Adding the payment source
How to add a Stripe payment source to an order

Problem

You have a pending order with a selected payment method that is associated with a Stripe payment integration. You want to give your customer the possibility to select one of the payment sources available from that gateway — e.g. a credit card — and use it to process the payment.

Solution

To add a Stripe payment source to an order, you have to create a Stripe payment source object and associate it with the order, as described in the Checkout guide.

Example

1. Get the payment source type

Request
Response
The following request retrieves the attributes of the payment method associated with the order identified by the "qaMAhZkZvd" ID:
1
curl -g -X GET \
2
'http://yourdomain.commercelayer.io/api/orders/qaMAhZkZvd?include=payment_method' \
3
-H 'Authorization: Bearer your-access-token' \
4
-H 'Accept: application/vnd.api+json'
Copied!
On success, the API responds with a 200 OK status code, returning the requested order object and the associated payment method:
1
{
2
"data": {
3
"id": "qaMAhZkZvd",
4
"type": "orders",
5
"links": {
6
"self": "https://yourdomain.commercelayer.io/api/orders/qaMAhZkZvd"
7
},
8
"attributes": {...},
9
"relationships": {
10
"market": {
11
"links": {...}
12
},
13
"customer": {
14
"links": {...}
15
},
16
"shipping_address": {
17
"links": {...}
18
},
19
"billing_address": {
20
"links": {...}
21
},
22
"available_payment_methods": {
23
"links": {...}
24
},
25
"payment_method": {
26
"links": {
27
"self": "https://yourdomain.commercelayer.io/api/orders/qaMAhZkZvd/relationships/payment_method",
28
"related": "https://yourdomain.commercelayer.io/api/orders/qaMAhZkZvd/payment_method"
29
},
30
"data": {
31
"type": "payment_methods",
32
"id": "WmOodsVPmQ"
33
}
34
},
35
"payment_source": {
36
"links": {...}
37
},
38
"line_items": {
39
"links": {...}
40
},
41
"shipments": {
42
"links": {...}
43
}
44
},
45
"meta": {
46
"mode": "test"
47
}
48
},
49
"included": [
50
{
51
"id": "WmOodsVPmQ",
52
"type": "payment_methods",
53
"links": {...},
54
"attributes": {
55
"payment_source_type": "stripe_payments",
56
"name": "Stripe Payment",
57
"disabled_at": null,
58
"price_amount_cents": 0,
59
"price_amount_float": 0.0,
60
"formatted_price_amount": "€0,00",
61
"created_at": "2018-01-01T12:00:00.000Z",
62
"updated_at": "2018-01-01T12:00:00.000Z",
63
"reference": "",
64
"reference_origin": "",
65
"metadata": {}
66
},
67
"relationships": {
68
"market": {
69
"links": {...}
70
},
71
"payment_gateway": {
72
"links": {...}
73
}
74
},
75
"meta": {
76
"mode": "test"
77
}
78
}
79
]
80
}
Copied!

2. Create the payment source and associate it with the order

Request
Response
The following request creates a Stripe payment object and associates it with the order identified by the "qaMAhZkZvd" ID:
1
curl -g -X POST \
2
'http://yourdomain.commercelayer.io/api/stripe_payments' \
3
-H 'Accept: application/vnd.api+json' \
4
-H 'Authorization: Bearer your-access-token' \
5
-H 'Content-Type: application/vnd.api+json' \
6
-d '{
7
"data": {
8
"type": "stripe_payments",
9
"attributes": {},
10
"relationships": {
11
"order": {
12
"data": {
13
"type": "orders",
14
"id": "qaMAhZkZvd"
15
}
16
}
17
}
18
}
19
}'
Copied!
On success, the API responds with a 201 Created status code, returning the created Stripe payment object:
1
{
2
"data": {
3
"id": "eqRZMSaNqM",
4
"type": "stripe_payments",
5
"links": {
6
"self": "https://yourdomain.commercelayer.io/api/stripe_payments/eqRZMSaNqM"
7
},
8
"attributes": {
9
"client_secret": "xxxx_secret_yyyy",
10
"publishable_key": "xxxx_secret_yyyy",
11
"options": {},
12
"created_at": "2018-01-01T12:00:00.000Z",
13
"updated_at": "2018-01-01T12:00:00.000Z",
14
"reference": null,
15
"reference_origin": null,
16
"metadata": {}
17
},
18
"relationships": {
19
"order": {
20
"links": {...}
21
}
22
},
23
"meta": {
24
"mode": "test"
25
}
26
}
27
}
Copied!

Additional notes

Client secret generation

At the moment of the Stripe payment source creation, a PaymentIntent object is created on the server-side — see Stripe documentation for any reference. Its client_secret is returned in the related attribute of the response and can be used in your client to securely confirm the PaymentIntent object and complete the payment workflow.

Asynchronous authorization

Stripe payments are asynchronous. When a Commerce Layer's stripe_payment is created and associated with an order, Stripe immediately creates a payment intent using the current order's total_amount as the amount to be authorized. Since the payment's authorization is based on a webhook, depending on your checkout implementation, two scenarios may occur:
  1. 1.
    the order is placed before the authorization is created
  2. 2.
    the order is placed after the authorization is created

Authorization check on order placement

To prevent any issues in case of an attempt to place the order before the authorization is created by the Stripe webhook we introduced a control on order placement to check if the payment has been authorized. If not, we automatically refresh the payment source and try to force the authorization. In case, for any reason (e.g. the payment intent has not been confirmed client-side), the payment can't be authorized the order placement fails.

Payment source nullification

If a Stripe payment is authorized but the related order is not placed yet, the associated payment source cannot be changed. Anyway, if the order is placed after the authorization is created by the Stripe webhook there is a time interval where the order status is still pending and so the order is still editable (i.e. the customer can add or remove items from the cart, changing its amount). If this happens the order amount and the succeded authorization amount may differ, resulting in an error. To prevent that scenario previously created Stripe's payment sources are nullified in case of order edit/refresh (or if the payment method associated with the order is changed) and must be recreated. In this case, if the payment has already been authorized, the related authorization is voided and the order's payment status is set back from authorized to paid.
In view of this, make sure to set the payment source as the last step of your checkout implementation.
In some special cases (e.g. to give the user the possibility to change previously inserted credit card details) you may want to force the payment source nullification, even if the order has not been edited/refreshed and/or the related payment is already authorized. To do that, you can leverage the _nullify_payment_source attribute of the order and manually trigger the payment source nullification, along with the related authorization void (if any) and payment status reset.

More to read

See our documentation if you need more information on how to retrieve an order, include associations, create or update a Stripe payment. See our Checkout guide for more details on how to place an order.