Migrating to Payment Intents with Manual Confirmation
Learn how to migrate an existing cards and Charges API integration to the Payment Intents API using manual confirmation.
Strategy for migration
Migrating your payment flow can be daunting. It is safe to incrementally adopt the Payment Intents API and use it in parallel with the Charges API. To this end, you can split up the migration into the following steps:
- Update your API version and your client library.
- If applicable, migrate code that reads from Charge properties so that you have a consistent read path between charges created by the Charges API and charges created by the Payment Intents API. This ensures a read-side integration that works for both your old and new payments integrations.
- Migrate your existing Charges API integration on Web, iOS, and Android to use the Payment Intents API.
- Migrate your integration that saves cards on Customer objects.
- Test with regulatory test cards to ensure your upgraded integration handles authentication correctly.
Update your API version and your client library
While the Payment Intents API works on all API versions, we recommend that you upgrade to the latest API version. If you decide to use an API version older than 2019-02-11, note the following two changes as you go through the code examples:
requires_sourcehas been renamed torequires_payment_methodrequires_source_actionhas been renamed torequires_action
In addition, if you use one of our Client libraries, upgrade to the latest version of the library in order to use the Payment Intents API.
Migrate your one-time payment flows
“One-time payments” are payment flows that collect card details to be charged once and immediately (e.g. e-commerce purchases, one-off donations). For payment flows that save card details to be charged later or on a recurring basis, follow the migration guide on saving cards.
Pick the migration path that matches your current Stripe integration:
An integration built with Stripe.js & Elements consists of the following steps:
- Collect payment details on the client side
- Attempt the payment on the server side
- Handle the server response on the client side
Step 1: Collect payment details on the client side
Use the createPaymentMethod function, which collects the payment information and submits it directly to Stripe.
Before
After
stripe.createToken(
// or stripe.createSource
cardElement
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// Send token.id to server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: result.token.id
})
}).then(function(result) {
// Handle server response (see Step 3)
result.json().then(function(json) {
handleServerResponse(json);
})
});
}
});stripe.createPaymentMethod(
'card',
cardElement
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// Send paymentMethod.id to server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_method_id: result.paymentMethod.id
})
}).then(function(result) {
// Handle server response (see Step 3)
result.json().then(function(json) {
handleServerResponse(json);
})
});
}
});Before
After
const {token} =
await stripe.createToken(
cardElement
);
// Send token.id to server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
);
// Handle server response (see Step 3)
handleServerResponse(await response.json());const {paymentMethod} =
await stripe.createPaymentMethod(
'card',
cardElement
);
// Send paymentMethod.id to server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_method_id: paymentMethod.id
})
}
);
// Handle server response (see Step 3)
await handleServerResponse(await response.json());Step 2: Attempt the payment on the server side
In your existing integration, the final step is using tokenized payment information to create a charge on your server. With the Payment Intents API, this is sufficient if additional steps like 3D Secure3D Secure provides an additional layer of authentication for credit card transactions that protects merchants from liability for fraudulent card payments. During a transaction that incorporates the 3D Secure authorization process, the customer is prompted to supply a separate password or code to validate their purchase. authentication are not required. However, if some payments may require additional authentication, then additional code is required. Instead of creating a Charge, we’ll create a PaymentIntent.
Before
After
curl https://api.stripe.com/v1/charges \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd
curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d payment_method="{{PAYMENT_METHOD_ID}}" \
-d amount=1099 \
-d currency=usd \
-d confirmation_method=manual \
-d confirm=true
Before
After
charge = Stripe::Charge.create({
source: data['token_id'],
amount: 1099,
currency: 'usd',
})
intent = Stripe::PaymentIntent.create({
payment_method: data['payment_method_id'],
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
})
return generate_payment_response(intent)Before
After
charge = stripe.Charge.create(
source=data['token_id'],
amount=1099,
currency='usd',
)
intent = stripe.PaymentIntent.create(
payment_method=data['payment_method_id'],
amount=1099,
currency='usd',
confirmation_method='manual',
confirm=True,
)
return generate_payment_response(intent)
Before
After
$charge = \Stripe\Charge::create([
'source' => $json_obj->token_id,
'amount' => 1099,
'currency' => 'usd',
]);
$intent = \Stripe\PaymentIntent::create([
'payment_method' => $json_obj->payment_method_id,
'amount' => 1099,
'currency' => 'usd',
'confirmation_method' => 'manual',
'confirm' => true,
]);
generatePaymentResponse($intent);
Before
After
Map<String, Object> chargeParams = new HashMap<String, Object>();
chargeParams.put("amount", 1099);
chargeParams.put("currency", "usd");
chargeParams.put("source", request.token_id);
Charge.create(chargeParams);
Map<String, Object> createPaymentIntentParams = new HashMap<String, Object>();
createPaymentIntentParams.put("currency", "usd");
createPaymentIntentParams.put("amount", 1099);
createPaymentIntentParams.put("confirm", true);
createPaymentIntentParams.put("confirmation_method", "manual");
createPaymentIntentParams.put("payment_method", request.paymentMethodId);
intent = PaymentIntent.create(createPaymentIntentParams);
Map<String, Object> responseData = generatePaymentResponse(response, intent);
Before
After
(async () => {
const charge = await stripe.charges.create({
amount: 1099,
currency: 'usd',
source: request.body.token_id,
});
})();
(async () => {
const intent = await stripe.paymentIntents.create({
payment_method: request.body.payment_method_id,
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true
});
generate_payment_response(intent));
})();
Before
After
params := &stripe.ChargeParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
}
params.SetSource(*paymentRequest.TokenId)
ch, _ := charge.New(params)
params := &stripe.PaymentIntentParams{
PaymentMethod: stripe.String(*paymentRequest.PaymentMethodId),
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
Confirm: stripe.Bool(true),
ConfirmationMethod: stripe.String(string(stripe.PaymentIntentConfirmationMethodManual)),
}
intent, err = paymentintent.New(params)
Before
After
var options = new ChargeCreateOptions
{
Amount = 999,
Currency = "usd",
Source = request.tokenId,
};
var service = new ChargeService();
Charge charge = service.Create(options);
var service = new PaymentIntentService();
var options = new PaymentIntentCreateOptions
{
PaymentMethodId = request.PaymentMethodId,
Amount = 1099,
Currency = "usd",
ConfirmationMethod = "manual",
Confirm = true,
};
paymentIntent = service.Create(options);
Check the PaymentIntent status with generate_payment_response. If the payment requires additional actions such as 3D Secure authentication, the PaymentIntent’s status will be set to requires_action. If the payment is successful, then the status is set to succeeded and the payment is complete. If the payment failed, the status is set to requires_payment_method.
You can see a full server implementation using generate_payment_response in our manual confirmation quickstart.
