0

possible duplicate: Parse.com create stripe card token in cloud code (main.js)

In my application a person can ask another person for a Task(a bit like Uber). The person who requests the task is Client & person doing that task is called Doer. Client & Doer both can mark the task done. When a task is done then I want to deduct payment from Client's credit card into my bank account with the help of Stripe. My backend is managed with Parse so I want to take advantage of Cloud Code.

I've written my cloud code by following Parse's sample code ParseStore

Now I can generate token with credit card information(gathered on signup) on Client's side and then generate token for my transaction function on cloud. But If Doer completes the job then I'm not able to generate token on Doer's end because he/she will not have access to Client's credit card. My Question is, Can I generate this token with a CloudCode function too?

Community
  • 1
  • 1
Abid Hussain
  • 1,529
  • 1
  • 15
  • 33
  • I haven't done it before in this context, but this is where you preauthorise and then complete later (storing tokens only on the server in the mean time) – Wain Jan 20 '16 at 19:49
  • what's the validity of such generated token? The Task can be requested in 2 months future. – Abid Hussain Jan 20 '16 at 19:52
  • A token is only valid for 5 minutes, you can save the token to a customer and charge it whenever but there is no guarantee it will go through. (For example the card might get stolen or expire) – Matthew Arkin Jan 20 '16 at 22:07
  • So my only choice is to give Client's credit card information to Doer via cloud code? (BY using Parse.Cloud.useMasterKey()) I can read anything :P – Abid Hussain Jan 20 '16 at 23:16
  • you should never have access to the card data, that is not PCI compliant – Matthew Arkin Jan 21 '16 at 00:04

1 Answers1

0

Run an afterSave for Task on Cloud Code. If the Task is marked as complete, generate the token using the proper credit card (I'd recommend a pointer structure of Task -> Client -> Credit Card classes) and send it to Stripe. Don't forget to use Parse.Cloud.useMasterKey();

Will
  • 546
  • 5
  • 16
  • But problem is that this'll have to be done on CloudCode which is precisely my problem. Even in parse's tutorial they generate Token on client app & only do transaction on cloud. – Abid Hussain Jan 20 '16 at 23:15
  • I'm looking for the same thing you suggested but on ParseCloud rather then app. – Abid Hussain Jan 20 '16 at 23:17
  • https://stripe.com/docs/api/curl#create_card_token - You can make cURL requests using `Parse.Cloud.httpRequest` – Will Jan 20 '16 at 23:41
  • 1
    For PCI compliance you must generate a token on the client. You can save the token to a customer in your Stripe account, but you must never have access to the card data! – Matthew Arkin Jan 21 '16 at 00:05
  • On PCI compliance - http://stackoverflow.com/questions/29504239/can-i-store-a-cardid-from-stripe-on-parse-and-remain-pci-compliant. Also, @AbidHussain you wouldn't be giving the `Client`'s cc to `Doer`...this is never exposed as the entire process occurs on the backend. – Will Jan 21 '16 at 00:21