So I’ve been playing around with the Stripe integration and keep running into problems. And because this is a black box component, there doesn’t seem to be much one can do about it. Please let me know if your experience is different or have work arounds:
Every time you create a charge, a new customer is created in Stripe. Neither the Adalo component nor Stripe seem to check if email address has already been used and it adds a new customer each time (so you end up with multiple customers all with the same email address)
Stripe is not auto sending a receipt, even though the Adalo component includes the customer email address
If you add the Connect account ID to the component, the customers are not being associated with the Connect account in Stripe
As previously posted, there’s no way to capture the response code so you can’t create an audit log/ledger in Adalo. In addition, because Adalo component is creating a new customer in Stripe each time, when using Stripe webhooks (and Integromat) to try to get a notification when a charge has been sent, I can’t associate the response with a customer in Adalo (because there’s no way to know what the customer ID is).
Finally, there’s no ACH payment option, even though the Adalo documentation says there should be.
So I think I need to create the entire Stripe integration manually. But I don’t know how to pass credit card information securely (and it certainly wouldn’t be PCI compliant).
Anyone have any thoughts? Anyone use Adalo and Stripe connect successfully? Would love to hear how you did it!
The Stripe components isn’t a black box. Anything that runs on your browser is essentially open source, maybe obfuscated, but open. Unless it is webassembly.
PCI compliance is easy. When you post the request to the payment processor, use https (which Stripe won’t let you do otherwise). Don’t save the cc number in your adalo database. Keep all transaction details in strip. Save transaction ID and success fail as only fields in adalo. Nothing else.
Have you integrated Stripe with Adalo? If so, do you do it with the premade component or manually? Would it be better to use Integromat for all API calls or just keep it all in Adalo?
Would love to know if you can share any tips and lessons learned if you’ve done it, before I embark on this endeavor…
I did a stripe integration in my own project as a “get to know Adalo more” implementation, not for a client or released app.
Any payment integration I have assisted on has always been manual, that is my recommended route. External request → Processor → Integromat → Adalo API → Back to interface. That is my suggested path. I know Adalo is currently working on better Stripe components to improve this, but for now manual is the way to go.
As you know, I get to play with the dark arts of component making and improved payment systems have been something I have been working with. I have my ID extractor that lets me get the actual ID needed for API calls and my axios interceptor that lets me get response codes from calls, and using Deep Linking I can redirect the user back to a payment success and payment rejected page in my app or webapp (not pwa).
This is all fun experimental work that I was working on hardening for the limelight.
For the time being, payment should just be integrated manually with Integromat and API calls.
BTW, let me know if you want a tester for your payment component at the right time. My use case is a doozy (uses Connect, payment links (maybe), subscription billing (although trying to avoid having to use that), ACH and card payments, and more, all via APIs). Fun!
Out of curiosity, are you going with Stripe because Adalo has a Stripe component, or are you going with Stripe because you want to use Stripe? Not that there is anything wrong with Stripe, just curious
Stripe because originally I was trying to use the Stripe component, but also because it’s the gold standard for payments processing. It also includes a cute dashboard for my customers (which are setup as Connect Express type).
But I casually looked at others like Dwolla. Either way, the platform needs to be able to support “marketplace”/Connect type payments, where payments are collected from one party and paid directly to another party, and I take a fee. I can’t take payments directly as it’s not (my) revenue.
If you have a suggestion for a Stripe alternative, I’m all ears!
@TKOTC Just follow up on this, this is what Stripe has to say regarding direct passing of credit card via API i.e. it’s not a good idea and we should be using the Stripe.js code. Given we can’t answer most of the PCI compliance questions because it’s Adalo’s platform and their security, the only way to implement Stripe in a correct manner is to implement custom checkout components, I believe:
We strongly discourage passing card information directly to Stripe’s API as it means your integration is directly handling card information. Even if you do not store any payment information, we can only help simplify PCI compliance if you’ve integrated with Checkout, Elements, or our mobile SDKs.
If you continue to send card details directly to our API, you’ll be required to upload your SAQ D annually to prove your business is PCI compliant. SAQ D is the most onerous of all the SAQs, with over 40 pages of requirements you must implement to remain PCI compliant. We highly recommend you migrate to client-side tokenization of card information to substantially reduce the scope of your PCI compliance.
In addition to the significant PCI burden that this method places on you, it is not supported by Radar, our fraud prevention toolset. Radar’s functionality (for example, risk evaluation, rules, and so on) is only available when using any of our methods of client-side tokenization.