# If status == 'requires_action' and
# next_action.type == 'use_stripe_sdk'
# -> Tell the client to handle the action
#
# If status == 'succeeded'
# -> The payment didn't need any additional actions and completed!
# -> Handle post-payment fulfillmentdef generate_payment_response(intent)
if intent.status == 'requires_action' &&
intent.next_action.type == 'use_stripe_sdk'
# Tell the client to handle the action
[
200,
{
requires_action: true,
payment_intent_client_secret: intent.client_secret
}.to_json
]
elsif intent.status == 'succeeded'
# The payment didn't need any additional actions and completed!
# Handle post-payment fulfillment
[200, { success: true }.to_json]
else
# Invalid status
end
end
def generate_payment_response(intent):
if intent.status == 'requires_action' and intent.next_action.type == 'use_stripe_sdk':
# Tell the client to handle the action
return json.dumps({
'requires_action': True,
'payment_intent_client_secret': intent.client_secret,
}), 200
elif intent.status == 'succeeded':
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
return json.dumps({'success': True}), 200
else:
# Invalid status
return json.dumps({'error': 'Invalid PaymentIntent status'}), 500
function generatePaymentResponse($intent) {
if ($intent->status == 'requires_action' &&
$intent->next_action->type == 'use_stripe_sdk') {
# Tell the client to handle the action
echo json_encode([
'requires_action' => true,
'payment_intent_client_secret' => $intent->client_secret
]);
} else if ($intent->status == 'succeeded') {
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
echo json_encode([
'success' => true
]);
} else {
# Invalid status
http_response_code(500);
echo json_encode(['error' => 'Invalid PaymentIntent status']);
}
}
private Map<String, Object> generatePaymentResponse(Response response,
PaymentIntent intent) {
response.type("application/json");
Map<String, Object> responseData = new HashMap<>();
if (intent.getStatus().equals("requires_action")
&& intent.getNextAction().getType().equals("use_stripe_sdk")) {
responseData.put("requires_action", true);
responseData.put("payment_intent_client_secret", intent.getClientSecret());
} else if (intent.getStatus().equals("succeeded")) {
responseData.put("success", true);
} else {
// invalid status
responseData.put("Error", "Invalid status");
response.status(500);
return responseData;
}
response.status(200);
return responseData;
}
const generate_payment_response = (intent) => {
if (
intent.status === 'requires_action' &&
intent.next_action.type === 'use_stripe_sdk'
) {
// Tell the client to handle the action
return {
requires_action: true,
payment_intent_client_secret: intent.client_secret
};
} else if (intent.status === 'succeeded') {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return {
success: true
};
} else {
// Invalid status
return {
error: 'Invalid PaymentIntent status'
}
}
};
func generatePaymentResponse(intent *stripe.PaymentIntent, w http.ResponseWriter) {
if intent.Status == stripe.PaymentIntentStatusRequiresAction &&
intent.NextAction.Type == "use_stripe_sdk" {
// Tell the client to handle the action
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(ConfirmPaymentResponse{
RequiresAction: true,
PaymentIntentClientSecret: &intent.ClientSecret,
})
} else if intent.Status == stripe.PaymentIntentStatusSucceeded {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "Success")
} else {
// Invalid status
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, "Invalid Payment Intent status: %s", intent.Status)
}
}
private IActionResult generatePaymentResponse(PaymentIntent intent)
{
if (intent.Status == "requires_action" &&
intent.NextAction.Type == "use_stripe_sdk")
{
// Tell the client to handle the action
return Json(new
{
requires_action = true,
payment_intent_client_secret = intent.ClientSecret
});
}
else if (intent.Status == "succeeded")
{
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return Json(new { success = true });
}
else
{
// Invalid status
return StatusCode(500, new { error = "Invalid PaymentIntent status" });
}
}
Step 3: Handle the server response on the client side
On the client side, handle the new case when additional action is required with stripe.handleCardAction. After it completes without error, the PaymentIntent now has a status of requires_confirmation. Send the ID of the PaymentIntent to the same server endpoint to confirm the payment again.
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
handleAction(response);
} else {
// Show success message
}
}
function handleAction(response) {
stripe.handleCardAction(
response.payment_intent_client_secret
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// The card action has been handled
// The PaymentIntent can be confirmed again on the server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: result.paymentIntent.id
})
}).then(function(confirmResult) {
return confirmResult.json();
}).then(handleServerResponse);
}
});
}
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
async function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
await handleAction(response);
} else {
// Show success message
}
}
async function handleAction(response) {
const {
error: errorAction,
paymentIntent
} = await stripe.handleCardAction(
response.payment_intent_client_secret
);
if (errorAction) {
// Show error from Stripe.js in payment form
} else {
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: paymentIntent.id
})
}
);
// Step 3: handle server response
handleServerResponse(await response.json());
}
}
Now that you have migrated, use the test cards in the following section to verify your upgraded integration handles 3D Secure authentication.
The Stripe.js Payment Request Button works with the Payment Intents API by using the PaymentMethod obtained in a traditional PaymentRequest integration and attaching it to a PaymentIntent.
An integration built with the Payment Request API consists of the following steps:
- Collect payment details on the client side
- Attempt the payment on the server side
- Handle the server response on the client side
Step 1: Collect payment details on the client side
Listen for the PaymentRequest object’s paymentmethod event, which provides a paymentMethod and a callback function that you can use to indicate when the payment process is complete.
Before
After
paymentRequest.on('token', function(ev) {
// Send token to server
fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: ev.token.id
})
}
).then(function(response) {
// Handle server response (see Step 3)
response.json().then(function(json) {
handleServerResponse(json);
});
});
});
paymentRequest.on('paymentmethod', function(ev) {
// Send paymentMethod to server
fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_method_id: ev.paymentMethod.id
})
}
).then(function(response) {
// Handle server response (see Step 3)
response.json().then(function(json) {
handleServerResponse(json);
});
});
});
Before
After
paymentRequest.on('token',
async ({token, complete}) => {
// Send token to server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
);
// Handle server response (see Step 3)
handleServerResponse(await response.json(), complete);
});
paymentRequest.on('paymentmethod',
async ({paymentMethod, complete}) => {
// Send paymentMethod to server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_method_id: paymentMethod.id
})
}
);
// Step 3: handle server response
await handleServerResponse(await response.json(), complete);
});
Step 2: Attempt the payment on the server side
In your existing integration, the final step is using tokenized payment information to create a charge on your server. With the Payment Intents API, this is sufficient if additional steps like 3D Secure authentication are not required. However, if some payments may require additional authentication, then additional code is required. Instead of creating a Charge, create a PaymentIntent.
Before
After
curl https://api.stripe.com/v1/charges \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd
curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d payment_method="{{PAYMENT_METHOD_ID}}" \
-d amount=1099 \
-d currency=usd \
-d confirmation_method=manual \
-d confirm=true
Before
After
charge = Stripe::Charge.create({
source: data['token_id'],
amount: 1099,
currency: 'usd',
})
intent = Stripe::PaymentIntent.create({
payment_method: data['payment_method_id'],
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
})
return generate_payment_response(intent)Before
After
charge = stripe.Charge.create(
source=data['token_id'],
amount=1099,
currency='usd',
)
intent = stripe.PaymentIntent.create(
payment_method=data['payment_method_id'],
amount=1099,
currency='usd',
confirmation_method='manual',
confirm=True,
)
return generate_payment_response(intent)
Before
After
$charge = \Stripe\Charge::create([
'source' => $json_obj->token_id,
'amount' => 1099,
'currency' => 'usd',
]);
$intent = \Stripe\PaymentIntent::create([
'payment_method' => $json_obj->payment_method_id,
'amount' => 1099,
'currency' => 'usd',
'confirmation_method' => 'manual',
'confirm' => true,
]);
generatePaymentResponse($intent);
Before
After
Map<String, Object> chargeParams = new HashMap<String, Object>();
chargeParams.put("amount", 1099);
chargeParams.put("currency", "usd");
chargeParams.put("source", request.token_id);
Charge.create(chargeParams);
Map<String, Object> createPaymentIntentParams = new HashMap<String, Object>();
createPaymentIntentParams.put("currency", "usd");
createPaymentIntentParams.put("amount", 1099);
createPaymentIntentParams.put("confirm", true);
createPaymentIntentParams.put("confirmation_method", "manual");
createPaymentIntentParams.put("payment_method", request.paymentMethodId);
intent = PaymentIntent.create(createPaymentIntentParams);
Map<String, Object> responseData = generatePaymentResponse(response, intent);
Before
After
(async () => {
const charge = await stripe.charges.create({
amount: 1099,
currency: 'usd',
source: request.body.token_id,
});
})();
(async () => {
const intent = await stripe.paymentIntents.create({
payment_method: request.body.payment_method_id,
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true
});
generate_payment_response(intent));
})();
Before
After
params := &stripe.ChargeParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
}
params.SetSource(*paymentRequest.TokenId)
ch, _ := charge.New(params)
params := &stripe.PaymentIntentParams{
PaymentMethod: stripe.String(*paymentRequest.PaymentMethodId),
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
Confirm: stripe.Bool(true),
ConfirmationMethod: stripe.String(string(stripe.PaymentIntentConfirmationMethodManual)),
}
intent, err = paymentintent.New(params)
Before
After
var options = new ChargeCreateOptions
{
Amount = 999,
Currency = "usd",
Source = request.tokenId,
};
var service = new ChargeService();
Charge charge = service.Create(options);
var service = new PaymentIntentService();
var options = new PaymentIntentCreateOptions
{
PaymentMethodId = request.PaymentMethodId,
Amount = 1099,
Currency = "usd",
ConfirmationMethod = "manual",
Confirm = true,
};
paymentIntent = service.Create(options);
Check the PaymentIntent status with generate_payment_response. If the payment requires additional actions such as 3D Secure authentication, the PaymentIntent’s status will be set to requires_action. If the payment is successful, then the status is set to succeeded and the payment is complete. If the payment failed, the status is set to requires_payment_method.
