Charging Credit Cards from your RdbHost app

Credit card payments are important to a wide range of web applications. Examples of how web applications rely on credit cards include:

  •   subscriptions for web services
  •   physical products from shopping carts
  •   donations provides credit card processing services to web applications.

We provide an interface, in RdbHost, for providing credit card info to the Stripe API, and storing the result of the charge. The app can then follow up with fulfillment.

You keep your Stripe API Key secure in a table in your RdbHost account db, and a query pulls it, with the charge data, proxies that data to Stripe, and provides the result to a callback function. Your API key is never exposed to a user, because there is no white-listed query that reveals it.

Here’s an example. This code would run from the user’s browser:

pr =  Rdbhost.Credit.preauth().query(
   “-- pull order data for request
    SELECT (SELECT key FROM apikeys WHERE svc = ‘stripe’) AS apikey,
      (o.amount*100)::INT AS amount, -- pennies
      o.order_number AS idx,
      FROM orders o WHERE order_number = %s;”
.charge(ccnum, expmon, expyr, cvc);

The data returned to the client includes a simple list [idx, ‘SUCCESS’] or [idx, ‘FAIL’]. The server does a query that inserts more detailed result codes into a 'charges' table in account, and that table can be used for followup queries.

The charge could be followed by a fulfillment query along the lines of:

pr = Rdbhost.preauth().query(
    ‘-- pull orders with paid entry but no delivered entry
     WITH paid AS ( 
        SELECT * FROM charges c WHERE c.paid AND NOT c.refunded
     SELECT o.order_num, o.items,, r.address, p.amount
        FROM orders o 
              JOIN paid p ON o.order_num = p.ord_num
              JOIN customers r ON o.customer_id =
              LEFT JOIN delivered d ON o.order_num = d.ord_num
         WHERE d.ord_num IS NULL;’

There is also a refund method, that will reverse a prior charge through

Loading the rdb2-charge.js module for charging after the rdb2.js module adds an extended connection factory, as Rdbhost.Credit. The standard preauth, auth, super and reader factory methods are here, and they produce extended connections with all the basic methods of RdbHost connections, as well as the two special methods charge and refund.

There is an interactive demonstration, with readable source, here.


comments powered by Disqus