stripe-perl
stripe-perl copied to clipboard
lukec
Support for Ephemeral Keys
Not well documented in Stripe API docs, these are used if you're using Stripe as a processor for Apple Pay. Only one method, a post of a customer_id, which returns the key. I am not 100% confident in the form_fields method, I was not quite sure how to implement it, but it seems to work as expected.
Thanks @amacks - could you please do us a favour and:
- add a unit test
- add some documentation
- add links to reading materials for dummies like me who know nothing about Apple Pay and ephemeral keys
- (maybe do this first) ask Stripe support whether this feature will be supported or it's a lucky bug?
We've gone through a few bumpy rides lately where Stripe make changes without telling anyone and - when questioned - they say it wasn't contrary to the existing documentation so there's no need to tell anyone.
I believe it's a long-term feature, it's part of the workflow for apple-pay and Android's payment system which is roughly:
- App queries api for Ephemeral Key
- Api queries Stripe with customer data, returns ephemeral key to app
- App passes ephemeral key to apple-pay/Android API, which does "some magic"
Though it's not documented, it is part of the Ruby and PHP libraries:
- https://github.com/stripe/stripe-ruby/blob/master/lib/stripe/ephemeral_key.rb
- https://github.com/stripe/stripe-php/blob/master/lib/EphemeralKey.php and their sample implementations for Apple Pay and Android
- https://stripe.com/docs/mobile/android/customer-information
I can work on 1,2,3 this week.
Hello everyone, I have few comments:
1- the hard coded version '2018-02-28' you pass at line 1442 (adding ephemeral key support with a new class and one post_ephemeral_key) should be passed as argument to the post_ephemeral_key() method. Indeed, this seems to be a hint coming from the Android or iOS Stripe 'framework', so that Stripe knows how to manage the version of library that required the ephemeral key on mobile side.
The method should be:
method post_ephemeral_key(Net::Stripe::Customer|Str :$customer, Str :$stripe_version)
2- before having found your work (@amacks) I made a support request to Stripe so they could help me defining the correct request to get an ephemeral key from their API as it was not documented in Stripe API reference. I can reproduce the reply Stripe made (thank you Kyle (from Stripe support) for your authorization to reproduce):
A cURL example of creating an ephemeral key with the API would look like the following:
curl https://api.stripe.com/v1/ephemeral_keys -u sk_test_xxxx: -d 'customer=cus_xxx' -H 'Stripe-Version: 2018-11-08'The endpoint takes one parameter, a customer ID, which is the customer that you would like to modify using the ephemeral key — the key is a special limited scope key that can only be used to perform certain actions(managing payment sources) on a specific customer object, which allows the key to be safely shared to a public environment such as a mobile app.
The request must also use a specific Stripe API version, via the Stripe-Version header [0]. The Stripe iOS and Android SDKs, which will use the ephemeral key to call the API and manage the customer object, will request a specific API version to ensure they can parse the response. Therefore your backend endpoint will need to accept an api_version parameter and pass this as the header value, as described in the docs. [1]
As for why this endpoint is not explicitly documented in the API reference, I don't believe there is a specific reason for this. The endpoint is only used in developing mobile apps, and is documented under the relevant mobile docs, using our official libraries which we would always recommend using. However, this is not necessarily a good reason not to include this in the main reference, so I will raise this as feedback with the relevant team here at Stripe.
Hope this will help to move this PR into mainline.
