Menu
I'm builiding a web application that allows our users to sell tickets for music shows. In order to handle the payments between ticket buyers and show instigators, I use Stripe. Basically, the show instigator creates his show's page on my application, and the users can buy tickets for this show.
In order to create a show, the instigator fills in a form (Show's name, show's date, where the show will take place, what bands will be playing, etc.) This form also requires the show instigator to provide both his Publishable and Secret Stripe keys. My app uses both these tokens to retrieve credit cart information (on the client side) and process payments (on the server side).
The problem is, I want to make sure that show instigators provide valid and existing Stripe keys. I wouldn't want my users to stumble across payments errors because show instigators did not provide valid Stripe keys.
So, my question is: How can I verify that Publishable and Secret keys are valid and existing? What's the best strategy to achieve this? Thanks!
519
Validating the secret key is easy, simply calling the Stripe API with any command on the server side.
But for the public key... I found a way with Stripe.js :
let stripe = Stripe( <public key to test> );
setTimeout( ()=>{
stripe.createToken('pii', {personal_id_number: 'test'})
.then( result =>{
if( result.token )
// public key is valid :o)
else
// nope !
})
}, 300 )
Note the timeout before calling stripe.createToken(). If you don't do it, the promise returned by createToken() will never come back.
UPDATE: Just received a confirmation from Stripe; this it is a valid and acceptable method.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