You can see a full server implementation using generate_payment_response in our manual confirmation quickstart.
# If status == 'requires_action' and
# next_action.type == 'use_stripe_sdk'
# -> Tell the client to handle the action
#
# If status == 'succeeded'
# -> The payment didn't need any additional actions and completed!
# -> Handle post-payment fulfillmentdef generate_payment_response(intent)
if intent.status == 'requires_action' &&
intent.next_action.type == 'use_stripe_sdk'
# Tell the client to handle the action
[
200,
{
requires_action: true,
payment_intent_client_secret: intent.client_secret
}.to_json
]
elsif intent.status == 'succeeded'
# The payment didn't need any additional actions and completed!
# Handle post-payment fulfillment
[200, { success: true }.to_json]
else
# Invalid status
end
end
def generate_payment_response(intent):
if intent.status == 'requires_action' and intent.next_action.type == 'use_stripe_sdk':
# Tell the client to handle the action
return json.dumps({
'requires_action': True,
'payment_intent_client_secret': intent.client_secret,
}), 200
elif intent.status == 'succeeded':
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
return json.dumps({'success': True}), 200
else:
# Invalid status
return json.dumps({'error': 'Invalid PaymentIntent status'}), 500
function generatePaymentResponse($intent) {
if ($intent->status == 'requires_action' &&
$intent->next_action->type == 'use_stripe_sdk') {
# Tell the client to handle the action
echo json_encode([
'requires_action' => true,
'payment_intent_client_secret' => $intent->client_secret
]);
} else if ($intent->status == 'succeeded') {
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
echo json_encode([
'success' => true
]);
} else {
# Invalid status
http_response_code(500);
echo json_encode(['error' => 'Invalid PaymentIntent status']);
}
}
private Map<String, Object> generatePaymentResponse(Response response,
PaymentIntent intent) {
response.type("application/json");
Map<String, Object> responseData = new HashMap<>();
if (intent.getStatus().equals("requires_action")
&& intent.getNextAction().getType().equals("use_stripe_sdk")) {
responseData.put("requires_action", true);
responseData.put("payment_intent_client_secret", intent.getClientSecret());
} else if (intent.getStatus().equals("succeeded")) {
responseData.put("success", true);
} else {
// invalid status
responseData.put("Error", "Invalid status");
response.status(500);
return responseData;
}
response.status(200);
return responseData;
}
const generate_payment_response = (intent) => {
if (
intent.status === 'requires_action' &&
intent.next_action.type === 'use_stripe_sdk'
) {
// Tell the client to handle the action
return {
requires_action: true,
payment_intent_client_secret: intent.client_secret
};
} else if (intent.status === 'succeeded') {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return {
success: true
};
} else {
// Invalid status
return {
error: 'Invalid PaymentIntent status'
}
}
};
func generatePaymentResponse(intent *stripe.PaymentIntent, w http.ResponseWriter) {
if intent.Status == stripe.PaymentIntentStatusRequiresAction &&
intent.NextAction.Type == "use_stripe_sdk" {
// Tell the client to handle the action
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(ConfirmPaymentResponse{
RequiresAction: true,
PaymentIntentClientSecret: &intent.ClientSecret,
})
} else if intent.Status == stripe.PaymentIntentStatusSucceeded {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "Success")
} else {
// Invalid status
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, "Invalid Payment Intent status: %s", intent.Status)
}
}
private IActionResult generatePaymentResponse(PaymentIntent intent)
{
if (intent.Status == "requires_action" &&
intent.NextAction.Type == "use_stripe_sdk")
{
// Tell the client to handle the action
return Json(new
{
requires_action = true,
payment_intent_client_secret = intent.ClientSecret
});
}
else if (intent.Status == "succeeded")
{
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return Json(new { success = true });
}
else
{
// Invalid status
return StatusCode(500, new { error = "Invalid PaymentIntent status" });
}
}
Step 3: Handle the server response on the client side
On the client side, handle the new case when additional action is required with stripe.handleCardAction. After it completes without error, the PaymentIntent now has a status of requires_confirmation. Send the ID of the PaymentIntent to the same server endpoint to confirm the payment again.
Before
After
function handleServerResponse(response, complete) {
if (response.error) {
complete('fail');
} else {
complete('success');
}
}
function handleServerResponse(response, complete) {
if (response.error) {
complete('fail');
} else if (response.requires_action) {
complete('success');
handleAction(response);
} else {
complete('success');
}
}
function handleAction(response) {
stripe.handleCardAction(
response.payment_intent_client_secret
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// The card action has been handled
// The PaymentIntent can be confirmed again on the server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: result.paymentIntent.id
})
}).then(function(confirmResult) {
return confirmResult.json();
}).then(handleServerResponse);
}
});
}
Before
After
function handleServerResponse(response, complete) {
if (response.error) {
complete('fail');
} else {
complete('success');
}
}
async function handleServerResponse(response, complete) {
if (response.error) {
complete('fail');
} else if (response.requires_action) {
complete('success');
await handleAction(response);
} else {
complete('success');
}
}
async function handleAction(response) {
const {
error: errorAction,
paymentIntent
} = await stripe.handleCardAction(
response.payment_intent_client_secret
);
if (errorAction) {
// Show error from Stripe.js in payment form
} else {
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: paymentIntent.id
})
}
);
// Step 3: handle server response
handleServerResponse(await response.json());
}
}
Now that you have migrated, use the test cards in the following section to verify your upgraded integration handles 3D Secure authentication.
If you’re using the legacy version of Checkout, upgrade to the new version of Checkout—the fastest way to accept payments with Stripe. With it, you can accept one-time payments and subscriptions. You can also use Checkout without using the Stripe API on your server. Follow the Checkout migration guide to migrate your existing integration.
If you prefer to build your own checkout flow instead, switch to Elements. Assuming you have upgraded to Elements, you can build a Payment Intents API integration following the Payment Intents API migration guide for Elements.
-
If you are preparing for Strong Customer Authentication (SCA) and need to migrate to the Payment Intents API without updating how you collect payment details, follow this guide.
