Hephaestus Hephaestus - 1 year ago 138
reST (reStructuredText) Question

Stripe: OAuth Flow Automation? Webhook Timeliness?

Having waited a week for an answer this question -- and being generally fed up with the poor quality of Brand X's documentation and support -- I'm re-casting that question here in terms of Stripe.

The use case:

There's a web service S that takes a bunch of user input via a REST API, and uses that input to generate, for a fee, some answer that it returns via the API. As a concrete but fictional example, you could think of the input as being the user's natal information, and the output being a horoscope for the user.

S is just a computation engine with an API; it doesn't offer a user interface. The presentation interfaces for human users are provided by channel-partner websites Pi, each with its own look and feel, and its own financial arrangements with its customers. A Pi may charge its customers a monthly membership fee, or it may pass charges for third party services like S through to users, but S neither knows nor care about the details of those arrangements.

Each Pi pays, on behalf one of its customers C, the fee for the service that S provides to C when C requests the service. For its part, S will not return an answer for a particular instance of use until the fee for that instance has verifiably been paid by the Pi.

The questions:

In several respects, there seems to be a fairly direct analogy between this use case and a case in which a driver (the service provider S) works for two or more ride-sharing companies (the channel partners Pi). Each partner platform presents a unique look and feel to its customers, but offers the same underlying service, and pays its service provider(s) after taking its cut for each instance of use of the service.

However, there are a couple of notable differences, each of which leads to a separate sub-question.

First, Stripe's OAuth Flow for connecting to a service provider's standalone account assumes that there is a human user in the loop who will interact with web pages to authorize the connection.

Q1. Does Stripe offer a well-defined, stable REST API that allows a chunk of code on S to reliably act in the role of the presumed human user to authorize the account connection?

Second, the web service S requires proof-of-payment from the channel partner site before returning its answer to the end customer -- or, in terms of the analogy, before letting the passenger out of the car! :-). I understand that S can set up a webhook to notify it of events that occur in/on its Stripe account (including, explicitly, "a charge being captured"), but:

Q2. How much time lag (if any) might I expect between deposit of the payment into S's Stripe account and delivery of the webhook?

S can tolerate a small amount of delay in the delivery of the webhook, but obviously, the less the better. If the webhook is delivered synchronously as part of the deposit flow, that would be ideal -- for me, anyway :-) -- but if it goes into a queue to be delivered later, delays of more than a few minutes could be problematic.

Hope y'all Stripe users can do better by me than Brand X's "community" did...

Answer Source

Q1 - Perhaps I've misunderstood this question?

But-- if you're wondering if you can execute the OAuth flow on behalf of the user and authorize them without them having to do something; then "no". That would somewhat defeat the purpose of the whole flow.

Q2 - There is no guaranteed delivery timeframe for webhooks. They're processed by a number of workers and their output is dependent on the volume of events they're processing at any given time. Stripe tries to ensure they're out in under a minute or two, but that isn't something Stripe promises will always happen.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download