Ad

Undefined Parameters Adding A Card With Laravel-cartalyst

- 1 answer

I'm using Laravel 5.8 and laravel-cartalyst to make the link with stripe.

Doing this code, it's working :

$customer = $stripe->customers()->create([
                'name' => $caserne->billing_name,
                'email' => $caserne->billing_email,
            ]);

$caserne->billing_id = $customer['id'];

But adding a stripe card to this user, I've got error : Received unknown parameters: number, exp_month, cvc, exp_year

$card = $stripe->cards()->create($caserne->billing_id, [
                'number'    => str_replace(' ', '', $request->billing_card),
                'exp_month' => (int)explode('/', $request->billing_exp)[0],
                'cvc'       => (int)$request->billing_cvc,
                'exp_year'  => (int)explode('/', $request->billing_exp)[1],
            ]);

I've checked all the parameters in log, and they are all set. The first parameter number is a string and all others are numbers.

Ad

Answer

Stripe strongly discourages you from directly processing card data like this.

In order to directly process card data, you'll need to:

  1. Enable this in the settings at https://dashboard.stripe.com/account/integration/settings. You'll note it states "We strongly discourage passing card information directly to Stripe’s API, as it means your integration is directly handling sensitive card information." when you do so.
  2. Complete the SAQ D process to become PCI compliant. Details at https://stripe.com/docs/security#pci-dss-guidelines.

    If you continue to send card details directly to our API, you’ll be required to upload your SAQ D annually to prove your business is PCI compliant. SAQ D is the most onerous of all the SAQs, with over 40 pages of requirements you must implement to remain PCI compliant.

  3. Create a Source with the card details the user has submitted.

Or, you can do the safer, easier, recommended way, and use Stripe's Stripe.js to handle the card data on the client-side safely (via a process called tokenization), without that data ever making it to your server, saving you all the work of PCI compliance.

Ad
source: stackoverflow.com
Ad