英文:
Stripe ConfirmCardPayment (frontend) vs paymentintent.Confirm (backend)
问题
在前端中选择confirmCardPayment
和在后端中选择paymentIntent.Confirm
的时机是什么?
目前我们的应用程序允许您以访客身份结账,如果您不是访客,则可以保存信用卡或使用已保存的卡。
所有这些流程都可以在前端不使用confirmCardPayment
,在后端不使用paymentIntent.Confirm
的情况下工作。
我猜想,有时候信用卡支付需要额外的身份验证,这时我们需要在前端或后端进行确认。 (此外,什么时候/为什么信用卡需要额外的身份验证?我对这个领域还不太了解,希望能学到更多)
我们的代码基本上遵循以下流程:https://github.com/stripe-samples/saving-card-after-payment/blob/master/without-webhooks/server/go/server.go
PS:上面链接的TLDR如下:
前端:
- 使用给定的卡或已保存的卡创建支付方式。
- 发送POST /pay API到后端。
后端:
-
接收API(验证用户是否已认证-在我们的情况下)。
-
创建要发送到Stripe的支付意图,其中包括来自前端的paymentmethodID和来自我们后端的customerID(我们预先创建的Stripe的客户ID)。
Stripe将返回带有状态的支付方式。
前端和后端都不需要确认。
如果同一支付方式尝试用于另一个客户,则失败。
如果同一支付方式用于同一客户(已保存的卡行为),则可以正常工作。
英文:
When would you choose confirmCardPayment
in the front end and when would you choose paymentIntent.Confirm
in the backend?
currently our app allows you to checkout as guest, save a credit card if you are not a guest or use a saved card.
All of these flows work without confirmcardpayment
on the frontend and without the paymentintent.confirm
on the backend
I'm guessing there will be a time where a card payment requires extra authentication and that is when we need to either confirm in the front end or conifrm in the backend? (Also, when/why would a card require extra authentication? New to this space and looking to learn)
Our code pretty much follows this: https://github.com/stripe-samples/saving-card-after-payment/blob/master/without-webhooks/server/go/server.go
PS: The TLDR from the above link is:
Front end:
- Creates a paymentmethod with a given card or saved card.
- Sends POST /pay API to backend
Backend:
-
Receives API (validates if user is auth or not - in our case)
-
Creates a payment intent to be sent to stripe with paymentmethodID from frontend AND customerID gotten from our backend (Stripe's customer id that we created beforehand)
Stripe returns us the paymentmethod with status.
No confirmation on either front.
If same payment method tries to get used for another customer, fails.
If same payment method gets used for same customer (Saved card behavior) it works.
答案1
得分: 2
我猜想会有一段时间,信用卡支付需要额外的身份验证,这时我们需要在前端或后端进行确认。你需要在前端进行确认,因为需要进行客户身份验证。在前端进行确认会尝试支付,并且Stripe JS库还会呈现任何需要的额外UI,比如客户银行的3D Secure身份验证页面。
这对于接受其他类型的支付方式也很重要(你应该这样做,因为在结账流程中增加更多的本地支付方式可以提高客户转化率)。例如,使用iDEAL进行的支付需要重定向到客户的银行,这也是在客户端处理的。详见:https://stripe.com/docs/payments/ideal#payment-flow
在欧洲和英国,几乎任何交易现在都需要3D Secure身份验证,而且在全球范围内这种情况只会变得更加普遍。详见:https://stripe.com/docs/strong-customer-authentication,https://stripe.com/docs/payments/3d-secure,https://support.stripe.com/questions/strong-customer-authentication-sca-enforcement-date
你提供的代码基本上遵循了这个流程。你提供的Github链接/流程是使用Stripe的另一种方式,其中你在后端尝试支付,如果需要身份验证,则需要进行往返。但通常更倾向于使用客户端确认,因为这样更适用于接受其他支付方式。请参阅https://stripe.com/docs/payments/accept-a-payment-synchronously上的说明。
英文:
> I'm guessing there will be a time where a card payment requires extra authentication and that is when we need to either confirm in the front end or conifrm in the backend?
You need to do this on the frontend because of customer authentication yes. Confirming on the frontend attempts the payment, and the Stripe JS library will also present any additional UI needed like the customer's bank's 3D Secure authentication page.
That is also important for accepting other types of payment methods(which you should, as having more local payment methods in your checkout flow increases customer conversion). E.g., payments using iDEAL require a redirect to the customers bank which again is handled on the client side. https://stripe.com/docs/payments/ideal#payment-flow
> (Also, when/why would a card require extra authentication? New to this space and looking to learn)
Pretty much any transaction in Europe and the UK requires 3D Secure authentication right now, and it's only becoming more prevalent worldwide
https://stripe.com/docs/strong-customer-authentication
https://stripe.com/docs/payments/3d-secure
https://support.stripe.com/questions/strong-customer-authentication-sca-enforcement-date
>Our code pretty much follows this
The Github link/flow you linked is an alternative way of using Stripe where you attempt the payment on the backend and then need to do a round-trip if authentication is required , but it's generally preferred to use client-side confirmation as it's more scalable for accepting other payment methods. See the notes on
https://stripe.com/docs/payments/accept-a-payment-synchronously
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论