare minimum of info - as soon as you provide it, it'll ask for the next amount. if there's no due_by field, you don't need to provide it immediately.

you might choose to just provide all info upfront, though, since this will be a simpler flow

with a managed account what are the pay out options? can we transfer to a credit card? or only bank accounts?

adam_____: either a bank account or a US *debit* card

and as a canadian company there is no probelm transfering to a US account?

that's fine, but the payout will be in USD

how much can we collect on their behalf with just the business name and country?

adam_____: a few thousand

and once they have been verified there is no limit?

adam_____: there's more info here on how the process works: https://support.stripe.com/questions/What-is-th...

i've read through that one...just thought there might be an exact number

last question

if we collect money on behalf of a managed account we can take our fee off the top?

with WooCommerce, is it possible to see reporting on the break down of what was ordered within Stripe?

b7s : I don't think so, but it'd be a better question for WooCommerce

well, i guess my question is, does the API have the ability to send over order information, where I can then run reports within Stripe on that data?

if it does/doesn't in Woo should have the ability to manipulate the outgoing data if it's not already doing it

adam_____: you'd set an application fee on the charge, yes

no we don't support this. You'd build this logic on your end or use metadata

tr12 : thanks, i didnt know that i need to check the due_by field too

ah, ok. yeah i saw metadata on the "payment" page inside of Stripe. Is that the extent of reporting. Just the ability to see the metadata?

b7s : correct. We don't handle product data or details on our end

ok, thanks!

It looks like you published zip file instead of jar to maven: http://search.maven.org/remotecontent?filepath=...

mores : that's a jar file no?

No - after I download it - it thinks it is a zip.

I wonder if there is an issue with maven central.

mores: jar files are based on the zip format, so your tooling may be getting confused

mores: jar files are just zip files that follow a specific format

Looking for advice on how much credit card info I should require my users to input

Currently, I have assumed to set just Name, CVV, Zipcode, card number

TeaHacker : this is up to you here. Really depends on your business, what you sell, which country you customers are in. Obviously the more details you ask for the less likely it is that you'll be hit by fraud or declines

Is there an API for webhooks (i.e. CRUD)?

We use ngrok tunnels for webhook testing with local accounts and it's a pain to manually update them

TeaHacker: as a bit of background, the validating the CVC is very high signal, and the zip/postal code almost as much. the billing address is somewhat useful, and the name is very low signal. (only amex even looks at the name - mc & visa don't even see it)

andrew: no, unfortunately not

Thankyou, that's what I'm trying to figure out. We're located only in the USA, but we will allow other countries to purchase too. We are a SaaS company.

TeaHacker: hmm, I was hoping you sold tea

I wanted to get away with just needing zip and cvc and name

(I once sold tea a few years back!)

I suppose I should note I'm trying to require the user to need to input as little info as possible, but I don't know how much other countries require

TeaHacker: the bare minimum is card number, expiration date, cvc

I didn't want to put street address for example. And I wonder if I have to put Country.

TeaHacker: (cards issued in the US/CA/AU don't even need CVC, but it's still highly recommended)

Ok, thankyou

TeaHacker: card number, expiration date, cvc, zip/postal seems very reasonable

Yes, that's my original plan

I wouldn't bother collecting the name unless you're doing so for other reasons

gotta run

While I'm in the US, is that minimum ok, for tax reasons

With other countries

bye, and thanks again

tax isn't related here

bye!

Hmm, so what info must I need to know of my Euro customers, for VAT tax reasons? (I'm only located in USA)

TeaHacker: We don't really handle VAT for you so it's something you'd need to figure out on your end with your accountant

Ok thank you!

Hi

Just wondering about the standalone connect flow.

I'm building a one page js app and I don't particularly want the user redirected once they have finished registering on stripe..

pauli : you need the redirection to finalize the connection: https://stripe.com/docs/connect/standalone-acco...

seems i can't upload a driver's license from our website since file uploads require the secret key.

i have to maintain pci compliance if i need to upload a driver's license it seems

how do i add an already created bank account to a managed account. im having difficulty understanding how to proceed.

any plans on making it so that stripejs handles file uploads?

heath : PCI compliance covers *card details* nothing else

we don't have plans right now to support this in Stripe.js no but we might in the future

Is there any other event or something that I can hook into in the client stripe library that will fire once they've completed the registration?

r3wt : you can't. You collect their bank account details, create a token and then pass that token to the Create or Update Account aPI

pauli : no. You're the one finishing the connection with that API request so fire an event yourself at that point

Or is it possible to do the redirect in a new window that won't impact the existing app?

lmao, genius. exactly what i asked...

pauli : just open the connection in a new tab?

r3wt : do you mean you figured it out or not?

sorry I don't follow. Why do I need to redirect them to a new page on my server?

Once they've registered on your site why do you do a redirect?

in my users browser..

pauli : I think you're misunderstanding how OAuth works here. It's always a 2 step process. 1st you redirect the user to Stripe to authorize your app. Then we redirect them to your server where you make an API request to finalize the connection

I found the root problem for the jar: http://repository.codehaus.org/com/stripe/strip...

Ah ok.

no, i mean you simply misunderstood what i was asking. i'm creating the bank account with stripe js, then i want to pass that generated id into my backend, create a managed account with the token for that bank account in the sources array, like so: http://puu.sh/nr3mJ/88a8fed39c.png

r3wt : then pass the token in `external_account`

https://stripe.com/docs/api#update_account-exte... works for https://stripe.com/docs/api#create_account