Stripe - confirming payments

shamakkubisa · 2024-09-12T17:14:55.017Z

Hi,
Im revising my system for confirming payments, the way I set it up was with a webhook from Stripe that tells me if the charge was successful, but this comes with many issues, I realised i can just check if the payment was captured in the same workflow,

so the question is whats the better solution ?

webhook from stripe, or just checking if the payment was captured ?

image1920×1080 227 KB

boston85719 · 2024-09-12T17:39:06.429Z

I use webhooks

shamakkubisa · 2024-09-12T17:50:04.088Z

any particular reason?

Ive been testing the “captured” workflow and it seems to work fine

boston85719 · 2024-09-12T17:55:22.410Z

It allows me to run other actions that need to be run in the backend once the payment has been made and is quicker than having to run an API call to check if the payment was captured. I try to use webhooks from Stripe as much as possible in relation to payments.

Zeroic · 2024-09-12T18:34:23.707Z

Same here
Quick question for my understanding here @boston85719 - do you think implementing this client side would prove to be a security issue? I don’t entirely think so but just curious to get your thoughts on this.

boston85719 · 2024-09-13T04:32:50.265Z

I don’t portray myself as an online security expert, so can not say definitively it is or not. If the stripe client keys and secret keys are private and not exposed by the call on client device, I’d say there is no concern. As far as I know it’s not possible to trick the response from Stripe so as to make the API response be different than it should in terms of showing false confirmation of payment.

But if secret key and client key are not protected, it is a security issue.

system · 2024-11-21T17:15:50.207Z

This topic was automatically closed after 70 days. New replies are no longer allowed.