SI: Stripe Payment Credit Card Gateway "invalid_request_error" using card numbers directly in API calls - Not Using Tokens #485
Labels
Requires Triage
Someone needs to reproduce this issue.
Comments
WillStrohl
added
bug
Requires Triage
WillStrohl
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sponsorship
If this request requires additional support (e.g., such as direct email/phone/meeting/development), I have the following interest in helping to sponsor the effort via GitHub Sponsors:
Describe the bug
Credit Cards numbers not tokenized (or do I mean encrypted?) using Stripe Payment Gateway
Software Versions
To Reproduce
Steps to reproduce the behavior:
Payment Methods>Credit Cards> Gateway "Stripe"
In Sandbox using API and Public Keys
Submit any payment in any amount. Nothing appears to occur on public site.
Expected behavior
Site should send credit card payment to Stripe Gateway and return to store with approved payment
Actual behavior
Nothing appears to occur, however the Stripe Gateway sandbox records an error I presume that the credit card information is not properly encrypted or otherwise obfuscated for use.
Screenshots
NA
Error log
Note: Debug DLL's
Please replace the current extension DLL's with the debug DLL's (if these are available with the release) and reproduce the error with the debug DLL's before pasting the error log.
STRIPE ERROR LOG
ID
req_aeCbRcu1sGNf7v
Time
12/8/23, 5:01:38 PM
IP address
(my IP address here)
API version
2022-11-15
Source
Stripe/v1 .NetBindings/41.2.0
Idempotency
Key — b0024065-876a-4941-a903-b477228208f9
invalid_request_error
Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing.
REQUEST
{
"type": "card",
"card": {
"number": "*********4242",
"exp_month": "12",
"cvc": "",
"exp_year": "2028"
}
}
RESPONSE
{
"error": {
"message": "Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable raw card data APIs in test mode, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.",
"request_log_url": "https://dashboard.stripe.com/test/logs/req_UAhzJcybLWdzR5?t=1702072924",
"type": "invalid_request_error"
}
}
Additional context
If I was smarter/more experienced I would attempt to fix this. Are there any suggestions on a method/path/tutorial to encrypt credit card data? Can I use an existing processor to view this in action?
The text was updated successfully, but these errors were encountered: