-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add new stripe guide #371
Merged
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| --- | ||
| toc_max_heading_level: 2 | ||
| --- | ||
|
|
||
| import GettingStartedSection from "@site/src/components/docs/_getting-started-section.mdx"; | ||
| import { Alert, Alerts } from "@site/src/components/shared/Alert"; | ||
| import { Enterprise } from "@site/src/components/shared/Enterprise"; | ||
|
|
||
|
|
||
| # Backup Your Stripe Tokens | ||
|
|
||
| In the ever-evolving world of online transactions, prioritizing innovation and operational efficiency is becoming critical to organizational payment divisions. This is even more true with the potential for sudden Stripe account terminations, the need for scalable payment processing solutions beyond a single provider, and other payment services to drive new revenue and cost savings. In some cases, merchants and platforms with a multiprocessor payment ecosystem must create a unified wallet system or single source of truth for consumer profiles. | ||
|
|
||
| This guide explores using the Stripe Forwarding API in tandem with Basis Theory's secure Vault to open access to card data and enable new opportunities without making any changes to your existing Stripe integration. | ||
|
|
||
|  | ||
|
|
||
| ## Getting Started | ||
|
|
||
| <GettingStartedSection /> | ||
|
|
||
| ### Request Access to Stripe Forwarding API | ||
|
|
||
| [Click here to create](https://dashboard.stripe.com/login?redirect=https://support.stripe.com%2Fcontact%2Femail%3Fquestion%3Dother%26topic%3Dpayment_apis%26subject%3DI%20need%20access%20to%20the%20Vault%20and%20Forward%20API%26body%3DHi%20Stripe%20team.%20I%20would%20like%20to%20request%20access%20to%20the%20Vault%20and%20Forward%20API%20to%20store%20payment%20method%20details%20with%20my%20own%20token%20vault%2C%20outsourced%20by%20Basis%20Theory%2C%20Inc.%20Please%20find%20their%20PCI%20Attestation%20of%20Compliance%20attached.%20The%20target%20endpoint%20is%20https%3A%2F%2Fapi.basistheory.com%2Ftokens) a Stripe support request following this template: | ||
|
|
||
| ```text | ||
| Account | ||
| Select your Stripe account | ||
|
|
||
| What do you need help with? | ||
| Payment APIs | ||
|
|
||
| What is your question? | ||
| I need access to the Vault and Forward API | ||
|
|
||
| Tell us more — how can we help? | ||
| I would like to request access to the Vault and Forward API | ||
| to store payment method details with my own token vault, | ||
| outsourced by Basis Theory. Please find their PCI Attestation of Compliance attached. | ||
| The target endpoint is https://api.basistheory.com/tokens | ||
| ``` | ||
|
|
||
| Make sure to attach [Basis Theory PCI DSS Attestation of Compliance](https://trust.basistheory.com/?itemUid=53e1508c-665e-45a8-9ce0-03fdf9ae1efb&source=click) to your request. | ||
|
|
||
| If you need help with this step, or anytime along the way, don't hesitate to [reach out to us](https://basistheory.com/contact?how_can_we_help_=I+need+help+vaulting+my+Stripe+tokens). | ||
|
|
||
| ### Creating a Public Application | ||
|
|
||
| Next you will need a [Public Application](/docs/api/applications) using our PCI-compliant template `Collect PCI Data`. [Click here to create one.](https://portal.basistheory.com/applications/create?application_template_id=db9148c1-a55f-4164-b830-a20ab6d720ae) | ||
|
|
||
| This will create an application with the following [Access Controls](/docs/concepts/access-controls): | ||
| * Permissions: `token:create`, `token:update` | ||
| * Containers: `/pci/` | ||
| * Transform: `mask` | ||
|
|
||
| <Alert>Save the API Key from the created Public Application as it will be used later in this guide.</Alert> | ||
|
|
||
| ## Vaulting Cards | ||
|
|
||
| Once you are granted access to the Stripe's Forwarding API and created the Basis Theory Public API Key, choose your favorite HTTP Client for your server-side language and call the forwarding endpoint: | ||
|
|
||
| ```shell showLineNumbers title="Vault a Card" | ||
| curl --location 'https://api.stripe.com/v1/forwarding/requests' \ | ||
| --header 'Content-Type: application/x-www-form-urlencoded' \ | ||
| // highlight-next-line | ||
| --header 'Authorization: Bearer <STRIPE_API_KEY>' \ | ||
| // highlight-next-line | ||
| --data-urlencode 'payment_method=<STRIPE_PAYMENT_METHOD_ID>' \ | ||
| --data-urlencode 'url=https://api.basistheory.com/tokens' \ | ||
| --data-urlencode 'request[headers][0][name]=BT-API-KEY' \ | ||
| // highlight-next-line | ||
| --data-urlencode 'request[headers][0][value]=<BT_API_KEY>' \ | ||
| // highlight-next-line | ||
| --data-urlencode 'request[body]={"type": "card", "data": { "id": "<STRIPE_PAYMENT_METHOD_ID>", "number": "", "expiration_month": "", "expiration_year": "", "cvc": "" }, "metadata": { "cardholder_name": "" } }' \ | ||
| --data-urlencode 'replacements[0]=card_number' \ | ||
| --data-urlencode 'replacements[1]=card_expiry' \ | ||
| --data-urlencode 'replacements[2]=card_cvc'\ | ||
| --data-urlencode 'replacements[3]=cardholder_name' | ||
| ``` | ||
|
|
||
| <Alert>Make sure to replace the Stripe API Key, Payment Method Identified (twice) and Basis Theory API Key.</Alert> | ||
|
|
||
| You should [receive a response](https://docs.stripe.com/api/forwarding/forwarding_requests/create) containing a new Basis Theory token aliased to the Stripe token. This means the credit card data is backed up in Basis Theory Vault using the same Payment Method identifier by Stripe. | ||
|
|
||
| ## Keeping Cards In Sync <Enterprise /> | ||
|
|
||
| Saved Stripe payment methods can receive updates from Networks when consumers receive new cards (e.g. replacing stolen, lost or expired cards). When an update to a payment method happens, Stripe fires [webhooks](https://docs.stripe.com/payments/cards/overview#automatic-card-updates) which can be leveraged to also update your Basis Theory Vault. | ||
|
|
||
| 1. Setup Stripe webhooks for `payment_method.updated` and `payment_method.automatically_updated` events, following their [documentation](https://docs.stripe.com/webhooks). | ||
| 2. When any of those are fired and hits your endpoints, initiate a forward request (see request example above) to Stripe in order to update the existing Basis Theory token. | ||
|
|
||
| If you are interested in using Stripe's Account Updater in combination with Basis Theory Vault, [let's talk](https://basistheory.com/contact?how_can_we_help_=I+want+to+learn+more+about+using+Stripe+Card+Account+Updater+with+Basis+Theory+vault). | ||
|
|
||
| Alternatively, you can leverage [Basis Theory Account Updater](/docs/features/account-updater) to have a single source of truth for the latest and greatest card information, while keeping multiple Payment Processors tokens up-to-date, including Stripe. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used a template to make easy to copy paste for folks that don't like clicking links. I could replace this with a picture if it is considered better.