Table Of ContentPrepared exclusively for james shahan
Under Construction: The book you’re reading is still under
development. As part of our Beta book program, we’re releasing
ß this copy well before a normal book would be released. That
way you’re able to get this content a couple of months before
it’s available in finished form, and we’ll get feedback to make
the book even better. The idea is that everyone wins!
Be warned: The book has not had a full technical edit, so it will contain errors.
It has not been copyedited, so it will be full of typos, spelling mistakes, and the
occasional creative piece of grammar. And there’s been no effort spent doing
layout, so you’ll find bad page breaks, over-long code lines, incorrect hyphen-
ation, and all the other ugly things that you wouldn’t expect to see in a finished
book. It also doesn't have an index. We can’t be held liable if you use this book
to try to create a spiffy application and you somehow end up with a strangely
shaped farm implement instead. Despite all this, we think you’ll enjoy it!
Download Updates: Throughout this process you’ll be able to get updated
ebooks from your account at pragprog.com/my_account. When the book is com-
plete, you’ll get the final version (and subsequent updates) from the same ad-
dress.
Send us your feedback: In the meantime, we’d appreciate you sending us your
feedback on this book at pragprog.com/titles/nrwebpay/errata, or by using the links
at the bottom of each page.
Thank you for being part of the Pragmatic community!
Andy
Prepared exclusively for james shahan
Take My Money
Accepting Payments on the Web
Noel Rappin
The Pragmatic Bookshelf
Raleigh, North Carolina
Prepared exclusively for james shahan
Many of the designations used by manufacturers and sellers to distinguish their products
are claimed as trademarks. Where those designations appear in this book, and The Pragmatic
Programmers, LLC was aware of a trademark claim, the designations have been printed in
initial capital letters or in all capitals. The Pragmatic Starter Kit, The Pragmatic Programmer,
Pragmatic Programming, Pragmatic Bookshelf, PragProg and the linking g device are trade-
marks of The Pragmatic Programmers, LLC.
Every precaution was taken in the preparation of this book. However, the publisher assumes
no responsibility for errors or omissions, or for damages that may result from the use of
information (including program listings) contained herein.
Our Pragmatic books, screencasts, and audio books can help you and your team create
better software and have more fun. Visit us at https://pragprog.com.
For sales, volume licensing, and support, please contact [email protected].
For international rights, please contact [email protected].
Copyright © 2016 The Pragmatic Programmers, LLC.
All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted,
in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise,
without the prior consent of the publisher.
Printed in the United States of America.
ISBN-13: 978-1-68050-199-5
Encoded using the finest acid-free high-entropy binary digits.
Book version: B5.0—October 20, 2016
Prepared exclusively for james shahan
Disclaimer: This book is intended only as an
informative guide on setting up a financial
transaction website. Information in this book
is general, and the author, editors, and The
Pragmatic Programmers, LLC disclaim all lia-
bility for compliance to federal, state, and local
laws in connection with the use of this book.
This work is sold with the understanding that
the author, editors, and The Pragmatic Pro-
grammers, LLC do not offer legal, financial, or
other professional services. If professional
assistance is required, the services of a com-
petent professional person should be sought.
Prepared exclusively for james shahan
Prepared exclusively for james shahan
Contents
Change History . . . . . . . . . . . . ix
Preface . . . . . . . . . . . . . . xi
1. Not Taking Payments on the Web (Yet) . . . . . . 1
Understanding the Data Model 1
Building the Shopping Cart Feature 6
Unit Testing Our Logic 16
Next Up 19
2. Take the Money . . . . . . . . . . . . 21
What’s a Payment Gateway and Why Do I Need One? 22
Setting Up Our First Payment Gateway 23
Charging Cards with Server Authentication 27
Testing with the VCR Gem 39
Next Up 42
3. Client-Side Payment Authentication . . . . . . . 43
Setting Up Client-Side Stripe 43
Using the Token on the Server 49
Testing the JavaScript via Capybara 51
Next Up 54
4. PayPal . . . . . . . . . . . . . . 57
Setting Up a PayPal Account 57
Accepting PayPal Transactions 59
Handling the PayPal Callback 72
Developing PayPal Charges 74
Next Up 77
5. Failure Is Totally an Option . . . . . . . . . 79
Client-Side Validation 80
Prepared exclusively for james shahan
Contents • vi
Server-Side Failure 87
Testing for Failure 96
Running a Background Job 98
Notification 110
Next Up 114
6. Subscriptions . . . . . . . . . . . . 115
Creating Subscription Plans 116
Creating Subscription Customers 118
Purchasing a Subscription 120
Setting Up Webhooks 127
Supporting the Stripe Subscription Life Cycle 129
Next Up 137
7. The Administration Experience . . . . . . . . 139
Using Stripe’s Administration Dashboard 140
Setting Up Your Own Administrative Dashboard 144
Setting Up a Point of Purchase 148
Next Up 151
8. Administration Roles . . . . . . . . . . 153
Authentication and Roles 153
Issuing Refunds 161
Applying Discounts 173
Next Up 181
9. Administration and Data Security . . . . . . . 183
Breaking the Rules 183
Keeping Data Secure 187
Two-Factor Authorization 195
Simulating Users 205
Blocking Email 208
Next Up 209
10. Reporting . . . . . . . . . . . . . 211
Using ActiveAdmin Reporting 211
Rolling Your Own Data 213
Speeding Up Performance and Data Preparation 222
Next Up 234
Prepared exclusively for james shahan
Contents • vii
11. Adding Fees and Calculating Taxes . . . . . . . 235
Adding Non-Tax Fees 235
Calculating Taxes 253
Next Up 268
12. Third-Party Sales with Stripe Connect . . . . . . 269
Creating Affiliate Accounts 270
Transferring Payments to Affiliate Accounts 278
Validating Affiliates 284
Next Up 296
13. Going to Production . . . . . . . . . . 297
Going Live 297
Setting Up SSL/TLS Encryption 299
Running Automated Security Audits 300
Database Backups 302
Running Periodic Tasks 305
Compliance 307
The End 309
Bibliography . . . . . . . . . . . . 311
Prepared exclusively for james shahan
Change History
B5.0—20 October 2016
Added the fial chapter—Chapter 13, Going to Production, on page 297—and
fixed all reported errata.
B4.0—3 October 2016
Added another chapter, Chapter 12, Third-Party Sales with Stripe Connect,
on page 269, which explores how to manage third-party e-commerce transac-
tions.
B3.0—13 September 2016
Added Chapter 11, Adding Fees and Calculating Taxes, on page 235, which
looks at adding fees to the payment workflow and how do deal with third-
party tax information providers. Reported errata were fixed.
B2.0—30 August 2016
Added a new chapter, Chapter 10, Reporting, on page 211, which looks at
reporting features, and fixed the reported errata.
B1.0—17 August 2016
Initial beta release.
Prepared exclusively for james shahan report erratum • discuss
Description:Getting paid using Stripe or PayPal is only the beginning of creating a fully-functional e-commerce application. You also need to handle failure cases, inventory management, administration, security, reporting, and be compliant with legal issues. Manage one-time transactions and recurring subscripti
