Reputation: 1293
Stripe + Plaid + Flutter best practises
Which of these procedures are safer?
Directly obtain a stripe bank account token (generated from the client-side plaid client) and send that token to my server for processing
Or
Send the plaid account token (generated from the client-side plaid client) to my backend server and retrieve the stripe bank account token remotely?
The stripe documentation says I provides steps for the latter however the plaid-client flutter api (unofficial) provides a method to obtain the stripe bank account token directly.
Obtaining it directly would save server resources, however I would not do it at the expense of user security.
Upvotes: 0
Views: 740
Answers (1)
Reputation: 25622
You should never have a secret client-side since anyone could view it and make requests as if it was you.
You should be following Stripe's documentation here. You obtain a plaid token client-side first, then you send this to your server. There, you can securely use your secret to exchange this for a Stripe token, and then use Stripe's API to save the bank account on a Customer.
Upvotes: 2
Related Questions
- Accepting payments in Flutter Web
- how Do I Implement stripe payment functionality in flutter desktop app
- How to use Stripe metadata in Flutter?
- Integrating Stripe Payment in Flutter
- Staying PCI Compliant with Stripe in a Flutter app
- Flutter + firebase + stripe
- How to fix stripe payment in flutter
- Stripe implementation in flutter
- How to implement payments in a Flutter app?
- Flutter stripe SDK custom form