问题描述
我正在构建一个网络应用程序,允许我们的用户销售音乐节目的门票.为了处理购票者和演出发起人之间的付款,我使用了 Stripe.基本上,节目发起人在我的应用程序上创建了他的节目页面,用户可以购买该节目的门票.
I'm builiding a web application that allows our users to sell tickets for music shows. In order to handle the payments between ticket buyers and show instigators, I use Stripe.Basically, the show instigator creates his show's page on my application, and the users can buy tickets for this show.
为了创建节目,发起人需要填写一份表格(节目名称、节目日期、演出地点、将演奏哪些乐队等).该表格还要求节目发起人提供他的可发布和 Secret Stripe 密钥.我的应用使用这两个令牌来检索信用卡信息(在客户端)和处理付款(在服务器端).
In order to create a show, the instigator fills in a form (Show's name, show's date, where the show will take place, what bands will be playing, etc.) This form also requires the show instigator to provide both his Publishable and Secret Stripe keys. My app uses both these tokens to retrieve credit cart information (on the client side) and process payments (on the server side).
问题是,我想确保表演发起者提供有效和现有的条纹密钥.我不希望我的用户偶然发现付款错误,因为节目发起人没有提供有效的 Stripe 密钥.
The problem is, I want to make sure that show instigators provide valid and existing Stripe keys. I wouldn't want my users to stumble across payments errors because show instigators did not provide valid Stripe keys.
所以,我的问题是:如何验证 Publishable 和 Secret 密钥是否有效且存在?实现这一目标的最佳策略是什么?谢谢!
推荐答案
我不知道有任何记录的 api 调用可以专门用于验证密钥.以下是您可以尝试的建议:
I am not aware of any documented api call that can be made specifically to validate keys. Here is a suggestion you might try:
要求您的合作伙伴提供有效的信用卡并通知他们,为了验证他们的 Stripe 密钥,您将向他们的卡收取 0.50 美元的费用,该费用将立即退还.
Require your partners to provide a valid credit card and inform them that in order to validate their Stripe keys, you will be making a $0.50 charge to their card that will be immediately refunded.
作为表单验证的一部分,当给出两个键时,提交隐藏表单包含创建卡令牌所需的所有数据.您应该能够检查您的 create card token response handler 中的响应并确定可发布的密钥有效.
As part of your form validation, when both keys are given, submit a hidden form that contains all the data necessary to create a card token. You should be able to examine the response in your create card token response handler and determine if the publishable key is valid.
如果您从包含卡片令牌的条带服务器收到成功响应,请右转并提交0.50 美元的测试费用(最低收费金额).
If you get a successful response back from the stripe server containing a card token, turn right around and submit a test charge for $0.50 (the minimum charge amount).
确保您正确捕获所有条带异常.我相信使用无效的密钥,您应该捕获 Stripe_InvalidRequestError.如果抛出异常,您可以向用户报告.
Make sure you're properly catching all the stripe exceptions. I believe with an invalid secret key, you should catch a Stripe_InvalidRequestError. If an exception is thrown you can report to the user.
如果没有抛出任何错误,将进行收费.由于您不想向合作伙伴收费,因此您需要从条带响应中获取费用 ID 并立即 退还费用.
If no errors are thrown, the charge will be made. Since you don't want to charge your partners, you'll want to capture the charge id from the stripe response and immediately refund the charge.
这篇关于Stripe:验证可发布和秘密 API 密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!