Home » Php » javascript – Stripe checkout. Checking client amount

javascript – Stripe checkout. Checking client amount

Posted by: admin July 12, 2020 Leave a comment

Questions:

Is it possible to check whether or not the amount that the client sees and the amount that the server sees is the same?

Here I set the amount on the client side:

<script src="https://checkout.stripe.com/checkout.js"></script>

<button id="customButton">Purchase</button>

<script>
  var handler = StripeCheckout.configure({
    key: 'pk_test_1002UFB11gJ1sXBHcdDM8HPi',
    image: '/square-image.png',
    token: function(token) {
      // Use the token to create the charge with a server-side script.
      // You can access the token ID with `token.id`
    }
  });

  document.getElementById('customButton').addEventListener('click', function(e) {
    // Open Checkout with further options
    handler.open({
      name: 'Demo Site',
      description: '2 widgets ($20.00)',
      amount: 2000
    });
    e.preventDefault();
  });

  // Close Checkout on page navigation
  window.addEventListener('popstate', function() {
    handler.close();
  });
</script>

I am sending the token from client-side stripe callback to server:

<?php
require_once(dirname(__FILE__) . '/config.php');

$token  = $_POST['stripeToken'];

$charge = Stripe_Charge::create(array(
  'customer' => $customer->id,

  'amount'   => 1000000000000,
  'currency' => 'usd'
  'email' => '[email protected]',
  'card'  => $token
));

echo '<h1>Successfully charged $2!</h1>';
?>

The client side number is clearly lower than the amount on the server side, and stripe charges the server side number.

How to&Answers:

The way that we do this is by having the server check it.

The flow we have is:

  1. The client makes an API call to the backend to fetch the price it should charge for a product.
  2. The client calls the stripe api to get the token and displays the amount from step 1 to the client
  3. Once the client has a token, call the backend API to make a charge passing both the token and amount (we call this a reconciliation amount).
  4. On the backend, before calling the stripe create charge api, we first reconcile the amount by comparing the amount given from the client in step 3 to the amount the product should be (from step 1). If these don’t match we do not proceed and return an error to the client.