Stripe Payments API : Charge card from the iOS App instead of using a server

4
votes

This is about Stripe Payments API "https://stripe.com/docs/mobile/ios"

I was wondering if anyone was able to charge a credit card using stripe API from the iOS App, instead of sending the stripeToken to a server.

A fellow developer was able to do it on the android version of our app by adding the stripe Java Client Library into his app. It looks like this on android/java

 Stripe.apiKey = "sk_test_apikey";

 Map<String, Object> chargeParams = new HashMap<String, Object>();
 chargeParams.put("amount", 400);
 chargeParams.put("currency", "usd");
 chargeParams.put("source", "tok_321jlkj54545B");
 chargeParams.put("description", "Charge for [email protected]");

 Charge.create(chargeParams);

I need the iOS equivalent of the above Android/Java code for Stripe Payments API. It could be a post http request or maybe there is already a method for that on the built in Stripe iOS Library.

I want to know if anyone was able to do it, or I really need to create a server to charge the credit card from the iOS App.

Thanks!

1
objective-cswiftstripe-payments
There are 3rd party tools that can handle the server-side stuff for you (basically they link your public key to your private key), stripe.com/docs/integrations would have some listedMatthew Arkin

1 Answers

6
votes

You should not do this. To create a charge you have to use your Secret API key. If your Secret API key reaches your application then someone can retrieve it on his end and then use it to make any API call on your behalf. This means they can create charges, refunds, transfers, etc.

You have to do this server-side and your iOS (or Android) application should never have your Secret API key.