i am build a stripe checkout for my ecommerce on my current project.
everything working good, but i have few question which is confuse me.
Yes, this is safe, since the Stripe's
token is a reference to their system and cannot be used or read by anyone else but your PHP script, using the private API key.
This token is created to ensure no credit card info ends on an unprotected server.
But as they say in their tutorial, you should enable HTTPS to protect the other transaction values of your customer.
They have a real effective tech support that you can reach on https://webchat.freenode.net/ using the
And about the thank you page... You could use a
$_session variable to prevent the access from users who didn't succeded a charge.