Feature #202
Support Stripe continuous credit card authority for automated renewals by card
| Status: | In Progress | Start: | 2022-01-06 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
Background¶
For a very long time now BitFolk has only supported one-off card payments through Stripe, where the customer is redirected to a checkout JavaScript on Stripe's own site and no data is saved by BitFolk. This has meant that automated payments by card have not been possible (aside from through PayPal).
The above method is very simple and has the advantage of not storing any sensitive information in BitFolk's database/logs, but it's been frequently requested that BitFolk should support automated card payments. Since Direct Debit is only allowed with bank accounts denominated in GBP it's also meant that for those without a GBP bank account PayPal has been the only automated payment method.
It's always been possible to do things a different way, to create objects on Stripe's side with persistent information about customers and cards, to allow automated payments. It's just that it's a lot more complex.
There is also the simpler option of subscriptions which again can be set up entirely on Stripe's side with just the information given by the Customer to Stripe on initial setup of the subscription, but these are inflexible. They only allow a fixed charge per fixed time period, much the same as PayPal subscriptions. If we're going to put some effort in to this we may as well implement the more flexible method.
It is not intended to do away with the current one-off Stripe payment method as some customers may not wish to give BitFolk continuous authority.
How I think it's meant to work¶
As far as I understand it at present, the process is something like this:
- The customer clicks on a button on BitFolk's Panel that sends them to a checkout js on Stripe's site which takes card details and makes clear this is for a continuous authority
- Assuming that a card is successfully added, Stripe redirects back to a BitFolk success page that creates a Session
- A valid session has a SetupIntent and a PaymentMethod
- A Customer object is created if it doesn't exist already, or looked up if it does.
- The PaymentMethod is attached to the Customer object
- The details of the Stripe Customer object are also put in BitFolk's customer database
- See if there is a Stripe Customer object in BitFolk's database
- Check if it has a Payment Method attached to it
- Try to create a PaymentIntent with immediate confirm, against that PaymentMethod. The fact that it was created by means of a SetupIntent should allow it to be charged offline with no further interaction
- This will either succeed straight away or have some failure condition which can be ignored and looked into later by a human. Initially, like for Direct Debits, we'll only try to charge this on invoice creation
Limitations we'll probably accept for the initial implementation¶
A lot of these will not be acceptable long term. I'm sure other deficiencies will be found, too.- Only one set of card details will be stored
- Support ticket will be needed to delete the card so automated payments can be disabled or so that a new set of details can be added
- Will only try to charge once per invoice, at the time the invoice is created
- Customer's main email address will be suggested for Stripe payment receipts, but there's only one email address and it won't be able to be changed later, even if customer changes their main email address
- Minimum charge is likely to be something like £5.00 with excess being credited to account as for Direct Debit
- Initial implementation isn't going to support custom minimum payments, unlike Direct Debit does right now
Current situation¶
So far where I'm at is:- I've managed to write a hard-coded tool that tells me the URL on Stripe's side to look at to put my card details in, then uses the Session, SetupIntent and PaymentMethod created by that to create the Customer and attach the PaymentMethod to it.
- Over in the billing system I've written something that checks for a valid Customer with PaymentMethod, then uses that to create a PaymentIntent for immediate confirmation.
- Change the Panel so that any customer can supply their card details and get the necessary objects created
- Change BitFolk's real billing stuff to try to do the PaymentIntent if a Stripe Customer object is seen to exist
There is still a lot of testing to be done with BitFolk's own test accounts on Stripe's test network but soon some help will be appreciated from brave customers.
History
Updated by admin over 3 years ago
This obviously has work that fits under "Billing" as well as "Panel" — in fact I expect the UI bits to be harder — but let's just keep it all in this one feature request.
Updated by admin over 3 years ago
- Subject changed from Support Stripe continuous credit card aurthority for automated renewals by card to Support Stripe continuous credit card authority for automated renewals by card
Fixed typo in subject
Updated by admin over 3 years ago
- File stripe_setup_complete.png added
- File stripe_create1.png added
- File stripe_create2.png added
- Status changed from New to In Progress
I think the Panel side of things is pretty much done.
Button to redirect to Stripe to add a card¶
Stripe UI for adding a card for future (customer-not-present) use¶
Card details shown in BitFolk's Panel¶
(The card details are test cards)
Updated by admin over 3 years ago
I've pushed the changes to the panel live, so people can now store a card (which is not currently used for anything).
I've now got the billing code to charge the stored code when an invoice is created.
I now have to write the hooks part that responds to events from Stripe to tell BitFolk about problems that can happen later (late decline, etc).
Updated by admin over 3 years ago
- Ask Stripe about pre-filling card input form with email, name, post code. Did try pre-filling email but it results in an uneditable email field which customer may not desire.
- Do more testing of post code fail. Stripe seems to allow a card to be added even if the post code supplied is wrong. It does note the fail in the returned object, so it could be rejected on BitFolk's side and may be possible to set to reject on Stripe's side. As yet unclear if a charge on the card would fail. I think it would succeed but just come with an elevated risk score and a note in the API that the postal/zip check had failed.
It's on BitFolk to send email to customer confirming that a payment method has been added for future charging. The Stripe card input form and the page you get to it from are quite clear but it's always good to have a record of an email confirmation as well.
Updated by admin over 3 years ago
- Stripe sends a receipt email anyway, but add link to the receipt in BitFolk's invoice email
Updated by admin over 3 years ago
Emails are now sent to billing contacts and the card billing email when a card funding source is added.
Updated by admin almost 3 years ago
If card details have been saved then existing invoices should be payable using those. At the moment it asks for card details again if you choose to pay an existing invoice by Stripe.