Handling #SCA (Strong Customer Authentication) with #Stripe and C#

Strong customer Authentication is where your bank (card issuer) will show a popup during your purchase to offer an added level of protection for the consumer, to make sure it really is you, and not someone who’s cloned your card details.

It’s also a massive headache for developers!

Massive disclaimer: This was my approach at fixing it, follow Stripe documentation unless you’re really stuck!

So, capturing a customer (cus_xxxx) token is unchanged, what changes when you try to subscribe that customer to a subscription, then it fails. Here I’m adding “allow_incomplete” to allow the subscription to return data even if the customer has SCA enabled.

const string strUrl = “https://api.stripe.com/v1/subscriptions”;
var postData = “customer=” + customerId;
postData += “&items[0][price]=” + priceReference;
postData += “&payment_behavior=allow_incomplete”; // NEW*SCA*

If we check the return value, and the status says incomplete then we have to jump through a few more hoops before we can get the money from the customer.

First, we get the latest_invoice value from the return, and call the stripe API “https://api.stripe.com/v1/invoices/<id here>” and from the response, we get the payment_intent id.

Then with the payment_intent id, we call the stripe API : “https://api.stripe.com/v1/payment_intents/<id here>” and get the client_secret

Now, we pass the client_secret back to our client side, and then we need to call the Stripe SDK, which is included as follows;

<script src=”https://js.stripe.com/v3/”></script> <!– SCA –>

Then it’s initialized as follows; (I’m using JQuery here)

$(init);
var stripe = {};
function init() {
stripe = Stripe(“pk_test_xxxxxxxxxxx”); // SCA
}

Then once we get the client_secret back somehow; we call the javascript

stripe
.confirmCardPayment(data)
.then(function (result) {
// Handle result.error or result.paymentIntent
console.log(result);
alert(“SCA OK!”);
});

And it works in test anyway! – let me know if you spot any glaring issues.

Leave a Reply

Your email address will not be published.