Isaac Isaac - 1 month ago 7
Java Question

Do I need my own server to use the Stripe API?

I want to implement payments in my app via Stripe. I'm reading their documentation and it keeps mentioning that i wll use my own server to charge someone after i retrieve a token from Stripe. (stripe documentation)

stripe documentation

Why do I need a server to charge my user why can't I just call the Stripe API methods to just charge - what am I doing special on my server? Is there any way to charge without creating my own server? Could firebase be sufficient?

Thanks

Answer

Let me expand what they're saying a bit with my interpretation:

With our mobile library, we shoulder the burden of PCI compliance by eliminating the need to send card data directly to your server. Instead, our libraries send the card data directly to our servers, where we can convert them to tokens.

What that means is that often one receives a credit card number and is expected to store it for later use (e.g., the client enters it into your account page so they can be charged monthly), but that makes you legally obligated to conform to PCI standards, which can be a headache. Stripe relieves you of this burden -- they'll store the credit card, and if you want to charge it later you can just give them the token they generated that represents that credit card.

Your app will receive the token back, and can then send the token to an endpoint on your server, where it can be used to process a payment, establish recurring billing, or merely saved for later use.

This is explained in a further section, https://stripe.com/docs/mobile/android#using-tokens

Using the payment token, however it was obtained, requires an API call from your server using your secret API key. (For security purposes, you should never embed your secret API key in your app.)

(This was mentioned by drhr.)

Since you need the secret key to make the API call it will need to be done from your own server, so you do need a server.

Note: I haven't used Stripe that I recall, I'm just trying to share my reading of the docs.

P.S. I think your second question is separate, but some popular and easy options for hosting a Java webapp are Heroku and AppEngine. For something like this however you might go with a Serverless approach e.g. using AWS Lambda https://aws.amazon.com/lambda (google has an equivalent in Alpha stage https://cloud.google.com/functions/)