Marko
Reputation: 405
Is it PCI compliant to create PaymentIntent directly from my Flutter app?
I have tried different ways to handle payment via no webhook flow, but the only solution is to call stripe API directly from my dart code as follows:
var response = await http.post(
Uri.parse('https://api.stripe.com/v1/payment_intents'),
body: {
'amount': _calculateAmount(amount),
'currency': currency,
'payment_method_types[]': 'card',
'description': description,
'receipt_email': email,
},
headers: {
'Authorization': 'Bearer ${AppConfig.instance.stripeSecretKey}',
'Content-Type': 'application/x-www-form-urlencoded'
},
);
is my code still PCI compliant and properly secured to use in production?
Upvotes: 0
Views: 258
Answers (1)
orakaro
Reputation: 1981
Your code is still PCI compliant, but not secure. Secret key must be stored securely in your web or mobile app’s server-side code (such as in an environment variable or credential management system). Calling from Dart means you are exposing your credential to the whole world. It's explained in Stripe Doc
Upvotes: 2
Related Questions
- Accepting payments in Flutter Web
- how Do I Implement stripe payment functionality in flutter desktop app
- Integrating Paypal payments in Flutter app
- flutter and stripe (setupIntents)
- Integrating Stripe Payment in Flutter
- Staying PCI Compliant with Stripe in a Flutter app
- How to implement payments in a Flutter app?
- Flutter stripe SDK custom form
- PayPal integration in flutter
- Stripe SDK integration using swift and flutter