How to properly set the amount when paying with stripe?
up vote
1
down vote
favorite
I do not fully understand the payment process in Stripe. For example, the user must pay $50. What am I am (my app is) doing:
- I show the user a form for entering data about the card.
<form action="your-server-side-code" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_TYooMQauvdEDq54NiTphI7jx"
data-amount="50000"
data-name="Stripe.com"
data-description="Example charge"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-zip-code="true">
</script>
</form>
- After the user has pressed the payment button, I get the object
Requestand get token from it. And after that I fill parameters and one parameter isamount:
String token = request.getParameter("stripeToken");
Map<String, Object> params = new HashMap<String, Object>();
params.put("amount", 50000);
params.put("currency", "usd");
params.put("description", "Example charge");
params.put("source", token);
Charge charge = Charge.create(params);
Why do I send the amount twice? First time on form second time from code?
Why can I not get the amount from the request instead?
params.put("amount", request.getParameter("amount")); //always 0
In all attempts, such a method always returns 0 to me.
How does it work? How is the amount generally related in the first and second steps? What if I specify another amount in the second step? I.e. the user will see $50 on the form and then from the code will I randomly install $60?
It would just be logical to send the amount once and get it from the request.
java stripe-payments
edited yesterday
jonrsharpe
75.8k1096202
asked yesterday
ip696
1,03011034
add a comment |
up vote
1
down vote
favorite
I do not fully understand the payment process in Stripe. For example, the user must pay $50. What am I am (my app is) doing:
- I show the user a form for entering data about the card.
<form action="your-server-side-code" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_TYooMQauvdEDq54NiTphI7jx"
data-amount="50000"
data-name="Stripe.com"
data-description="Example charge"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-zip-code="true">
</script>
</form>
- After the user has pressed the payment button, I get the object
Requestand get token from it. And after that I fill parameters and one parameter isamount:
String token = request.getParameter("stripeToken");
Map<String, Object> params = new HashMap<String, Object>();
params.put("amount", 50000);
params.put("currency", "usd");
params.put("description", "Example charge");
params.put("source", token);
Charge charge = Charge.create(params);
Why do I send the amount twice? First time on form second time from code?
Why can I not get the amount from the request instead?
params.put("amount", request.getParameter("amount")); //always 0
In all attempts, such a method always returns 0 to me.
How does it work? How is the amount generally related in the first and second steps? What if I specify another amount in the second step? I.e. the user will see $50 on the form and then from the code will I randomly install $60?
It would just be logical to send the amount once and get it from the request.
java stripe-payments
edited yesterday
jonrsharpe
75.8k1096202
asked yesterday
ip696
1,03011034
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I do not fully understand the payment process in Stripe. For example, the user must pay $50. What am I am (my app is) doing:
- I show the user a form for entering data about the card.
<form action="your-server-side-code" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_TYooMQauvdEDq54NiTphI7jx"
data-amount="50000"
data-name="Stripe.com"
data-description="Example charge"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-zip-code="true">
</script>
</form>
- After the user has pressed the payment button, I get the object
Requestand get token from it. And after that I fill parameters and one parameter isamount:
String token = request.getParameter("stripeToken");
Map<String, Object> params = new HashMap<String, Object>();
params.put("amount", 50000);
params.put("currency", "usd");
params.put("description", "Example charge");
params.put("source", token);
Charge charge = Charge.create(params);
Why do I send the amount twice? First time on form second time from code?
Why can I not get the amount from the request instead?
params.put("amount", request.getParameter("amount")); //always 0
In all attempts, such a method always returns 0 to me.
How does it work? How is the amount generally related in the first and second steps? What if I specify another amount in the second step? I.e. the user will see $50 on the form and then from the code will I randomly install $60?
It would just be logical to send the amount once and get it from the request.
java stripe-payments
edited yesterday
jonrsharpe
75.8k1096202
asked yesterday
ip696
1,03011034
I do not fully understand the payment process in Stripe. For example, the user must pay $50. What am I am (my app is) doing:
- I show the user a form for entering data about the card.
