How to save credit card information and use it for future purchases with Django and Stripe?
Question:
I am creating an e-commerce with Django. During the user registration, I would like to get the user’s credit card information so that, in the future, when the user tries to buy something, he/she does not have to insert his/her credit card information again.
Currently, I am having problems dealing with Stripe (creating this form to get the credit card info and then processing payment with the stored info both in Django and Stripe).
Based on the Stripe documentation, I understood that I should save a user’s customer id in my Django database, and then, in the future, I will use this customer id to retrieve this user’s info from stripe. However, I am very confused about this process:
- 1) Get card information.
- 2) Save card information (customer id in
Django and create customer in Stripe)
- 3) Use the saved information
for future purchases.
This is my checkout view in Django:
def checkout_two(request):
if request.method == "POST":
# Creating a Customer in the stripe platform.
customer = stripe.Customer.create(
# How to create such form to get the info below?
source=request.POST['stripeToken'], # How to get token?
# email="[email protected]", # How to get email?
)
# Charging the Customer instead of the card:
# charge = stripe.Charge.create(
# amount=1000,
# currency='usd',
# customer=customer.id,
# )
# YOUR CODE: Save the customer ID and other info in a database for later.
obj = Customer.objects.create(customer_id=customer.id)
# When it's time to charge the customer again, retrieve the customer ID.
# charge = stripe.Charge.create(
# amount=1500, # $15.00 this time
# currency='usd',
# customer=obj.id, # Previously stored, then retrieved
# )
return render(request, "payments/checkout_two.html", {"customer_id":obj.id})
else:
context = {"stripe_publishable_key":STRIPE_PUBLISHABLE_KEY}
return render(request, "payments/checkout_two.html", context)
Answers:
First thing is you should almost never save credit card info in your database.
I would first read up on PCI and different industry standards that have been set.
- Reference: Credit Card Number Storage and PCI
- Specifically from the article: "In most cases, credit card information shouldn’t be stored in the database at any time. Storing this information is not only a liability for security reasons, but it results in more compliance actions that need to be taken to be PCI-compliant. Credit card information is stored by the credit card provider you integrate with (Paypal, DataCash, DIBS, etc), which are required to be PCI-compliant. (Gray, 2013)"
Then Look into a community pushed third-party that follows best practices.
- Here is dj-stripe
A youtube tutorial for django and stripe:
My recommendation, especially for credit card information is: DO NOT recreate the wheel.
OP will want to setup Stripe’s future payments. The documentation has Python examples which are relatively easy to translate into Django. I’d also like to bring attention to this YouTube video which goes through that process in a more visual way.
As it may be relevant for some users, will leave this page on how to quickstart a development environment in Python.
To address OP’s questions
- Get card information.
That’s explained in the link I shared under "Create a Checkout Session". If OP wants something more custom and don’t mind the extra work, then go with Stripe Elements.
- Save card information (customer id in Django and create customer in Stripe)
OP doesn’t want to save card information, only the customer ID. According to the API docs,
You can safely assume object IDs we generate will never exceed 255 characters, but you should be able to handle IDs of up to that length
This means one can create a field to store the stripe customer ID and use it next time. It’s safe to store that in the database, as explained here. So, something like this will work
customer_id = models.CharField(max_length=255, blank=True, null=True)
- Use the saved information for future purchases.
That is done by setting up an intent. Both the docs and the video show that.
I am creating an e-commerce with Django. During the user registration, I would like to get the user’s credit card information so that, in the future, when the user tries to buy something, he/she does not have to insert his/her credit card information again.
Currently, I am having problems dealing with Stripe (creating this form to get the credit card info and then processing payment with the stored info both in Django and Stripe).
Based on the Stripe documentation, I understood that I should save a user’s customer id in my Django database, and then, in the future, I will use this customer id to retrieve this user’s info from stripe. However, I am very confused about this process:
- 1) Get card information.
- 2) Save card information (customer id in
Django and create customer in Stripe) - 3) Use the saved information
for future purchases.
This is my checkout view in Django:
def checkout_two(request):
if request.method == "POST":
# Creating a Customer in the stripe platform.
customer = stripe.Customer.create(
# How to create such form to get the info below?
source=request.POST['stripeToken'], # How to get token?
# email="[email protected]", # How to get email?
)
# Charging the Customer instead of the card:
# charge = stripe.Charge.create(
# amount=1000,
# currency='usd',
# customer=customer.id,
# )
# YOUR CODE: Save the customer ID and other info in a database for later.
obj = Customer.objects.create(customer_id=customer.id)
# When it's time to charge the customer again, retrieve the customer ID.
# charge = stripe.Charge.create(
# amount=1500, # $15.00 this time
# currency='usd',
# customer=obj.id, # Previously stored, then retrieved
# )
return render(request, "payments/checkout_two.html", {"customer_id":obj.id})
else:
context = {"stripe_publishable_key":STRIPE_PUBLISHABLE_KEY}
return render(request, "payments/checkout_two.html", context)
First thing is you should almost never save credit card info in your database.
I would first read up on PCI and different industry standards that have been set.
- Reference: Credit Card Number Storage and PCI
- Specifically from the article: "In most cases, credit card information shouldn’t be stored in the database at any time. Storing this information is not only a liability for security reasons, but it results in more compliance actions that need to be taken to be PCI-compliant. Credit card information is stored by the credit card provider you integrate with (Paypal, DataCash, DIBS, etc), which are required to be PCI-compliant. (Gray, 2013)"
Then Look into a community pushed third-party that follows best practices.
- Here is dj-stripe
A youtube tutorial for django and stripe:
My recommendation, especially for credit card information is: DO NOT recreate the wheel.
OP will want to setup Stripe’s future payments. The documentation has Python examples which are relatively easy to translate into Django. I’d also like to bring attention to this YouTube video which goes through that process in a more visual way.
As it may be relevant for some users, will leave this page on how to quickstart a development environment in Python.
To address OP’s questions
- Get card information.
That’s explained in the link I shared under "Create a Checkout Session". If OP wants something more custom and don’t mind the extra work, then go with Stripe Elements.
- Save card information (customer id in Django and create customer in Stripe)
OP doesn’t want to save card information, only the customer ID. According to the API docs,
You can safely assume object IDs we generate will never exceed 255 characters, but you should be able to handle IDs of up to that length
This means one can create a field to store the stripe customer ID and use it next time. It’s safe to store that in the database, as explained here. So, something like this will work
customer_id = models.CharField(max_length=255, blank=True, null=True)
- Use the saved information for future purchases.
That is done by setting up an intent. Both the docs and the video show that.