Step 1: Collect payment details on the client side
To use the Payment Intents API with the legacy version of Checkout (Custom integration), first add the Stripe.js v3 script tag to your website and instantiate its Stripe object:
<script src="https://js.stripe.com/v3/"></script>var stripe = Stripe('pk_test_TYooMQauvdEDq54NiTphI7jx');Then, collect payment details in the same manner as your existing integration using the legacy version of Checkout.
Before
After
StripeCheckout.configure({
// ...configuration
token: function(token) {
// Send token.id to your server
fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
).then(function(response) {
// Handle server response (see Step 3)
response.json().then(function(json) {
handleServerResponse(json);
});
});
},
});
Same as before
Before
After
StripeCheckout.configure({
// ...configuration
token: async (token) => {
// Send token.id to your server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
);
// Handle server response (see Step 3)
handleServerResponse(await response.json());
},
});
Same as before
Step 2: Attempt payment on the server side
When attempting the payment on the server, pass the token when creating the PaymentIntent.
Before
After
curl https://api.stripe.com/v1/charges \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd
curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d payment_method_data[type]=card \
-d payment_method_data[card][token]="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd \
-d confirmation_method=manual \
-d confirm=true
Before
After
charge = Stripe::Charge.create({
source: data['token_id'],
amount: 1099,
currency: 'usd',
})
intent = Stripe::PaymentIntent.create({
payment_method_data: {
type: 'card',
card: {token: data['token_id']},
},
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
})
return generate_payment_response(intent)Before
After
charge = stripe.Charge.create(
source=data['token_id'],
amount=1099,
currency='usd',
)
intent = stripe.PaymentIntent.create(
payment_method_data={
'type': 'card',
'card':{'token':data['token_id']}
},
amount=1099,
currency='usd',
confirmation_method='manual',
confirm=True,
)
return generate_payment_response(intent)
Before
After
$charge = \Stripe\Charge::create([
'source' => $json_obj->token_id,
'amount' => 1099,
'currency' => 'usd',
]);
$intent = \Stripe\PaymentIntent::create([
'payment_method_data' => [
'type' => 'card',
'card' => ['token' => $json_obj->token_id],
],
'amount' => 1099,
'currency' => 'usd',
'confirmation_method' => 'manual',
'confirm' => true,
]);
generatePaymentResponse($intent);
Before
After
Map<String, Object> chargeParams = new HashMap<String, Object>();
chargeParams.put("amount", 1099);
chargeParams.put("currency", "usd");
chargeParams.put("source", request.token_id);
Charge.create(chargeParams);
Map<String, Object> createPaymentIntentParams = new HashMap<String, Object>();
createPaymentIntentParams.put("currency", "usd");
createPaymentIntentParams.put("amount", 1099);
createPaymentIntentParams.put("confirm", true);
createPaymentIntentParams.put("confirmation_method", "manual");
Map<String, String> paymentMethodData = new HashMap<String, String>();
paymentMethodData.put("type", "card");
Map<String, String> cardData = new HashMap<String, String>();
cardData.put("token", request.token_id);
paymentMethodData.put("card", cardData);
createPaymentIntentParams.put("payment_method_data", paymentMethodData);
intent = PaymentIntent.create(createPaymentIntentParams);
Map<String, Object> responseData = generatePaymentResponse(response, intent);
Before
After
(async () => {
const charge = await stripe.charges.create({
amount: 1099,
currency: 'usd',
source: request.body.token_id,
});
})();
(async () => {
const intent = await stripe.paymentIntents.create({
payment_method_data: {
type: 'card',
card: { token: request.body.token_id }
},
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true
});
generate_payment_response(intent));
})();
Before
After
params := &stripe.ChargeParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
}
params.SetSource(*paymentRequest.TokenId)
ch, _ := charge.New(params)
params := &stripe.PaymentIntentParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
Confirm: stripe.Bool(true),
ConfirmationMethod: stripe.String(string(stripe.PaymentIntentConfirmationMethodManual)),
}
params.AddExtra("payment_method_data[type]", "card")
params.AddExtra("payment_method_data[card][token]", *paymentRequest.TokenId)
intent, err = paymentintent.New(params)
Before
After
var options = new ChargeCreateOptions
{
Amount = 999,
Currency = "usd",
Source = request.tokenId,
};
var service = new ChargeService();
Charge charge = service.Create(options);
var service = new PaymentIntentService();
var options = new PaymentIntentCreateOptions
{
Amount = 1099,
Currency = "usd",
Confirm = true,
ConfirmationMethod = "automatic",
};
options.AddExtraParam("payment_method_data[type]", "card");
options.AddExtraParam("payment_method_data[card][token]", request.tokenId);
paymentIntent = service.Create(options);
Check the PaymentIntent status with generate_payment_response. If the payment requires additional actions such as 3D Secure authentication, the PaymentIntent’s status will be set to requires_action. If the payment is successful, then the status is set to succeeded and the payment is complete. If the payment failed, the status is set to requires_payment_method.
You can see a full server implementation using generate_payment_response in our manual confirmation quickstart.
# If status == 'requires_action' and
# next_action.type == 'use_stripe_sdk'
# -> Tell the client to handle the action
#
# If status == 'succeeded'
# -> The payment didn't need any additional actions and completed!
# -> Handle post-payment fulfillmentdef generate_payment_response(intent)
if intent.status == 'requires_action' &&
intent.next_action.type == 'use_stripe_sdk'
# Tell the client to handle the action
[
200,
{
requires_action: true,
payment_intent_client_secret: intent.client_secret
}.to_json
]
elsif intent.status == 'succeeded'
# The payment didn't need any additional actions and completed!
# Handle post-payment fulfillment
[200, { success: true }.to_json]
else
# Invalid status
end
end
def generate_payment_response(intent):
if intent.status == 'requires_action' and intent.next_action.type == 'use_stripe_sdk':
# Tell the client to handle the action
return json.dumps({
'requires_action': True,
'payment_intent_client_secret': intent.client_secret,
}), 200
elif intent.status == 'succeeded':
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
return json.dumps({'success': True}), 200
else:
# Invalid status
return json.dumps({'error': 'Invalid PaymentIntent status'}), 500
function generatePaymentResponse($intent) {
if ($intent->status == 'requires_action' &&
$intent->next_action->type == 'use_stripe_sdk') {
# Tell the client to handle the action
echo json_encode([
'requires_action' => true,
'payment_intent_client_secret' => $intent->client_secret
]);
} else if ($intent->status == 'succeeded') {
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
echo json_encode([
'success' => true
]);
} else {
# Invalid status
http_response_code(500);
echo json_encode(['error' => 'Invalid PaymentIntent status']);
}
}
private Map<String, Object> generatePaymentResponse(Response response,
PaymentIntent intent) {
response.type("application/json");
Map<String, Object> responseData = new HashMap<>();
if (intent.getStatus().equals("requires_action")
&& intent.getNextAction().getType().equals("use_stripe_sdk")) {
responseData.put("requires_action", true);
responseData.put("payment_intent_client_secret", intent.getClientSecret());
} else if (intent.getStatus().equals("succeeded")) {
responseData.put("success", true);
} else {
// invalid status
responseData.put("Error", "Invalid status");
response.status(500);
return responseData;
}
response.status(200);
return responseData;
}
const generate_payment_response = (intent) => {
if (
intent.status === 'requires_action' &&
intent.next_action.type === 'use_stripe_sdk'
) {
// Tell the client to handle the action
return {
requires_action: true,
payment_intent_client_secret: intent.client_secret
};
} else if (intent.status === 'succeeded') {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return {
success: true
};
} else {
// Invalid status
return {
error: 'Invalid PaymentIntent status'
}
}
};
func generatePaymentResponse(intent *stripe.PaymentIntent, w http.ResponseWriter) {
if intent.Status == stripe.PaymentIntentStatusRequiresAction &&
intent.NextAction.Type == "use_stripe_sdk" {
// Tell the client to handle the action
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(ConfirmPaymentResponse{
RequiresAction: true,
PaymentIntentClientSecret: &intent.ClientSecret,
})
} else if intent.Status == stripe.PaymentIntentStatusSucceeded {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "Success")
} else {
// Invalid status
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, "Invalid Payment Intent status: %s", intent.Status)
}
}
private IActionResult generatePaymentResponse(PaymentIntent intent)
{
if (intent.Status == "requires_action" &&
intent.NextAction.Type == "use_stripe_sdk")
{
// Tell the client to handle the action
return Json(new
{
requires_action = true,
payment_intent_client_secret = intent.ClientSecret
});
}
else if (intent.Status == "succeeded")
{
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return Json(new { success = true });
}
else
{
// Invalid status
return StatusCode(500, new { error = "Invalid PaymentIntent status" });
}
}
Step 3: Handle the server response on the client side
On the client side, handle the new case when additional action is required with stripe.handleCardAction. After it completes without error, the PaymentIntent now has a status of requires_confirmation. Send the ID of the PaymentIntent to the same server endpoint to confirm the payment again.
