Blog

Follow Stripe on Twitter

iOS and Android updates

Jack Flintermann on May 27, 2016

Over the past few months, we’ve made a few changes for iOS and Android that might be useful for your apps:

NewApple Pay in Canada, Australia, and Singapore

In addition to customers in the U.S. and the U.K., you can now accept payments in your app via Apple Pay from customers in Canada, Australia, and Singapore.

NewAndroid Pay in the UK

As announced at Google I/O last week, you can now accept payments using Android Pay from customers in both the U.S. and the U.K. (We’ve put together a guide to get started.) You can also sign up to get notified when it’s available in Australia and Singapore.

NewSupport for Discover cards

We’ve added support for Discover cards to both Apple Pay and Android Pay. If you’re currently accepting Apple Pay payments, just update to the latest version of our SDK. No changes are required to your Android app.

NewMobile viewport control

We recently released an open-source JavaScript library that helps create full-screen modal views in mobile browsers. This can be especially useful in displaying a distraction-free payment screen, but we hope it comes in handy for other uses as well.


While we’re talking about mobile things, we’ve been adding all sorts of polish and tweaks over the past couple of months to our iPhone Dashboard. For example, if you’ve any transfer issues, we now show a tappable link to call your bank. And based on your feedback, we’ve also added a weekly view to your account charts.


Feedback is always always welcome—we’d love to hear any thoughts on the above, or about anything else you think we should add that’d make building mobile apps with Stripe better.

May 27, 2016

BYOT

Avi Bryant on April 25, 2016

Do you know anyone who makes you incredibly better at what you do? People who motivate and inspire you, complement your strengths and shore up your weaknesses, help you achieve things you could never do on your own? Maybe it’s your old co-founders, your college roommates, your collaborators on an open source project, or even your siblings; whoever it is, you’re stronger as a team than you are apart. Working together, each of you has a valuable advantage—you could call it a network effect—over anyone who works alone.

Startup investors know this; that’s why firms like Y Combinator discourage solo applicants and focus so much on the makeup of a founding team.

Stripe knows it too. Which is why we’d love you—that is, we’d love you and your collaborators—to apply together to work at Stripe. We call it Bring Your Own Team.

Any group of 2 to 5 people can apply as a team to Stripe, through our application form. Make sure to include resumes or CVs for each person, indicate which role each person is applying for, and a brief description of how you all know each other or have worked together in the past. Links to (or attached samples of) things you’ve built together are especially helpful. We’re expecting teams to be primarily software engineers, but we’d love to see well-established collaborations between engineers and designers, managers, or product managers.

Once you’ve applied, we’ll take you all through the hiring process together: we’ll make sure you hit the same stages of interviews at the same time, bring you all to the office on the same day, and try to design at least one interview problem that you can work on as a team. If we make an offer, we’ll make it to all of you, at the same time; you’d all be free to accept or decline individually, but of course we’d hope you’d all accept — and if you do, we’d work with all of you to find a place at Stripe where you can all start off working together.

This is an experiment and we’ll tweak it as we go. We’re excited to try it out, though—the industry has always focused on hiring atoms; we’d like to try hiring molecules. And we hope you’re excited to apply. We eagerly await your application.

April 25, 2016

Upgrading to SHA-2 and TLS 1.2

Karla Burnett on April 14, 2016

To keep your integration with Stripe secure, we plan to progressively phase out support for old technologies: SHA-1, TLS 1.0, and TLS 1.1. (These protocols currently power the ‘Secure’ in ‘HTTPS’.)

We’re sticklers for API backwards-compatibility and make potentially breaking changes only when absolutely necessary. Our users’ security is paramount, so deprecating these outdated technologies is one of those rare cases. We hope their flawed designs become footnotes in cryptographic history as quickly as possible.

Why SHA-1, TLS 1.0 and 1.1 are insecure

SHA-1 is one of the algorithms you can use to authenticate who you’re talking to. It’s now considered dangerously weak, and might allow an adversary to spoof their identity. This is why all modern browsers have stopped accepting SHA-1 certificates.

TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection. TLS 1.0 provides two ways of doing this (CBC and RC4), but several vulnerabilities have been discovered in both of them (including BEAST and the RC4 biases). If you kept using old versions of TLS, someone could theoretically sniff your connection.

As a result, Stripe and the rest of the internet are moving towards SHA-2 and TLS 1.2. These technologies have few known attacks and were subject to more rigorous security design than their predecessors.

What this means for you

The upgrade process will be seamless for most users. At the application layer, SHA-2 and TLS 1.2 behave identically to their older versions. You won’t need to change your code, but might need to upgrade your operating system or packages. To avoid any disruption, we’ll notify you directly if we expect your integration to be affected.

  • Starting July 1, 2016, for new Stripe users, we will only accept API requests made with TLS 1.2.
  • On January 1, 2017, we will drop support for SHA-1 in favor of SHA-2. We will also drop support for TLS 1.0 entirely.
  • On May 1, 2017, we will drop support for TLS 1.1 entirely.

If you’ve upgraded your Stripe library and operating system in the past year, you probably won’t need to do anything. You can proactively check whether your Stripe integration is ready, and how to upgrade, by following the steps on our TLS deprecation page.

As always, if you have any questions, please don’t hesitate to get in touch.

April 14, 2016

Atlas + Cuba

Patrick Collison on March 18, 2016

Since the 1960s, the U.S. has maintained a trade embargo with Cuba. Today, more than half a century later, many of these restrictions are gradually being lifted. At Stripe, we stand for increasing global commerce and enthusiastically support this action.

The embargo has many components, among the most significant being the Office of Foreign Asset Control’s restrictions on access to financial services by Cuban nationals. On Tuesday, these were some of the first restrictions to be relaxed by the White House. This removes one of the biggest impediments to Cubans participating in the global financial system.

It also removes one of the biggest barriers to entrepreneurship in Cuba. The restrictions on access to financial services have made it extremely tough for Cuban developers and founders to start new businesses or to work with U.S. investors or partners. Despite this, more than 70% of Cubans say that they’d like to start a business. In his upcoming historic trip—the first by a sitting U.S. president in 88 years—President Obama will meet Cuban entrepreneurs to learn "how we can help them start new ventures."

When the White House reached out to us about the role Stripe might play in this process, we jumped at the idea. As of today, Stripe Atlas will be available to entrepreneurs in one of the only countries it didn’t previously serve: Cuba.

Stripe Atlas is a new product for us—we announced it less than a month ago. It’s based on our belief that there exist individuals with the ability to be successful entrepreneurs everywhere and that the important tools for internet entrepreneurship should be available to everyone. With Atlas, we aim to offer best-in-class tools to founders no matter where they’re based—from Cambodia to (now) Cuba.

Thanks to Tuesday’s changes, we’ll be working as quickly as possible with our partners, including Silicon Valley Bank, to enable Cuban entrepreneurs to easily incorporate U.S. companies, set up U.S. bank accounts, and use Stripe to start accepting payments from customers around the world. There are more details in our guide about how it works.

Cuban entrepreneurs can apply for access immediately and we plan to send the first invitations soon. We’re also extending the Stripe Atlas network to Cuba and we’re delighted to start out by partnering with Merchise Startup Circle in Havana.

Since we announced Atlas, businesses from more than 185 countries have already applied for access. We’re excited to make that 186.

