Validation of the card

The Credit Card number field is validated using Luhn’s algorithm in real-time and also the card type is detected automatically using regular expressions by Stripe. So, we don’t have to worry about the authenticity of the card number. If the user’s card is not supported in a particular geographical region, Stripe handles that and declines the card automatically with an error message. More importantly, Stripe does not save your Credit card number or CVC. It follows a tokenization algorithm to securely save the details of your card which can be reused later by the user.

Once your card is valid and has been accepted, stripe creates an object of type PaymentMethod which includes the expiry date of the card, the last 4 digits(an object of type Card contains this information) and of course, a payment method id. The payment method id will be used for saving the cards which we will see in the upcoming steps.

Customer Creation

Once you have received the paymentMethod object, you can create a new Customer in Stripe for that particular user. Since this part is mostly handled in the server-side, we will just be passing the payment method’s id to the back end.

void setError(dynamic error) {

//Handle your errors

} await StripePayment.paymentRequestWithCardForm(

CardFormPaymentRequest(),

).then(

(PaymentMethod paymentMethod) async {

final http.Response response = await http.post(

'YOUR_URL/{paymentMethod.id}',

headers: <String, String>{

//Headers for your request

},

);

}

).catchError(setError);

Once, you receive the paymentMethod id in the server-side, you can create a new Customer and attach this id to that Customer.

Integration with Rails

The first step in Rails would be the installation of ‘stripe’ gem into your application.

gem stripe

Then your controller needs to be configured with the test secret key provided in your Stripe account.

require "stripe"

Stripe.api_key = "<YOUR_SECRET_KEY>"

Creating a new Customer

Now, let’s create a Stripe customer and then attach the payment method that is returned by the client-side to the customer.

@customer = Stripe::Customer.create({

description: 'Customer creation',

email: xxx@example.com,

payment_method: '<payment_method_id>', #returned from client-side

})

The customer object is used for tracking multiple payments associated with the same customer. The above code snippet creates a customer with their email and the payment method is attached to the customer object (For additional attributes in Stripe customer creation, refer to the Stripe documentation).

Creating a PaymentIntent

Once a customer object is created, you can create a PaymentIntent . PaymentIntent object is created to simplify the complexity of asynchronous payment flow by keeping track of the lifecycle of the checkout initiated by the customer. For each transaction, exactly one payment intent is created.

@intent = Stripe::PaymentIntent.create({

amount: price_in_cents,

currency: 'gbp',

payment_method_types: ['card'],

customer: @customer.id,

payment_method: @payment_method_id,

confirmation_method: 'manual',

confirm: true

})

Here confirmation_method can be automatic or manual . Automatic confirmation method is handled by the publishable key and is used when the payment intent is confirmed on the client-side. Manual confirmation method is handled by the secret key and the payment intent status results in either ‘requires_confirmation’ or ‘requires_action’ after the next actions are performed.

If the status of the intent is requires_confirmation , the payment is confirmed automatically since we provide explicit confirmation using the confirm attribute. Then the status is changed to succeeded and the after payment logic is handled if necessary.

If the status of the intent is requires_action , then the client_secret in the paymentIntent object is returned to the client-side to perform authentication.

if intent.status == ‘requires_action’

return intent.client_secret

elsif intent.status == ‘requires_confirmation’

intent = Stripe::PaymentIntent.confirm('<payment_intent_id>')

elsif intent.status == ‘succeeded’

...after payment logic...

After the authentication is performed by the client-side, the status of the payment intent changes to requires_confirmation . Then the payment intent is confirmed using the id of the intent returned from the client-side. After confirmation, the status is changed to ‘succeeded’ and the after payment logic is handled if necessary.

Note: The PaymentIntent can be created and confirmed in the client-side also using the curl command and confirmPaymentIntent() method(refer the official Stripe documentation). But since we’re using a database to store the transaction details, I just preferred doing it in the server-side.

Authenticating a paymentIntent

After receiving the client_secret of the paymentIntent from the server-side, we can authenticate the paymentIntent from the client-side using the authenticatePaymentIntent() method.