Stripe (Payment method)

This an app I made explaining how to use some of the functions of Stripe

Any feedback please don’t doubt to tell me

Stripe App

https://x.thunkable.com/copy/be592f7f05a3a7791d2cb0803d70b49c

3 Likes

This looks very interesting, and the app looks really nice too!

1 Like

Hi Daniel,

Thank you for sharing the project !! it is a great implementation.

I’ve spent the last few days learning about payment apis and I have a question regarding security.
my understanding is that stripe implementations use client side Tokenization ( credit card info is encrypted prior to being sent to stripe server) where as
with an api call the credit card info goes to the server then a token is generated making the credit card info vulnerable.

is it possible to secure this data transfer? any tips on how this is best handled ?

well ! when you make an API call with HTTPS is secure it means that no hacker could interfere with the call and see the credit car info. you don’t need to store the users credit car info since you can created a token for the credit car(Create Customer) and re-use it when the customer makes a purchases again and that token will only work for your stripe account

so for a hacker to use that credit car first will need the token of the card and then your API secret key and will only work to make purchases into your account… and then retrieve the money from your account? that means he will have to pass more security process like 2 step verification, passwords all the secure methods you use … It seems like is very difficult for you to get hack or your Customer as long as you never save customers credit card in anywhere this is why you’ll register the customer and get the token if the customers wants … you have to asked them if they want to register the card.

this is how I understand it , always search more info in other sources

Hope this works!! or this anwers your doubt

Thanks really interesting info. I guess if any payment service provides webAPIs, it can be done with Thunkable.

hi gobassky,

technically yes but please familiarize yourself with PCI standards first. https://www.pcisecuritystandards.org/

1 Like