FROM CACHE - en_header
Promotion image

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

Checkout API payments endpoint doesn't return 3DS redirect URL when using Stripe

Solved

Checkout API payments endpoint doesn't return 3DS redirect URL when using Stripe

JamesGilmore
Shopify Partner
10 1 2
‎05-25-2022 06:30 AM

Hi Shopify,

 

We've been having significant issues with your Checkout API for several months now, and was hoping reaching out to the community post might have better luck in finding a resolution.

 

Issue

We are using the Checkout API with our own public app which has been successfully registered as a sales channel and the payment processing has also been enabled (app id = 1787235).

When we create our checkout, add in line items, add the shipping/billing address and set the shipping method, when we try to pay for the checkout to generate the order, if we use a card which requires a 3DS authentication, the transaction will always fail. As described in the documentation we should expect the `next_action` field to contain a URL, for us to redirect our users, so they can authenticate. Despite hundreds of tests, we've never received a redirect URL when calling the `payments.json` endpoint. Even when continuously polling this endpoint, do we ever receive one. Finally, Shopify will "process" the payment, and of course, will mark it as failed. The error message given to us is:

Cannot transition status via :mark_as_errored from :redirect_required (Reason(s): Provider can't be blank, Checkout can't be blank, Checkout credit card can't be blank, Payment attempt can't be blank)

 N.B. Using a card that doesn't require a 3DS authentication (typically US cards) is processed fine without issue, and we even have this working in production.

 

Investigation Attempts

We have tried countless different ways to try and resolve this including:

  • Using different test cards
  • Using different real cards
  • Making the payment to either a real or test Shopify shop
  • Using different API versions
  • Use the Shopify Vault instead of using Stripe
  • Tried to create the Stripe Payment Intent ourselves (This didn't work as the Stripe account given to us in the `shopify_payment_account_id` field blocks you from calling this endpoint of Stripes sadly)

 

Possible resolutions

We know through contact with Shopify support that you are taking the Tokenised key, and then passing it to the Stripe Payments Intent API. We've done this ourselves and managed to get back the 3DS redirect URL without issue. I honestly think Shopify is not parsing the PaymentIntent response back properly and providing little to no validation of this.

 

Has anyone run into this issue before? Could someone please investigate this issue on the Shopify side?

1,719 Views
0 Likes
Report
Accepted Solution (1)

JamesGilmore
Shopify Partner
10 1 2
‎06-17-2022 05:57 PM

This is an accepted solution.

For anyone coming across this in the future, we finally got to the bottom of this issue and it is comical to say the least!

 

Direct from Shopify Support:

"""

What we have found is that Shopify's Checkout API does not support 3DS for stripe tokenized cards, so when the 3D secure link is prompted by Stripe, Checkout API is not able to pass along that info to Lyst or the buyer. This is the way things were built and it's unfortunate we are just learning this now from our Payments team.

 

  1. Instead of vaulting payment through Stripe to our checkout API, become a direct payment provider. Docs are here: https://shopify.dev/api/admin-rest/2022-04/resources/payment#post-https:-elb.deposit.shopifycs.com-s...  The issue here is that you need elevated PCI compliance in order to utilize this solution, as it's only available for direct payment gateways. More on direct payment providers here: https://help.shopify.com/en/manual/payments/third-party-providers?shpxid=6d49ce6e-3764-4C9D-D3B8-007... but I'm assuming Lyst is already quite familiar with this as a marketplace.  
  2. Use Shopify web checkout. Dev docs are here: https://shopify.dev/marketplaces/cart-and-checkout  This route is not as native of a checkout experience as using the Checkout API, but tools like Cart API do allow for multiple Shopify merchants to add to a single cart, but each checkout will pop up as a web checkout individually (see here for an example)

 

That was a strategic choice that was made when the API was first built. It’s my understanding that 3DS cards are supported, but not when tokenized through Stripe. 
This has never happened before with partners to our knowledge, but even so, Shopify has changed most of our checkout options for partners and will not be adding any Checkout API functionality.
"""
 
That took us 4 painful months to reach that conclusion!

View solution in original post

1,664 Views
2 Likes
Report
Replies 2 (2)

JamesGilmore
Shopify Partner
10 1 2
‎06-17-2022 05:57 PM

This is an accepted solution.

For anyone coming across this in the future, we finally got to the bottom of this issue and it is comical to say the least!

 

Direct from Shopify Support:

"""

What we have found is that Shopify's Checkout API does not support 3DS for stripe tokenized cards, so when the 3D secure link is prompted by Stripe, Checkout API is not able to pass along that info to Lyst or the buyer. This is the way things were built and it's unfortunate we are just learning this now from our Payments team.

 

  1. Instead of vaulting payment through Stripe to our checkout API, become a direct payment provider. Docs are here: https://shopify.dev/api/admin-rest/2022-04/resources/payment#post-https:-elb.deposit.shopifycs.com-s...  The issue here is that you need elevated PCI compliance in order to utilize this solution, as it's only available for direct payment gateways. More on direct payment providers here: https://help.shopify.com/en/manual/payments/third-party-providers?shpxid=6d49ce6e-3764-4C9D-D3B8-007... but I'm assuming Lyst is already quite familiar with this as a marketplace.  
  2. Use Shopify web checkout. Dev docs are here: https://shopify.dev/marketplaces/cart-and-checkout  This route is not as native of a checkout experience as using the Checkout API, but tools like Cart API do allow for multiple Shopify merchants to add to a single cart, but each checkout will pop up as a web checkout individually (see here for an example)

 

That was a strategic choice that was made when the API was first built. It’s my understanding that 3DS cards are supported, but not when tokenized through Stripe. 
This has never happened before with partners to our knowledge, but even so, Shopify has changed most of our checkout options for partners and will not be adding any Checkout API functionality.
"""
 
That took us 4 painful months to reach that conclusion!
1,665 Views
2 Likes
Report
In response to JamesGilmore

Jakeyd
Shopify Partner
11 1 2
‎05-23-2023 02:17 AM

Hey James!

Thanks for providing this. It's super helpful.

I am facing the same challenge.

What resolution did you go for in the end?

Jake

1,287 Views
0 Likes
Report
Terms of Service Privacy Policy