Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Does this library generate tokens client side?
See original GitHub issueHi,
Thank you for all of the work on this. I’ve looked through some of the source code and the README, and am uncertain whether the token is generated on the client side.
It appears you are posting the payment details to the https://api.stripe.com/v1/tokens endpoint (documented here, which might be advised against in the docs. They recommend using Checkout, Elements, or the native ios/android libraries, since the tokenization is done in the client.
Am I correct in my understanding, or is there only a risk if I were to send the payment information to my server before sending it to stripe? I tried digging into https://js.stripe.com/v3/, but am uncertain wether they create the token the same way.
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey @jeff-da, I see you are no longer at Expo, but maybe you can still answer my question.
In Stripe’s Integration Security Guide, there’s a section that outlines what a developer needs to do in order to bc PCI compliant. Since this lib seems to be hitting the
https://api.stripe.com/v1/endpoint, doesn’t this technically mean tokenization occurs on a server?I realize that the server is not expo’s or my own, but it seems Stripe strongly advises against this practice, and a business using this implementation would need to fill out a lot of paperwork:
My understanding could be incorrect, but please advise to the extent you can. As an aside, I also realize that Expo now suggests a different method for implementing payments, outlined here, but I am still curious for my own understanding.
Thanks !
Hey! There’s a couple questions here, so I’ll do my best to answer each of them.
The token is generated on the client side; in the sense that everything is done in the client-side Expo application and you don’t need to set up a server to generate tokens. This aligns with the way that Stripe normally does token generation (ex. in websites). Stripe recommends using Checkout, Elements, and the native ios/android libraries, and they are the easiest ways to generally integrate Stripe into an application because Stripe creates the UI and card fields for you. However, each cannot be used for their own reasons: Checkout needs HTTPS, Elements needs a DOM, and the native ios/android libraries require a native iOS/Android application.
You cannot send the raw card details to your own server. This module allows your application to stay PCI compliant by generating the card token on the client, which you can then send to your server to process the payment safely.
On another note, I’m working on integrating the native iOS/Android libraries with Expo right now (so you’ll be able to import them via Expo). The main advantage to this is not creating Stripe tokens, but rather being able to integrate Stripe’s UI elements in your mobile application (ex. Apple Pay and Android Wallet).