Stripe checkout. Checking client amount

Question

Is it possible to check whether or not the amount that the client sees and the amount that the server sees is the same?

Here I set the amount on the client side:

<script src="https://checkout.stripe.com/checkout.js"></script>

<button id="customButton">Purchase</button>

<script>
  var handler = StripeCheckout.configure({
    key: 'pk_test_1002UFB11gJ1sXBHcdDM8HPi',
    image: '/square-image.png',
    token: function(token) {
      // Use the token to create the charge with a server-side script.
      // You can access the token ID with `token.id`
    }
  });

  document.getElementById('customButton').addEventListener('click', function(e) {
    // Open Checkout with further options
    handler.open({
      name: 'Demo Site',
      description: '2 widgets ($20.00)',
      amount: 2000
    });
    e.preventDefault();
  });

  // Close Checkout on page navigation
  window.addEventListener('popstate', function() {
    handler.close();
  });
</script>

I am sending the token from client-side stripe callback to server:

<?php
require_once(dirname(__FILE__) . '/config.php');

$token  = $_POST['stripeToken'];

$charge = Stripe_Charge::create(array(
  'customer' => $customer->id,

  'amount'   => 1000000000000,
  'currency' => 'usd'
  'email' => '[email protected]',
  'card'  => $token
));

echo '<h1>Successfully charged $2!</h1>';
?>

The client side number is clearly lower than the amount on the server side, and stripe charges the server side number.

Answer 1

The way that we do this is by having the server check it.

The flow we have is:

1. The client makes an API call to the backend to fetch the price it should charge for a product.
2. The client calls the stripe api to get the token and displays the amount from step 1 to the client
3. Once the client has a token, call the backend API to make a charge passing both the token and amount (we call this a reconciliation amount).
4. On the backend, before calling the stripe create charge api, we first reconcile the amount by comparing the amount given from the client in step 3 to the amount the product should be (from step 1). If these don't match we do not proceed and return an error to the client.