Stripe, PayPal, integration with django-rest-framework

Question

I want to integrate Stripe, PayPal or Braintree into django project, and I want to use 'django-rest-framework`, now I'm confused about one thing and that is - Should I "touch" my database?

What I mean, I want only to charge once to my customers, it's a fee and nothing more, so should I touch 'db' or not? I'm afraid it will distort PCI Compile way of handling things. I don't know where to start beside documentation for those mentioned payments systems.

Can someone help me understand what are best practices for one time payment.

Answer 1

(Disclaimer: I'm a Stripe employee, so I'll only talk about Stripe here.)

Stripe makes it easy to be PCI compliant. With a proper integration, you will never have access to your customers' payment information.

A typical payment flow with Stripe can be divided in two steps:

1. Collect the customer's payment information, using the prebuilt Checkout form, or a form of your own using Stripe.js.

   In both cases, the card information is sent directly from the customer's browser to Stripe's servers, which return a card token. You then send this token to your backend.

2. On your backend, you use the token to create a charge.

The token represents a card, but hides the PCI sensitive information (i.e. the whole card number and the CVC) from you.

You can find a simple tutorial for creating charges here.

If you don't plan on charging the same customer multiple times (or if you don't mind asking them to provide their card information every time), then you don't necessarily need to store anything in your own database. When you create the charge, you will be immediately informed of the result (success or failure) and can take the necessary actions.