iOS App Stripe Integration With PHP On Server Side

3
votes

I have the issue with Stripe Integration on iOS App.

According Stripe doc,

1) iOS app need to generate the token first and pass that token to php lib at own server

import UIKit
import Stripe

class ViewController: UIViewController, STPPaymentCardTextFieldDelegate {

    let paymentTextField = STPPaymentCardTextField()

    override func viewDidLoad() {
        super.viewDidLoad()

        Stripe.setDefaultPublishableKey("pk_test_xxxxxxxxxxxxxxxxxxxxx")

        // Do any additional setup after loading the view, typically from a nib.

        paymentTextField.frame = CGRectMake(15, 15, CGRectGetWidth(self.view.frame) - 30, 44)
        paymentTextField.delegate = self
        view.addSubview(paymentTextField)
    }

    override func didReceiveMemoryWarning() {
        super.didReceiveMemoryWarning()
        // Dispose of any resources that can be recreated.
    }

    @IBAction func save(sender: AnyObject) {
        if let card:STPCardParams = paymentTextField.cardParams {
            STPAPIClient.sharedClient().createTokenWithCard(card) { (token, error) -> Void in
                if let error = error  {
                    print(error)
                } else if let token = token {
                        self.createBackendChargeWithToken(token) { status in
                    }
                }
            }
        }
    }

    func createBackendChargeWithToken(token: STPToken, completion: PKPaymentAuthorizationStatus -> ()) {
        let url = NSURL(string: "http://localhost:7777/myproject/index.php/rest/stripe/submit")!
        let request = NSMutableURLRequest(URL: url)
        request.HTTPMethod = "POST"

        let body = "stripeToken=\(token.tokenId)"

        print(body)

        request.HTTPBody = body.dataUsingEncoding(NSUTF8StringEncoding)
        let configuration = NSURLSessionConfiguration.ephemeralSessionConfiguration()
        let session = NSURLSession(configuration: configuration)

        print(request)
        let task = session.dataTaskWithRequest(request) { (data, response, error) -> Void in
            if error != nil {
                completion(PKPaymentAuthorizationStatus.Failure)
                print("Fail to charge")
            }
            else {
                completion(PKPaymentAuthorizationStatus.Success)
                print("Successfully Charegd")
                print(PKPaymentAuthorizationStatus.Success)
            }
        }
        task.resume()
    }
}

2) php lib execute like this to Stripe API 


\Stripe\Stripe::setApiKey("sk_test_xxxxxxxxxxxxxxxxxxxxxxx");

if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

$token = $_POST['stripeToken'];

$charge = \Stripe\Charge::create(array(
                    "amount" => 5000, // amount in cents, so need to multiply with 100 .. $amount * 100
                    "currency" => "usd",
                    "source" => $token,
                    "description" => "Test Order From iOS"
                )); 
}

3) It is working fine and I can receive that Payment Transaction at Stripe Dashboard.

4) But when I switch to another stripe account(like client account), I need to change for Publishable Key(From Mobile App) and Secret Key(From Server Side) Right?

5) After changed new keys, Payment could not receive any more at Stripe Dashboard. Here is logs message from Stripe.

{error: {
type: "invalid_request_error"
message: "Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this  at https://stripe.com/blog/upgrading-tls."}
}

Error Status is 401

My Question is why app is not working when switch API(Publishable & Secret) Keys from another Stripe Account?

1
stripe-payments

1 Answers

0
votes

The answer is given in the message provided by the error object; your PHP (or some other layer in your stack) is not configured to make network requests over httpS with a high enough version of the protocol (it indicates a minimum version of 1.2, which is already quite old -- 1.0 was demonstrated to be breakable years ago) ... this would be very insecure so of course it is not allowed.

It is likely nothing to do with the Stripe accounts at all, but the stack (LAMP) configurations that changed.

or, if you are actually just changing the text on the exact same files baack and forth and getting this error only on one account, then there might be a difference in the state of the accounts; I remember a couple of weeks/months back there was a breaking update that I had to initiate through the dashboard.

Very possibly one account has performed this update, and the other has not; thus there are using different API versions with different security requirements