Checkout API supporting Stripe payment intents

Retired Boards Appdev Custom Storefronts

Topic summary

Developers seek Checkout API support for Stripe Payment Intents (for SCA) and a headless flow that maintains SAQ A PCI scope and avoids redirecting to Shopify’s web checkout. They also ask how to include PayPal in a headless checkout.

Shopify’s guidance: use the Web Checkout URL for a fully PCI-compliant checkout (supports PayPal), or request payment processing permissions to use API-based checkout. Hosted fields (e.g., Spreedly) or Stripe Elements can create a token passed via the Checkout mutation, avoiding card data on merchant servers.

Key concerns: current API appears tied to Stripe’s legacy Charges API, not Payment Intents/SCA. Customizing Shopify Checkout is limited to Shopify Plus, which is cost-prohibitive for many. Developers want an intent-secret flow and clarity on reflecting Stripe Elements payments as Shopify orders.

Community workaround: store and tokenize cards in Stripe (server-side with secret key), attach to a Stripe Customer, then obtain a token for the default or specific card and include the Shopify connected account id. This enables saved payment methods reuse but does not use Payment Intents or SCA flows.

Status: no official timeline or resolution; multiple follow-ups request updates. Terms: SAQ A keeps card data off merchant servers; SAQ A-EP involves merchant servers. Links to docs are central.

Summarized with AI on February 14. AI used: gpt-5.
9

I was able to figure out how to store cc’s on Stripe and then tokenize them for use with Shopify Checkout API. You won’t be able to use Payment Intents, but you can still save payment methods and have your clients re-use them. The steps done with the Stripe API can also be done with the SDK.

  1. Tokenize the card with the Stripe’s secret key, not the front end call that’s documented in Shopify. I get these from the Stripe Elements component and pass it to my back end for the tokenization call.

  2. Attach the card to a Customer
    POST to https://api.stripe.com/v1/customers/{customerId}/sources with body
    source={token from step 1}

  3. Customer should have a new source attached to it

  4. On your checkout process when creating the token if the cc you want to use is not the default, you’ll need to call the token endpoint with the Stripe secret key again and send the body
    customer={customerId}&card={cardId} or just the customer parameter which will return a token for the default_source.

    Remember to send the Stripe connected account id that comes from the checkout’s shopify_payments_account_id field.

Hope this helps!