4

I've researched everywhere and seems like React Native isn't really Stripe supported. I saw https://github.com/xcarpentier/react-native-stripe-api and https://github.com/lrettig/react-native-stripe , but the former is outdated, not supporting Stripe Connect, and latter is only iOS supported.

So the only one that was reliable and made sense was http://blog.bigbinary.com/2015/11/03/using-stripe-api-in-react-native-with-fetch.html .

Here it lays out what's needed to be fully PCI-compliant, https://stripe.com/docs/security

My question is, by following blog.bigbinary.com using fetch except hosting my secret key in the front-end, would I be fully PCI-compliant as if I was using Stripe.js? And how can I make sure to be using Transport Layer Security?

Anyone who has already fully integrated Stripe using React Native can chime in, would really appreciate any insight or guidance.

Will be accepting answer with upvote and thank you

  • You'll be using TLS assuming that you're using the https:// prefix before your fetches. – PaulBGD Oct 28 '16 at 23:38
  • The Stripe rules are generally aimed torward browsers, so you should be fine. – PaulBGD Oct 28 '16 at 23:39
  • @PaulBGD Sorry but could you clarify more on Stripe rules`? And this will be a mobile application in React Native and not web. –  Oct 29 '16 at 03:15
  • 2
    You never want to keep client secrets in app bundles - anyone can extract your client secret from the iOS or Android app, and then make API calls as you... Instead, have your app connect to your backend and get the secret key and store it in memory (not localstorage). If your key becomes compromised, you can revoke the old one and generate a new one, which again would live in your backend. That way you really only have one point of weakness on your backend, not thousands of apps containing your key in plaintext. – Zany Cadence Oct 29 '16 at 22:16
  • And looking at [stripe's documentation](https://stripe.com/docs/dashboard#api-keys), they have a key you can publish, but only to get tokens that can be used once to wrap a credit card. The main issue with Stripe's library is that it's meant to be run on NodeJS, and while React Native uses NodeJS tools like npm, it's not NodeJS and doesn't have core modules like http, crypto, etc... – Zany Cadence Oct 29 '16 at 22:19

1 Answers1

4

We've made wrapper around native Stripe SDK for both platforms here: https://github.com/tipsi/tipsi-stripe

It's also contains usage guide on RN side.

cybergrind
  • 734
  • 7
  • 12
  • does this work with Stripe Connect solution for Marketplaces? I didnt notice any parameters about DESTINATION or FEES in the api – Tope Nov 29 '17 at 04:31
  • It's a wrapper over native ios/android SDK. I don't think that string secret key inside mobile application is really PCI-compliant and even for example by stripe for connect (https://github.com/stripe/stripe-connect-rocketrides) you can see that they use it on backend side, this library is really only fronted solution – cybergrind Nov 30 '17 at 08:19