Hacker News new | ask | show | jobs
by paraboul 1350 days ago
PaymentIntents and webhooks are required because of SCA (3d secure) and other type of payments flow (Apple pay, Google pay or just Stripe Checkout) where the user might be redirected to some external services leading to the capture being validated asynchronously.
2 comments
danenania 1350 days ago
Yes, to be fair to Stripe I think much of this is domain complexity that there are no easy answers for.
link
daveoc64 1350 days ago
I have used many other payment providers (in the UK) that deal with 3D Secure (and have done for decades), there's nothing about 3DS that requires things to be asynchronous.

I am currently involved in a project to add Stripe support to a product, and it's a lot more complicated to set up a simple payment than other APIs on the market.

From everything I'd heard about Stripe, I thought the API would be really simple, but it's not.

link
fcsp 1350 days ago
When I had to integrate the new intents APIs back when SCA launched it seemed pretty clear to me that they tried to come up with an API that covers many use cases (relatively) uniformly but therefore coming at the cost of a huge complexity boost over ther initial "charge a credit card" experience, which, combined with hugely lacking docs on some corner cases we encountered, seemed like a pretty poor decision to me based on what made them useful in the first place when they launched. As things stand I would look elsewhere now for integrating payments
link
paraboul 1350 days ago
I'm not an expert dealing with PSP, but situations where a payment is validated through a "return to merchant URL" is risky and could lead to payment being captured without the merchant being notified.

Stripe abstracts away all the complexity having to deal with dozens of payments methods behind this single PaymentIntent API, which let you query the status of a payment at anytime (and webhooks are just a way to listen for updates in realtime).

link
daveoc64 1350 days ago
> I'm not an expert dealing with PSP, but situations where a payment is validated through a "return to merchant URL" is risky and could lead to payment being captured without the merchant being notified.

There are ways to deal with that - a very simple one is a "mop up" process, as suggested by the GOV.UK Pay Service:

https://docs.payments.service.gov.uk/integrate_with_govuk_pa...

link
paraboul 1350 days ago
But then how is this simpler or better than listening for webhooks (push)? Also, PaymentIntent allows you to query its state (pull) as described in your link.
link