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
handleAction(response);
} else {
// Show success message
}
}
function handleAction(response) {
stripe.handleCardAction(
response.payment_intent_client_secret
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// The card action has been handled
// The PaymentIntent can be confirmed again on the server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: result.paymentIntent.id
})
}).then(function(confirmResult) {
return confirmResult.json();
}).then(handleServerResponse);
}
});
}
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
async function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
await handleAction(response);
} else {
// Show success message
}
}
async function handleAction(response) {
const {
error: errorAction,
paymentIntent
} = await stripe.handleCardAction(
response.payment_intent_client_secret
);
if (errorAction) {
// Show error from Stripe.js in payment form
} else {
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: paymentIntent.id
})
}
);
// Step 3: handle server response
handleServerResponse(await response.json());
}
}
Now that you have migrated, use the test cards in the following section to verify your upgraded integration handles 3D Secure authentication.
In order to upgrade an existing Stripe.js v2 integration to use the Payment Intents API, first update your integration to collect payment information with Elements. Elements provides pre-built UI components and offers simple PCI compliance with SAQ A reporting.
After you have upgraded to Elements, you can build a Payment Intents API integration following the Payment Intents API migration guide for Elements.
-
If you are preparing for Strong Customer Authentication (SCA) and need to migrate to the Payment Intents API without updating how you collect payment details, follow this guide.
Step 1: Collect payment details on the client side
To use the Payment Intents API with the Stripe.js v2, first add the Stripe.js v3 script tag to your website and instantiate its Stripe object:
<script src="https://js.stripe.com/v3/"></script>var stripe = Stripe('pk_test_TYooMQauvdEDq54NiTphI7jx');Then, collect payment details in the same manner as your existing integration.
Before
After
Stripe.card.createToken({
number: $('.card-number').val(),
cvc: $('.card-cvc').val(),
exp_month: $('.card-expiry-month').val(),
exp_year: $('.card-expiry-year').val(),
address_zip: $('.address_zip').val()
}, function(status, token) {
// Send token.id to your server
fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
).then(function(response) {
// Handle server response (see Step 3)
response.json().then(function(json) {
handleServerResponse(json);
});
});
});
Same as before
Before
After
Stripe.card.createToken({
number: $('.card-number').val(),
cvc: $('.card-cvc').val(),
exp_month: $('.card-expiry-month').val(),
exp_year: $('.card-expiry-year').val(),
address_zip: $('.address_zip').val()
}, (status, token) => {
// Send token.id to your server
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
token_id: token.id
})
}
);
// Handle server response (see Step 3)
handleServerResponse(await response.json());
});
Same as before
Step 2: Attempt payment on the server side
When attempting the payment on the server, pass the token when creating the PaymentIntent.
Before
After
curl https://api.stripe.com/v1/charges \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd
curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d payment_method_data[type]=card \
-d payment_method_data[card][token]="{{TOKEN_ID}}" \
-d amount=1099 \
-d currency=usd \
-d confirmation_method=manual \
-d confirm=true
Before
After
charge = Stripe::Charge.create({
source: data['token_id'],
amount: 1099,
currency: 'usd',
})
intent = Stripe::PaymentIntent.create({
payment_method_data: {
type: 'card',
card: {token: data['token_id']},
},
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
})
return generate_payment_response(intent)Before
After
charge = stripe.Charge.create(
source=data['token_id'],
amount=1099,
currency='usd',
)
intent = stripe.PaymentIntent.create(
payment_method_data={
'type': 'card',
'card':{'token':data['token_id']}
},
amount=1099,
currency='usd',
confirmation_method='manual',
confirm=True,
)
return generate_payment_response(intent)
Before
After
$charge = \Stripe\Charge::create([
'source' => $json_obj->token_id,
'amount' => 1099,
'currency' => 'usd',
]);
$intent = \Stripe\PaymentIntent::create([
'payment_method_data' => [
'type' => 'card',
'card' => ['token' => $json_obj->token_id],
],
'amount' => 1099,
'currency' => 'usd',
'confirmation_method' => 'manual',
'confirm' => true,
]);
generatePaymentResponse($intent);
Before
After
Map<String, Object> chargeParams = new HashMap<String, Object>();
chargeParams.put("amount", 1099);
chargeParams.put("currency", "usd");
chargeParams.put("source", request.token_id);
Charge.create(chargeParams);
Map<String, Object> createPaymentIntentParams = new HashMap<String, Object>();
createPaymentIntentParams.put("currency", "usd");
createPaymentIntentParams.put("amount", 1099);
createPaymentIntentParams.put("confirm", true);
createPaymentIntentParams.put("confirmation_method", "manual");
Map<String, String> paymentMethodData = new HashMap<String, String>();
paymentMethodData.put("type", "card");
Map<String, String> cardData = new HashMap<String, String>();
cardData.put("token", request.token_id);
paymentMethodData.put("card", cardData);
createPaymentIntentParams.put("payment_method_data", paymentMethodData);
intent = PaymentIntent.create(createPaymentIntentParams);
Map<String, Object> responseData = generatePaymentResponse(response, intent);
Before
After
(async () => {
const charge = await stripe.charges.create({
amount: 1099,
currency: 'usd',
source: request.body.token_id,
});
})();
(async () => {
const intent = await stripe.paymentIntents.create({
payment_method_data: {
type: 'card',
card: { token: request.body.token_id }
},
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true
});
generate_payment_response(intent));
})();
Before
After
params := &stripe.ChargeParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
}
params.SetSource(*paymentRequest.TokenId)
ch, _ := charge.New(params)
params := &stripe.PaymentIntentParams{
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
Confirm: stripe.Bool(true),
ConfirmationMethod: stripe.String(string(stripe.PaymentIntentConfirmationMethodManual)),
}
params.AddExtra("payment_method_data[type]", "card")
params.AddExtra("payment_method_data[card][token]", *paymentRequest.TokenId)
intent, err = paymentintent.New(params)
Before
After
var options = new ChargeCreateOptions
{
Amount = 999,
Currency = "usd",
Source = request.tokenId,
};
var service = new ChargeService();
Charge charge = service.Create(options);
var service = new PaymentIntentService();
var options = new PaymentIntentCreateOptions
{
Amount = 1099,
Currency = "usd",
Confirm = true,
ConfirmationMethod = "automatic",
};
options.AddExtraParam("payment_method_data[type]", "card");
options.AddExtraParam("payment_method_data[card][token]", request.tokenId);
paymentIntent = service.Create(options);
Check the PaymentIntent status with generate_payment_response. If the payment requires additional actions such as 3D Secure authentication, the PaymentIntent’s status will be set to requires_action. If the payment is successful, then the status is set to succeeded and the payment is complete. If the payment failed, the status is set to requires_payment_method.
