Credit card payments are important to a wide range of web applications. Examples of how web applications rely on credit cards include:
- subscriptions for web services
- physical products from shopping carts
Stripe.com provides credit card processing services to web applications.
We provide an interface, in RdbHost, for providing credit card info to the Stripe API, and storing the result of the charge. The app can then follow up with fulfillment.
You keep your Stripe API Key secure in a table in your RdbHost account db, and a query pulls it, with the charge data, proxies that data to Stripe, and provides the result to a callback function. Your API key is never exposed to a user, because there is no white-listed query that reveals it.
Here’s an example. This code would run from the user’s browser:
pr = Rdbhost.Credit.preauth().query( “-- pull order data for Stripe.com request SELECT (SELECT key FROM apikeys WHERE svc = ‘stripe’) AS apikey, (o.amount*100)::INT AS amount, -- pennies o.order_number AS idx, FROM orders o WHERE order_number = %s;” ) .params([order_number]) .charge(ccnum, expmon, expyr, cvc);
The data returned to the client includes a simple list [idx, ‘SUCCESS’] or [idx, ‘FAIL’]. The server does a query that inserts more detailed result codes into a 'charges' table in account, and that table can be used for followup queries.
The charge could be followed by a fulfillment query along the lines of:
pr = Rdbhost.preauth().query( ‘-- pull orders with paid entry but no delivered entry WITH paid AS ( SELECT * FROM charges c WHERE c.paid AND NOT c.refunded ) SELECT o.order_num, o.items, r.name, r.address, p.amount FROM orders o JOIN paid p ON o.order_num = p.ord_num JOIN customers r ON o.customer_id = r.id LEFT JOIN delivered d ON o.order_num = d.ord_num WHERE d.ord_num IS NULL;’ ) .get_data();
There is also a
refund method, that will reverse a prior charge through Stripe.com.
Loading the rdb2-charge.js module for charging after the rdb2.js module adds an extended connection factory, as Rdbhost.Credit. The standard preauth, auth, super and reader factory methods are here, and they produce extended connections with all the basic methods of RdbHost connections, as well as the two special methods
There is an interactive demonstration, with readable source, here.