<form action="your-server-side-code" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_TYooMQauvdEDq54NiTphI7jx"
data-amount="50000"
data-name="Stripe.com"
data-description="Example charge"
data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
data-locale="auto"
data-zip-code="true">
</script>
</form>
- After the user has pressed the payment button, I get the object
Requestand get token from it. And after that I fill parameters and one parameter isamount:
String token = request.getParameter("stripeToken");
Map<String, Object> params = new HashMap<String, Object>();
params.put("amount", 50000);
params.put("currency", "usd");
params.put("description", "Example charge");
params.put("source", token);
Charge charge = Charge.create(params);
Why do I send the amount twice? First time on form second time from code?
Why can I not get the amount from the request instead?
params.put("amount", request.getParameter("amount")); //always 0
In all attempts, such a method always returns 0 to me.
How does it work? How is the amount generally related in the first and second steps? What if I specify another amount in the second step? I.e. the user will see $50 on the form and then from the code will I randomly install $60?
It would just be logical to send the amount once and get it from the request.
java stripe-payments
java stripe-payments
edited yesterday
jonrsharpe
75.8k1096202
asked yesterday
ip696
1,03011034
edited yesterday
jonrsharpe
75.8k1096202
asked yesterday
ip696
1,03011034
edited yesterday
jonrsharpe
75.8k1096202
edited yesterday
jonrsharpe
75.8k1096202
edited yesterday
jonrsharpe
75.8k1096202
75.8k1096202
asked yesterday
ip696
1,03011034
asked yesterday
ip696
1,03011034
asked yesterday
ip696
1,03011034
1,03011034
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Setting the amount from the frontend is a security and fraud risk. For example, the customer could easily use a browser extension or other tools to change the amount that is sent in the request. If your backend blindly trusts this amount, it's possible for an attacker to create an order on your system, but change the price to $0.01 for example.
That's why you should determine the price to charge only on your backend based on the items in the order/shopping cart, essentially.
data-amount is purely for display to the user, and the amount you pass to the Create Charge API is the actual amount they will be charged.
answered yesterday
karllekko
777117
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Setting the amount from the frontend is a security and fraud risk. For example, the customer could easily use a browser extension or other tools to change the amount that is sent in the request. If your backend blindly trusts this amount, it's possible for an attacker to create an order on your system, but change the price to $0.01 for example.
That's why you should determine the price to charge only on your backend based on the items in the order/shopping cart, essentially.
data-amount is purely for display to the user, and the amount you pass to the Create Charge API is the actual amount they will be charged.
answered yesterday
karllekko
777117
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
add a comment |
up vote
2
down vote
accepted
Setting the amount from the frontend is a security and fraud risk. For example, the customer could easily use a browser extension or other tools to change the amount that is sent in the request. If your backend blindly trusts this amount, it's possible for an attacker to create an order on your system, but change the price to $0.01 for example.
That's why you should determine the price to charge only on your backend based on the items in the order/shopping cart, essentially.
data-amount is purely for display to the user, and the amount you pass to the Create Charge API is the actual amount they will be charged.
answered yesterday
karllekko
777117
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Setting the amount from the frontend is a security and fraud risk. For example, the customer could easily use a browser extension or other tools to change the amount that is sent in the request. If your backend blindly trusts this amount, it's possible for an attacker to create an order on your system, but change the price to $0.01 for example.
That's why you should determine the price to charge only on your backend based on the items in the order/shopping cart, essentially.
data-amount is purely for display to the user, and the amount you pass to the Create Charge API is the actual amount they will be charged.
answered yesterday
karllekko
777117
Setting the amount from the frontend is a security and fraud risk. For example, the customer could easily use a browser extension or other tools to change the amount that is sent in the request. If your backend blindly trusts this amount, it's possible for an attacker to create an order on your system, but change the price to $0.01 for example.
That's why you should determine the price to charge only on your backend based on the items in the order/shopping cart, essentially.
data-amount is purely for display to the user, and the amount you pass to the Create Charge API is the actual amount they will be charged.
answered yesterday
karllekko
777117
answered yesterday
karllekko
777117
answered yesterday
karllekko
777117
answered yesterday
karllekko
777117
777117
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
add a comment |
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Does the amount I show to the user on the form in the formation of the token? ie, if I show him one amount and send another from the code, is it not possible that the token is invalid?
– ip696
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
Nope, the token doesn't have any connection to the amount, it just represents a payment source. So you can certainly display one and charge another and the API won't reject that, but naturally you shouldn't really do that by design.
– karllekko
yesterday
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53203419%2fhow-to-properly-set-the-amount-when-paying-with-stripe%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