You can see a full server implementation using generate_payment_response in our manual confirmation quickstart.
# If status == 'requires_action' and
# next_action.type == 'use_stripe_sdk'
# -> Tell the client to handle the action
#
# If status == 'succeeded'
# -> The payment didn't need any additional actions and completed!
# -> Handle post-payment fulfillmentdef generate_payment_response(intent)
if intent.status == 'requires_action' &&
intent.next_action.type == 'use_stripe_sdk'
# Tell the client to handle the action
[
200,
{
requires_action: true,
payment_intent_client_secret: intent.client_secret
}.to_json
]
elsif intent.status == 'succeeded'
# The payment didn't need any additional actions and completed!
# Handle post-payment fulfillment
[200, { success: true }.to_json]
else
# Invalid status
end
end
def generate_payment_response(intent):
if intent.status == 'requires_action' and intent.next_action.type == 'use_stripe_sdk':
# Tell the client to handle the action
return json.dumps({
'requires_action': True,
'payment_intent_client_secret': intent.client_secret,
}), 200
elif intent.status == 'succeeded':
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
return json.dumps({'success': True}), 200
else:
# Invalid status
return json.dumps({'error': 'Invalid PaymentIntent status'}), 500
function generatePaymentResponse($intent) {
if ($intent->status == 'requires_action' &&
$intent->next_action->type == 'use_stripe_sdk') {
# Tell the client to handle the action
echo json_encode([
'requires_action' => true,
'payment_intent_client_secret' => $intent->client_secret
]);
} else if ($intent->status == 'succeeded') {
# The payment didn’t need any additional actions and completed!
# Handle post-payment fulfillment
echo json_encode([
'success' => true
]);
} else {
# Invalid status
http_response_code(500);
echo json_encode(['error' => 'Invalid PaymentIntent status']);
}
}
private Map<String, Object> generatePaymentResponse(Response response,
PaymentIntent intent) {
response.type("application/json");
Map<String, Object> responseData = new HashMap<>();
if (intent.getStatus().equals("requires_action")
&& intent.getNextAction().getType().equals("use_stripe_sdk")) {
responseData.put("requires_action", true);
responseData.put("payment_intent_client_secret", intent.getClientSecret());
} else if (intent.getStatus().equals("succeeded")) {
responseData.put("success", true);
} else {
// invalid status
responseData.put("Error", "Invalid status");
response.status(500);
return responseData;
}
response.status(200);
return responseData;
}
const generate_payment_response = (intent) => {
if (
intent.status === 'requires_action' &&
intent.next_action.type === 'use_stripe_sdk'
) {
// Tell the client to handle the action
return {
requires_action: true,
payment_intent_client_secret: intent.client_secret
};
} else if (intent.status === 'succeeded') {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return {
success: true
};
} else {
// Invalid status
return {
error: 'Invalid PaymentIntent status'
}
}
};
func generatePaymentResponse(intent *stripe.PaymentIntent, w http.ResponseWriter) {
if intent.Status == stripe.PaymentIntentStatusRequiresAction &&
intent.NextAction.Type == "use_stripe_sdk" {
// Tell the client to handle the action
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(ConfirmPaymentResponse{
RequiresAction: true,
PaymentIntentClientSecret: &intent.ClientSecret,
})
} else if intent.Status == stripe.PaymentIntentStatusSucceeded {
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "Success")
} else {
// Invalid status
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, "Invalid Payment Intent status: %s", intent.Status)
}
}
private IActionResult generatePaymentResponse(PaymentIntent intent)
{
if (intent.Status == "requires_action" &&
intent.NextAction.Type == "use_stripe_sdk")
{
// Tell the client to handle the action
return Json(new
{
requires_action = true,
payment_intent_client_secret = intent.ClientSecret
});
}
else if (intent.Status == "succeeded")
{
// The payment didn’t need any additional actions and completed!
// Handle post-payment fulfillment
return Json(new { success = true });
}
else
{
// Invalid status
return StatusCode(500, new { error = "Invalid PaymentIntent status" });
}
}
Step 3: Handle the server response on the client side
On the client side, handle the new case when additional action is required with stripe.handleCardAction. After it completes without error, the PaymentIntent now has a status of requires_confirmation. Send the ID of the PaymentIntent to the same server endpoint to confirm the payment again.
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
handleAction(response);
} else {
// Show success message
}
}
function handleAction(response) {
stripe.handleCardAction(
response.payment_intent_client_secret
).then(function(result) {
if (result.error) {
// Show error in payment form
} else {
// The card action has been handled
// The PaymentIntent can be confirmed again on the server
fetch('/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: result.paymentIntent.id
})
}).then(function(confirmResult) {
return confirmResult.json();
}).then(handleServerResponse);
}
});
}
Before
After
function handleServerResponse(response) {
if (response.error) {
// Show error on payment form
} else {
// Show success message
}
}
async function handleServerResponse(response) {
if (response.error) {
// Show error from server on payment form
} else if (response.requires_action) {
// Use Stripe.js to handle required card action
await handleAction(response);
} else {
// Show success message
}
}
async function handleAction(response) {
const {
error: errorAction,
paymentIntent
} = await stripe.handleCardAction(
response.payment_intent_client_secret
);
if (errorAction) {
// Show error from Stripe.js in payment form
} else {
const response = await fetch(
'/ajax/confirm_payment', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
payment_intent_id: paymentIntent.id
})
}
);
// Step 3: handle server response
handleServerResponse(await response.json());
}
}
Now that you have migrated, use the test cards in the following section to verify your upgraded integration handles 3D Secure authentication.
Migrate your integration that saves cards on Customer objects
You will need to change your integration to let Stripe know how you intend to use your customers’ saved cards so we can optimize for the right exemptions. SCA may also require that the card is authenticated before being stored.
For saving cards in the checkout flow after a payment is made, there are a few differences between your existing integration and a Payment Intents API integration with manual confirmation.
On the client side, use the createPaymentMethod function instead of createToken or createSource.
Before
After
stripe.createToken(
// or stripe.createSource
cardElement
).then(function(result) {
if (result.error) {
// Display result.error.message in UI
} else {
// Send result.token to server
}
});
stripe.createPaymentMethod(
'card',
cardElement
).then(function(result) {
if (result.error) {
// Display result.error.message in UI
} else {
// The PaymentMethod has successfully
// been created
}
});
Before
After
const {token, error} =
await stripe.createToken(
// or stripe.createSource
cardElement
);
if (error) {
// Display error.message in UI
} else {
// Send token to server
}
const {paymentMethod, error} =
await stripe.createPaymentMethod(
'card',
cardElement
);
if (error) {
// Display error.message in UI
} else {
// The PaymentMethod has successfully
// been created
}
On the server side, use the setup_future_usage parameter on the PaymentIntent to save the card for future use. You can pass a Customer ID to the PaymentIntent to save the payment method immediately upon creation, or attach the payment method to a Customer at a later time.
