Is creating Stripe Payment Backend API secure? - spring-boot

I want to process Stripe payment to create stripe subscription.
For that I need to pass card number, expiration date, cvc to my backend api.
Is it secure to create Stripe payment this way?
If it is not secure, what methods can I use to secure the subscription request to the backend api?

This is not recommended. Instead, you should collect payment details securely with Stripe Elements (docs)and use the safe IDs returned by that to collect payments.
If you are PCI compliant, you should contact Stripe support for assistance with enabling your account to process card details directly.

Related

How to provide authorization for a Laravel App to charge customer from services and products availed (NOT SUBSCRIPTION OR RECURRING)

I just want to ask how to implement this process in my Laravel 7 app.
On a logged user, he will setup his payment method using Paypal account (some redirection to Paypal page)
After success registration/setup of Paypal account, the app can now charge customer with service/products he availed.
This is not a subscription or recurring payments.
I'm reading the Paypal API Docs but I don't know where should I focus since I don't know the real Paypal Terminology for that kind of process.
NOTE: I already implement this kind of process but on Stripe only where the customer setup his Card or Bank Account then the app can charge the customer.
On PayPal this used to be known as "Reference Transactions with Billing Agreements", and in very new integrations it's called Vault (v2 REST API vault, not the old v1 REST Vault which is of no use)
This functionality is only available if PayPal turns in on for your production account, so you need to contact PayPal about it, specifically the business side of PayPal via https://www.paypal.com/smarthelp/contact-us (not the MTS technical support, they don't enable new features)
If reference transactions does get enabled and approved for your live/production business account (no guarantee of this), then PayPal will guide you on which specific API to use, which could be the newest v2 Vault or something else.

Using Braintree with Laravel to create customer id to use for future purchases

Not too long ago Payment gateways allowed you to create customer profile accounts and store their credit card info with the gateway and use the returned customer id to make future purchases with ease.
I am trying to do this with Laravel cashier and Braintree. I followed the docs here https://laravel.com/docs/5.5/billing#braintree-configuration and it set up fine. I am able to do one time charges and subscriptions.
Is there a way to store the customers credit card info on Braintree ( Vault? ) and retrieve it using their customer id everytime they want to buy something?
I can retrieve the Payment Nonce but that seems to be for a one time use.
Since the Laravel Cashier API wrapper provides the ability to create subscriptions within Braintree, it is certainly creating customers with saved payment methods prior to creating the subscriptions, since that is a Braintree requirement.
The Laravel Cashier docs don't show a standalone customer create call, so you may need to use the Braintree Customer Create API Call.

Integrate payment Gateway with rails

Right now we are owner of site. And we do have 2 types of users. One can organize events and another users can sponser that event. so what I actually need is that once sponsor will do payment to event organizer then entire payment will go in our account.
after verification from our side we will keep 20% of total payment in my account and remaining will goes into event organizer's account.
Any Payment gateway provide this kind of setting.
use gem 'stripe'through easy to Integrate payment Gateway with rails
Stripe Docs

Server to Server Payments using Braintree

I'm currently interested in using Braintree to make payments from a server using credit card credentials that I currently hold to another payment server.
Currently, the payment nonce is generated by the Braintree Client SDK when a client enter in his credit card details.
However, I want to set it up such that my server, which already contains my credit card details, will generate the payment nonce and send it to another server which accepts Braintree payment nonces.
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
If you already have the credit card details, you can first create a payment method from those. Once you have a payment method you can treat it just like you would a nonce to create transactions.
Just keep in mind this has additional PCI concerns with raw credit card data being present on your server.

Can you store credit card details in the vault, without charging them, with Braintree v.zero?

With the old Braintree API it was possible to just store credit card details in the vault to charge later (for a variable subscription model). Is it possible to do this with their v.zero API? I looked at their documentation and it wasn't clear. It mentions it can do it with Paypal accounts but I'm not sure if this includes credit cards (no Paypal).
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
Yes! When a customer fills out their credit card information in the Drop-in it is processed by the Braintree API. Once complete, the client receives the payment method (i.e. credit card) nonce which should be sent to your server. This nonce can be used for a whole variety of tasks including simply storing in the vault, as you are trying to do:
result = Braintree::PaymentMethod.create(
:customer_id => "131866",
:payment_method_nonce => nonce_from_the_client
)
Steps:
Your client embeds the Drop-in
User fills out data in Drop-in
Client receives Nonce
Client sends Nonce to server
Server uses nonce to create a payment method in the vault
Cheers!

Resources