Get access to global startup tools with Stripe Atlas Request access

March 18, 2016

Open-Source Retreat meetup

Krithika Muthukumar on March 17, 2016

This January, we invited three developers to come work on open-source projects full-time at Stripe. We specifically chose projects for this Open-Source Retreat that we felt would have deep impact in a variety of different areas. Over the past few months, our grantees have made significant progress on their projects:

  • Pascal Brandt has been focused on OpenMRS, a platform that’s widely used to support the delivery of health care in Africa and developing countries. He’s introduced Docker containers for the core platform and reference applications. He’s also written specific containers for a few implementation sites in Mozambique. In preparation for creating a JavaScript API for OpenMRS, he’s rewritten how the API is generated using the OpenAPI standard and has built a Yeoman generator that scaffolds out frontend apps (and includes all the build and deploy tooling required).
  • Christopher Allan Webber has been working exclusively on readying the next release of MediaGoblin, a free software media platform that anyone can run. Focused on launching federation tooling for the platform, Chris has been working to push forward federation standards with the W3C, overhauling MediaGoblin’s database migration structure, improving the project’s packaging and deployability, and more.
  • Nik Graf has spent most of the past few months working on Belle, a component library for React that’s focused on great user experience, accessibility, and compatibility across devices and browsers. He’s spent time exploring several architecture options for the next iteration of Belle. Nik is also launching a new plugin architecture atop DraftJS that’ll let developers improve their app’s commenting and chat sections across mobile and desktop—even in screenreaders!

We’re hosting a meetup in a few weeks at Stripe’s SF office where Nik, Christopher, and Pascal will present what they’ve worked on and answer any questions.

When:
Tuesday, March 29th, 2016, at 6:30 PM
Where:
Stripe HQ

Whether you’re an active open-source contributor or completely new to open source, we’d love to have you join us—please RSVP on the event page if you can attend!

If you have any questions about the meetup, the Open-Source Retreat, or the specific projects from this year, please get in touch.

March 17, 2016

Accept ACH payments

Ray Morgan on January 12, 2016

Even though there are many benefits, accepting ACH payments—that is, payments where you charge a bank account directly—has traditionally been pretty difficult. Doing so has generally involved baroque, legacy APIs. There’s additional complexity compared to credit cards because the transaction amounts are typically larger and authorization is subtler. Still, being able to handle ACH payments with Stripe has come up a lot as a feature request over the years. And so, today, we’re delighted to launch support for ACH payments for all U.S. Stripe users.

Our ACH support is tightly integrated with the rest of Stripe. You can, of course, directly create one-off transactions and manage them within the Dashboard. You can also charge for subscriptions (as Slack or Digital Ocean do), while companies using Connect (like Fancy or Tilt) can accept ACH payments on behalf of their customers. No matter what sort of payments you’re dealing with, the reporting pipeline is fully unified with credit card transactions.

Simplifying setup and verification

Our ACH support comes with two key additional features: built-in support for micro-deposits and optional instant verification with Plaid.

With micro-deposits, we send two unique amounts to a customer’s bank account so that your customer can verify their account by entering the amounts they see on their statement.

Alternatively, we’ve worked with Plaid on an integration that provides instant bank account verification. If you choose to use it, your customers can authenticate directly with their bank in real-time—no digging around for routing numbers. (This process also prevents most of the common errors of mistyping bank account numbers or incorrect routing numbers.)

From a technical perspective, ACH is another type of source for a customer. It’s easy to create an ACH charge once your customer authenticates:

curl https://api.stripe.com/v1/charges \
  -u sk_test_BQokikJOvBiI2HlWgH4olfQ2: \
  -d amount=250000 \
  -d currency=usd \
  -d description="Corp Site License 2016" \
  -d customer=cus_7hyNnNEjxYuJOE \
  -d source=ba_17SYQs2eZvKYlo2CcV8BfFGz

ACH payments on Stripe cost 0.80%, capped at $5, with no monthly fees or verification fees. So, a $100 payment incurs a $0.80 fee; any payments above $625 cost $5. This can be especially useful if you routinely charge customers large amounts on a recurring basis. (If you’re operating at scale already and would like to discuss pricing, we’d love to chat.)

We’re excited to make more of the financial system’s functionality accessible to developers and look forward to seeing what people build. If you’re ready to get started, we’ve created a guide for ACH payments. As always, please let us know if you have any questions or feedback!

January 12, 2016

Pricing update for Europe

Joe Cruttwell on December 9, 2015

Good news! We’re available in 14 countries across the European Union and, today, we’re lowering our prices in all of them.

Stripe is working to grow the size of the internet economy and new regulations from the EU have enabled us to simplify and unify pricing across the European Union markets we support.

Our new price is 1.4% + €0.25 for European cards and 2.9% + €0.25 for non-European cards. (Instead of €0.25, the fixed fee in the UK will be 20p and in Denmark and Sweden will be 1.8kr.) As before, we expose our fees on a per-charge basis in real time.

The pricing will go into effect immediately and you don’t need to take any action to get the lower price.

If you’ve any questions or feedback (about this change or Stripe in general), please email me.

December 9, 2015

Open-Source Retreat 2016 grantees

Michelle Bu on December 8, 2015

Like many developers, we often contribute to open-source software in bits and pieces over long periods of time. So we started the Open-Source Retreat to help open-source developers make concentrated progress on features and releases with the potential for significant impact.

For 2016’s Retreat, we’re inviting three developers to work on their projects from Stripe’s office in SF:

  • Nik Graf will be working on Belle, a configurable component library for React that is focused on great user experience, accessibility, and compatibility across devices and browsers. Developers still tend to build the same set of components from scratch for web frameworks like React, Ember, and Angular—and often without considering compatibility or UX issues. We’re excited to see Nik expand the number of components for Belle and improve their usability and accessibility during the Retreat.
  • Christopher Allan Webber wants to launch federation tooling for MediaGoblin, a free software media platform that anyone can run. Think of it as a decentralized alternative to major media publishing services such as Flickr, YouTube, SoundCloud, DeviantArt, etc. We’re huge fans of the federated web and would like to see more software in that space. We see MediaGoblin as more than just a way to share media, but a reference application for building on new, emerging standards, such as the ActivityPump API.
  • Pascal Brandt’s focus will be on OpenMRS, a platform that’s widely used to support the delivery of health care in Africa and developing countries. The introduction of a REST API in their latest version has contributed to an explosion in new front-ends being built atop their medical recording system framework. Pascal hopes to create a single, authoritative JavaScript client for OpenMRS.

  • Though there were many more applicants than we could host, we’d like to thank everyone who applied. We’d also especially like to recognize our finalists:

    • Doron Samech: A proposal to bring NetMQ to feature parity with ZeroMQ.
    • Alan Guo Xiang Tan: Improvements to backfilling and automated regression identification for RubyBench, which provides benchmarking for Ruby and Rails.
    • Anne Ogborn: Writing the authoritative book for programming in SWI-Prolog.
    • Nyah Check: A module for OpenMRS that would help migrate existing databases to OpenMRS.
    • Naomi Most: Metapub, a Python library that unites the National Library of Medicine databases with CrossRef metadata search to improve search, text-mining, and cross-referencing for academic articles.
    • We encourage you to explore (and contribute to!) these projects.


      Our three grantees will be working on their proposed projects starting in January and they’ll share their work towards the end of the Retreat. In the meantime, if you have any questions or suggestions, please let me know!

December 8, 2015

Stripe on Fabric

Jack Flintermann on October 21, 2015

If you’re using Fabric, you can now add payments to your mobile app using the Stripe kit for iOS or Android. Fabric enables mobile developers to add additional services (like analytics, ads, and now payments) to their Android and iOS apps through a single integration instead of having to set each of them up manually.

We built this integration for Fabric so that it’s even easier to get started and accept your first payment on Stripe. You can see it in action in this demo app. (You can of course still use our mobile SDKs to integrate Stripe directly, too.)

If you already use Fabric, just enable the Stripe kit in your settings. If you’d like to try Fabric out, head over to their docs.

Feel free to email me if you have any questions or feedback!

October 21, 2015