Add metadata to Stripe PaymentIntent object

Ask us anything
1

Hello everyone,

I am trying to set up Stripe integration to charge users if they purchase a plan. I have managed to get most things up and running and can receive Stripe Payment events (
payment_intent.succeeded) in my backend (Supabase) to take action like updating a user’s plan e.t.c

However, there is a small issue which is that the PaymentIntent object does not contain any details about the Price / Product e.t.c which I can use to identify the exact plan purchased by customer.

Of course, I can rely on the purchase amount and put some business logic but that would be a bit hacky and not maintainable incase of pricing changes at my end.

What I understand is that I need to pass on some metadata while creating the Payment Intent object (or update the Payment Intent object later with the metadata) But it looks like I can’t do this with the “Create Payment Intent” action on workflow. I could try to update the created Payment Intent object with Weweb REST API action but it requires passing on Stripe Secret key so it looks like a security risk.

Updating the Payment Intent object from the backend would be a bit cumbersome as all the purchase context lies in the frontend.

What is the recommended way to solve this issue?

PS: On the web, some people suggested retrieving the invoice associated with PaymentIntent and extract line items from there but it is empty in my case.

2

Hi @pravictor :wave:

Unfortunately, I’m not a big Stripe user so don’t have a solution in mind for you but perhaps @Quentin’s videos on how to use Stripe in a WeWeb app can help?

If not, let me know. He’s on holiday right now but I can ask for his advice when he gets back if needed :slight_smile:

3

Hi @Joyce ,

I have watched the videos but I am using a different method to integrate to Stripe (the one mentioned in Weweb documentation) so it did not help me resolve the question. Right now I have implemented a slightly hacky solution that works but has some limitations - I will wait for Quentin to get back for a response!

I had another question for him: The webhook used to receive Stripe (payment succeeded) events has no auth enabled on it and is publicly accessible - is it safe to keep it like that perpetually or is there any risk of DDOS attacks?

1 Like
4

Hi @Quentin

Hope you had a great holiday! Would you please look at this thread when you can and advise on the best practices around it?