Before
After
curl https://api.stripe.com/v1/customers/{{CUSTOMER_ID}}/sources \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_OR_SOURCE}}"
Completed in the next step
Before
After
card = Stripe::Customer.create_source(
'{{CUSTOMER_ID}}',
{
source: '{{TOKEN_OR_SOURCE}}',
}
)Completed in the next step
Before
After
stripe.Customer.create_source(
'{{CUSTOMER_ID}}',
source='{{TOKEN_OR_SOURCE}}'
)Completed in the next step
Before
After
$card = \Stripe\Customer::createSource(
'{{CUSTOMER_ID}}',
[
'source' => '{{TOKEN_OR_SOURCE}}',
]
);Completed in the next step
Before
After
Customer customer = Customer.retrieve("{{CUSTOMER_ID}}");
Map<String, Object> params = new HashMap<String, Object>();
params.put("source", "{{TOKEN_OR_SOURCE}}");
customer.getSources().create(params);Completed in the next step
Before
After
(async () => {
const card = await stripe.customers.createSource(
'{{CUSTOMER_ID}}',
{source: '{{TOKEN_OR_SOURCE}}'}
);
})();Completed in the next step
Before
After
params := &stripe.CardParams{
Customer: stripe.String("{{CUSTOMER_ID}}"),
Token: stripe.String("{{TOKEN_OR_SOURCE}}"),
}
c, err := card.New(params)Completed in the next step
Before
After
var options = new CardCreateOptions
{
SourceToken = "{{TOKEN_OR_SOURCE}}"
};
var service = new CardService();
var card = service.Create("{{CUSTOMER_ID}}", options);Completed in the next step
Before
After
curl https://api.stripe.com/v1/charges \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_OR_SOURCE}}" \
-d amount=1099 \
-d currency=usd \
-d customer="{{CUSTOMER_ID}}"
curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d payment_method="{{PAYMENT_METHOD_ID}}" \
-d customer="{{CUSTOMER_ID}}" \
-d amount=1099 \
-d currency=usd \
-d confirmation_method=manual \
-d confirm=true \
-d setup_future_usage=off_session
Before
After
charge = Stripe::Charge.create(
source: '{{TOKEN_OR_SOURCE}}',
customer: '{{CUSTOMER_ID}}',
amount: 1099,
currency: 'usd',
)
Stripe::PaymentIntent.create({
payment_method: '{{PAYMENT_METHOD_ID}}',
customer: '{{CUSTOMER_ID}}',
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
setup_future_usage: 'off_session',
})
Before
After
charge = stripe.Charge.create(
source='{{TOKEN_OR_SOURCE}}',
customer='{{CUSTOMER_ID}}',
amount=1099,
currency='usd',
)
stripe.PaymentIntent.create(
payment_method='{{PAYMENT_METHOD_ID}}',
customer='{{CUSTOMER_ID}}',
amount=1099,
currency='usd',
confirmation_method='manual',
confirm=True,
setup_future_usage='off_session',
)
Before
After
$charge = \Stripe\Charge::create([
'source' => '{{TOKEN_OR_SOURCE}}',
'customer' => '{{CUSTOMER_ID}}',
'amount' => 1099,
'currency' => 'usd',
]);
$intent = \Stripe\PaymentIntent::create([
'payment_method' => '{{PAYMENT_METHOD_ID}}',
'customer' => '{{CUSTOMER_ID}}',
'amount' => 1099,
'currency' => 'usd',
'confirmation_method' => 'manual',
'confirm' => true,
'setup_future_usage' => 'off_session',
]);
Before
After
Map<String, Object> params = new HashMap<>();
params.put("amount", 1099);
params.put("currency", "usd");
params.put("customer", "{{CUSTOMER_ID}}");
params.put("source", "{{TOKEN_OR_SOURCE}}");
Charge charge = Charge.create(params);
Map<String, Object> params = new HashMap<>();
params.put("payment_method", "{{PAYMENT_METHOD_ID}}");
params.put("customer", "{{CUSTOMER_ID}}");
params.put("amount", 1099);
params.put("currency", "usd");
params.put("confirmation_method", "manual");
params.put("confirm", true);
params.put("setup_future_usage", "off_session");
PaymentIntent.create(params);Before
After
(async () => {
const charge = await stripe.charges.create({
source: '{{TOKEN_OR_SOURCE}}',
customer: '{{CUSTOMER_ID}}',
amount: 1099,
currency: 'usd',
});
})();(async () => {
const intent = await stripe.paymentIntents.create({
payment_method: '{{PAYMENT_METHOD_ID}}',
customer: '{{CUSTOMER_ID}}',
amount: 1099,
currency: 'usd',
confirmation_method: 'manual',
confirm: true,
setup_future_usage: 'off_session',
});
})();Before
After
params := &stripe.ChargeParams{
Customer: stripe.String("{{CUSTOMER_ID}}"),
Amount: stripe.Int64(1099),
Currency: stripe.String(string(string(stripe.CurrencyUSD))),
}
params.SetSource("{{TOKEN_OR_SOURCE}}")
ch, _ := charge.New(params)
params := &stripe.PaymentIntentParams{
PaymentMethod: stripe.String("{{PAYMENT_METHOD_ID}}"),
Customer: stripe.String("{{CUSTOMER_ID}}"),
Amount: stripe.Int64(1099),
Currency: stripe.String(string(stripe.CurrencyUSD)),
ConfirmationMethod: stripe.String(string(stripe.PaymentIntentConfirmationMethodManual)),
Confirm: stripe.Bool(true),
SetupFutureUsage: stripe.String(string(stripe.PaymentIntentSetupFutureUsageOffSession)),
}
intent, err := paymentintent.New(params)
Before
After
var options = new ChargeCreateOptions
{
CardId = "{{TOKEN_OR_SOURCE}}",
CustomerId = "{{CUSTOMER_ID}}",
Amount = 1099,
Currency = "usd",
SetupFutureUsage = "off_session",
};
var service = new ChargeService();
Charge charge = service.Create(options);
var options = new PaymentIntentCreateOptions
{
PaymentMethodId = "{{PAYMENT_METHOD_ID}}",
CustomerId = "{{CUSTOMER_ID}}",
Amount = 1099,
Currency = "usd",
ConfirmationMethod = "manual",
Confirm = true,
SetupFutureUsage= "off_session",
};
var service = new PaymentIntentService();
var paymentIntent = service.Create(options);
setup_future_usage tells Stripe how you intend to use the saved card and allows for optimizing the authentication process for future payments. Learn more about setup_future_usage in the reusing cards guide.
If the card requires authentication before it can be charged and saved to a customer, it will have a status of requires_action. If the PaymentIntent requires action, call handleCardAction on the client with the PaymentIntent’s client_secret. handleCardAction handles displaying the UI to the customer to authenticate the card. Once authentication is complete, you can confirm the PaymentIntent again on the server to finalize the payment. Learn more about handling require card actions in the one-time payments guide.
There are a couple of changes you will need to make to your existing integration that saves card details outside of a checkout flow. First, create a SetupIntent on your server. A SetupIntent authenticates the card without making an initial payment.
Before
After
No server code previously required
curl https://api.stripe.com/v1/setup_intents/ \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-X POST
Before
After
No server code previously required
setupIntent = Stripe::SetupIntent.create()
Before
After
No server code previously required
setup_intent = stripe.SetupIntent.create()
Before
After
No server code previously required
$setupIntent = \Stripe\SetupIntent::create();
Before
After
No server code previously required
SetupIntent.create();Before
After
No server code previously required
(async () => {
const intent = await stripe.setupIntents.create();
})();Before
After
No server code previously required
intent, err = setupintent.New(params)
Before
After
No server code previously required
var service = new SetupIntentService();
var setupIntent = service.Create(options);
Pass the SetupIntent’s client secret to your client and use the handleCardSetup function instead of createToken or createSource after your customer enters their card details.
