Checkout API supporting Stripe payment intents

matthewhardern
Visitor
2 0 8

Hi

 

I am struggling to see from your docs whether what we want as a company is possible so I shall describe what I am looking for as a developer.

 

First off the rest of your API is great and gives full capabilities to create a headless commerce solution that suits our needs, unfortunately your Checkout API is lacking in two key areas from what I can see (please correct me if I am wrong).

When making a checkout complete request via stripe the only option seems to be using token gained via transmitting card details to our server to obtain a token.

This requires our company to be SAQ A-EP PCI level compliant. This seems like an odd choice for people trying to use the Shopify Storefront API, most companies are wanting to be SAQ A PCI compliant. With Stripe we use Stripe elements and payment intents API. So from our point of view I would expect the Storefront Checkout API to have a method to get the Intent secret and then confirm the payment by completing the checkout. Don't seem to be able to see this??

So if the above is not currently possible is it likely to be part of the API anytime soon?? If I could get an answer from Shopify Dev on this would be awesome.

Also how is it possible to integrate PayPal into the Storefront Checkout API??

Replies 10 (10)

vix
Shopify Staff
540 103 121

Hey @matthewhardern 

 

As you have seen in the docs, there are a few ways to complete a checkout. The most common option is the Web URL / Checkout. This will spin up a fully PCI compliant Shopify checkout that handles the secure transaction for you. With this option, you will be able to use the payment gateway of your choice, including having PayPal as an option. 

 

If you are looking at utilizing the API options for checkout, please remember you will need to go through the payment processing permissions request. 

 

With the options, there are different levels of PCI scope available. For example, with Spreedly they have hosted fields you can launch in an IFrame with https://docs.spreedly.com/guides/adding-payment-methods/iframe/ to send the data. 

 

Although not explicitly stated, you should be able to continue to use Stripe Elements as the hosted fields to create the token. Once received, you can pass that to Shopify through the mutation listed in the docs. This will avoid sending CC information to your server. 

To learn more visit the Shopify Help Center or the Community Blog.

matthewhardern
Visitor
2 0 8

Hi,

 

Thanks for replying, Unfortunately the solutions you provide are not quite up to what I am looking for, while also not what people are looking for. PCI compliant Shopify checkout can only be customised in shopify plus. As medium to small size businesses we are unlikely to want to fork out your minimum $2000 price tag for the privilege of being able to have a customised checkout. While its good to note that you support stripe elements, it seems you only support the OLD api https://stripe.com/docs/payments/charges-api  it gives the warnings of  "The Charges API is an older payments API that does not handle bank requests for card authentication. Try our new payments APIs and integrations instead."

So yet again it seems like your API is not up to scratch to support the latest https://stripe.com/docs/payments/payment-intents API which is a real shame as your other GraphQL endpoints are perfect for making modern Headless commerce solutions. When is it likely that the Checkout API will support a SCA compliant version of stripe elements (one of the most common payment integrations used), can you provide an idea on when the API is likely to support this to help aid building modern Headless commerce solutions.

 

Thanks

JoseGarcia
Visitor
1 0 2

Hi, 

 

    I am also looking for this answer, we are also building a Headless Store and we are missing clarity on how to reflect the payments done through Stripe Elements in an order in Shopify through the API. 

 

Can you let us know if this is possible? We want to avoid the user having to pay through the Shopify weburl as this takes them out of the site experience. 

sothychan
Shopify Partner
3 0 2

Hi, also in need of this.  Any updates so far?

 

alexAlm
Visitor
2 0 1

Also need more info on this! need to integrate saved payment methods with the Checkout API process

jaddison
Tourist
9 0 12

@matthewhardern did you ever manage to get this resolved? I am also looking to use Stripe's payment intents.

gabrielmlinassi
Tourist
5 0 4

Also looking for how to get it done

alexAlm
Visitor
2 0 1

I was able to figure out how to store cc's on Stripe and then tokenize them for use with Shopify Checkout API. You won't be able to use Payment Intents, but you can still save payment methods and have your clients re-use them. The steps done with the Stripe API can also be done with the SDK.

  1. Tokenize the card with the Stripe's secret key, not the front end call that's documented in Shopify. I get these from the Stripe Elements component and pass it to my back end for the tokenization call.
  2. Attach the card to a Customer
    POST to https://api.stripe.com/v1/customers/{customerId}/sources with body
    source={token from step 1}
  3. Customer should have a new source attached to it
  4. On your checkout process when creating the token if the cc you want to use is not the default, you'll need to call the token endpoint with the Stripe secret key again and send the body
    customer={customerId}&card={cardId} or just the customer parameter which will return a token for the default_source.

    Remember to send the Stripe connected account id that comes from the checkout's shopify_payments_account_id field.

 

Hope this helps!

gabrielmlinassi
Tourist
5 0 4

@matthewhardern did you manage to resolve it?

shehanthamel
Visitor
1 0 1

Any updates on this issue as of now? I'm trying to understand how to use Stripe payment intents with Shopify Checkout APIs.