Stripe payment: params: error: type: invalid_request_error

Question

I am using Stripe payment gateway with ActiveMarchent, I have implemented the source code as below:

ActiveMerchant::Billing::Base.mode = :test
 ActiveMerchant::Billing::StripeGateway.new(:login => 'sk_test_...')

and I got the error below that I spent a lot of time looking for a solution, but invain I didn't find it:

params:
 error:
 type: invalid_request_error
 message: Sending credit card numbers directly to the Stripe API is generally unsafe.
 We suggest you use test tokens that map to the test card you are using, see
 https://stripe.com/docs/testing.

Thank you

Answer 1

Actually, Stripe has fixed this error. The actual culprit is Active Merchant. It is sending credit card number directly to stripe API. However, you can resolve this by simply enabling "Process payments unsafely" at https://dashboard.stripe.com/account/integration/settings under advanced options.

Answer 2

It seems your integrations is sending card numbers directly to the API. As the error message says, this isn't safe -- server-side code should always deal with tokens rather than raw card numbers.

In production, tokens are created client-side using Checkout or Elements. This can be inconvenient if you want to write automated tests, so you can use test tokens instead. Click on the "Tokens" tab to view the test tokens for each test card here.

I have no experience with ActiveMerchant bindings, but from taking a brief look at the source code, using tokens should be possible: https://github.com/activemerchant/active_merchant/blob/d27c34e9e0e714afbf03d5eacf2a8cb20dc5b3da/lib/active_merchant/billing/gateways/stripe.rb#L97. You should pass a token ID ("tok_...") rather than a card hash.