If required by regulation, handleCardSetup will prompt the user to authenticate the card.
Before
After
stripe.createToken(
// or stripe.createSource
cardElement,
{
name: cardholderName.value,
}
).then(function(token) {
// Send token to server
});stripe.handleCardSetup(
clientSecret,
cardElement,
{
payment_method_data: {
billing_details: {name: cardholderName.value}
}
}
).then(function(result) {
if (result.error) {
// Display error.message in your UI.
} else {
// The SetupIntent was successful!
}
});Before
After
const {token} =
await stripe.createToken(
// or stripe.createSource
cardElement,
{
name: cardholderName.value,
}
);const {setupIntent, error} =
await stripe.handleCardSetup(
clientSecret,
cardElement,
{
payment_method_data: {
billing_details: {name: cardholderName.value}
}
}
);
if (error) {
// Display error.message in your UI.
} else {
// The SetupIntent was successful!
}When handleCardSetup succeeds, setupIntent.payment_method will contain a PaymentMethod that you can attach to a Customer.
Pass the ID of that PaymentMethod to your server, and attach the payment method to the Customer object using the Payment Methods API instead of the Customers API.
Before
After
curl https://api.stripe.com/v1/customers/{{CUSTOMER_ID}}/sources \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d source="{{TOKEN_FROM_STEP_1}}"
curl https://api.stripe.com/v1/payment_methods/{{PAYMENT_METHOD_ID}}/attach \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d customer="{{CUSTOMER_ID}}"
Before
After
card = Stripe::Customer.create_source(
'{{CUSTOMER_ID}}',
{
source: '{{TOKEN_FROM_STEP_1}}',
}
)Stripe::PaymentMethod.attach(
'{{PAYMENT_METHOD_ID}}',
{
customer: '{{CUSTOMER_ID}}',
}
)Before
After
stripe.Customer.create_source(
'{{CUSTOMER_ID}}',
source='{{TOKEN_FROM_STEP_1}}'
)payment_method = stripe.PaymentMethod.attach(
'{{PAYMENT_METHOD_ID}}',
customer='{{CUSTOMER_ID}}'
)Before
After
$card = \Stripe\Customer::createSource(
'{{CUSTOMER_ID}}',
[
'source' => '{{TOKEN_FROM_STEP_1}}',
]
);$payment_method = \Stripe\PaymentMethod::retrieve('{{PAYMENT_METHOD_ID}}');
$payment_method->attach(['customer' => '{{CUSTOMER_ID}}']);Before
After
Customer customer = Customer.retrieve("{{CUSTOMER_ID}}");
Map<String, Object> params = new HashMap<String, Object>();
params.put("source", "{{TOKEN_FROM_STEP_1}}");
customer.getSources().create(params);PaymentMethod paymentMethod = PaymentMethod.retrieve("{{PAYMENT_METHOD_ID}}");
Map<String, Object> params = new HashMap<String, Object>();
params.put("customer", "{{CUSTOMER_ID}}");
paymentMethod.attach(params);Before
After
stripe.customers.createSource(
'{{CUSTOMER_ID}}',
{source: '{{TOKEN_FROM_STEP_1}}',},
function(err, card) {
// asynchronously called
}
);stripe.paymentMethods.attach(
'{{PAYMENT_METHOD_ID}}',
{customer: '{{CUSTOMER_ID}}'},
function(err, paymentMethod) {
// asynchronously called
}
);Before
After
params := &stripe.CardParams{
Customer: stripe.String("{{CUSTOMER_ID}}"),
Token: stripe.String("{{TOKEN_FROM_STEP_1}}"),
}
c, err := card.New(params)params := &stripe.PaymentMethodAttachParams{
Customer: "{{CUSTOMER_ID}}",
}
p, err := paymentmethod.Attach("{{PAYMENT_METHOD_ID}}", params)Before
After
var options = new CardCreateOptions
{
SourceToken = "{{TOKEN_FROM_STEP_1}}"
};
var service = new CardService();
var card = service.Create("{{CUSTOMER_ID}}", options);var service = new PaymentMethodService();
var options = new PaymentMethodAttachOptions
{
CustomerId = "{{CUSTOMER_ID}}",
};
var paymentMethod = service.Attach("{{PAYMENT_METHOD_ID}}", options);When paying with a previously saved payment method, you must specify both the ID of the Customer and the ID of the previously saved Card, Source, or PaymentMethod. Previously, the default source on the customer is used if one was not provided. You must now explicitly pass in the desired payment method.
If the customer is off-sessionA payment is described as off-session if it occurs without the direct involvement of the customer, using previously-collected payment information., you must flag the payment as an off-session payment. See Charging Saved Cards for more information.
Access saved payment methods
To display the customer’s previously saved Cards, Sources, and PaymentMethods, list the payment methods instead of reading the sources property of the customer object. This is required because new PaymentMethods added to a customer will not be duplicated in the sources property of the customer object.
Before
After
customer.sourcescurl "https://api.stripe.com/v1/payment_methods?customer={{CUSTOMER_ID}}&type=card" \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc:
Before
After
customer.sourcesStripe::PaymentMethod.list({
type: 'card',
customer: '{{CUSTOMER_ID}}',
})Before
After
customer.sourcesstripe.PaymentMethod.list(
customer='{{CUSTOMER_ID}}',
type='card'
)Before
After
customer->sources\Stripe\PaymentMethod::all(['customer' => '{{CUSTOMER_ID}}', 'type' => 'card']);Before
After
customer.sourcesMap<String, Object> params = new HashMap<String, Object>();
paymentmethodParams.put("customer", "{{CUSTOMER_ID}}");
paymentmethodParams.put("type", "card");
PaymentMethod.list(params);
Before
After
customer.sourcesconst paymentMethods = await stripe.paymentMethods.list(
{ customer: '{{CUSTOMER_ID}}', type: 'card' }
);
Before
After
customer.sourcesparams := &stripe.PaymentMethodListParams{
Customer: stripe.String("{{CUSTOMER_ID}}"),
Type: stripe.String(string(stripe.PaymentMethodTypeCard)),
}
i := paymentmethod.List(params)
for i.Next() {
p := i.PaymentMethod()
}
Before
After
customer.Sourcesvar service = new PaymentMethodService();
var options = new PaymentMethodListOptions
{
CustomerId = "{{CUSTOMER_ID}}",
Limit = 3,
Type = "card"
};
var paymentMethods = service.List(options);
Test the integration
It’s important to thoroughly test your integration to make sure you’re correctly handling cards that require additional authentication and cards that don’t. Use these card numbers in test mode with any expiration date in the future and any three digit CVC code to validate your integration when authentication is required and when it’s not required.
| Number | Authentication | Description |
|---|---|---|
| 4000002500003155 | Required on setup or first transaction | This test card requires authentication for one-time payments. However, if you set up this card using the Setup Intents API and use the saved card for subsequent payments, no further authentication is needed. |
| 4000002760003184 | Required | This test card requires authentication on all transactions. |
| 4000008260003178 | Required |
This test card requires authentication, but payments will be declined with an insufficient_funds failure code after successful authentication.
|
| 4000000000003055 | Supported | This test card supports authentication via 3D Secure 2, but does not require it. Payments using this card do not require additional authentication in test mode unless your test mode Radar rules request authentication. |
Use these cards in your application or the payments demo to see the different behavior.
Next steps
Now you have all the information you need to begin migrating an existing Stripe integration to the Payment Intents API with manual confirmation. To learn more, continue reading: