hey i have a question im using stripe and i want when a paym Supabase #help

hey i have a question im using stripe and i want ...

Ape R Us

06/10/2022, 3:00 AM

hey i have a question im using stripe and i want when a payment is successful that it would then send data to the supabase data base but im doing that part on the client. like if(!error) { supbase function() } is there any negative implications for that?

Needle

06/10/2022, 3:00 AM

Hello @Ape R Us! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

garyaustin

06/10/2022, 3:32 AM

Sort of unclear what data you are thinking. But any call made on the client can have fake data. Maybe provide more info, but certainly if it is order info, payment info, confirmation of a purchase, etc. then it is not reliable to pass that thru the client.

Ape R Us

06/10/2022, 3:50 AM

so when they person enters their credit card information and submit it calls this function that sends the amount and email to the endpoint to get the stripe code when it comes back it tells me if the payemnt was successful or not. if it is successful, i want to call the addDonor() which is in the next photo

Ape R Us

06/10/2022, 3:51 AM

and the information going to supabase should just show all the successful transactions.

Ape R Us

06/10/2022, 3:51 AM

i just want to make sure that someone cant just sent data without paying

Scott P

06/10/2022, 3:56 AM

Don't do this on the client, use webhooks on a server instead to call your database. Make sure you have insert, update and delete RLS policies set to false, and use your admin/server supabase key to add the record from the server (since it will be able to bypass RLS). Since

insert()

will tell users what fields are missing data, and your public key isn't secret, it will be extremely easy for any authenticated user to simply add an insert record from the client, making any sort of reliable audit trail impossible to maintain.

Ape R Us

06/10/2022, 3:59 AM

so i have this but how will this receive the values to add to the database? the only thing being sent to stripe is the amount, name and email but the table would require more information

Ape R Us

06/10/2022, 4:00 AM

@Scott P

Scott P

06/10/2022, 4:01 AM

A webhook is just a URL which points towards a script. When a payment from Stripe succeeds, it will send the details of the payment (e.g. failure/success, amount, transaction id's, etc) to the webhook URL you setup in your Stripe dashboard.

Scott P

06/10/2022, 4:07 AM

With certain Stripe workflows such as stripe checkout, you can pass through an ID when creating a customer:

Copy code

js
await stripe.customers.create({
  metadata: {
    user_id: your_supabase_user_id,
  },
});

The Stripe docs are the best way to figure out how best to proceed depending on your specific use case. The main point is that when dealing with anything related to payments, even if you're using something like Stripe to handle the payment processing, the client shouldn't be where you handle updating the database to say a user has paid - it should always go through a backend server where the user can't mess with the data or (easily) send fake requests

Ape R Us

06/10/2022, 4:08 AM

i understand. so basically do everything via backend then as much as possible

Previous Next