How do you usually process credit cards in your web applications? There are obviously lots of options available and each has pros and cons. One that I am really starting to like though is Stripe. It has great client libraries, makes PCI compliance really easy and is incredibly easy to use! So, I decided to build a Grails plugin for Stripe! The purpose of this post is to introduce people to the plugin and hopefully get feedback on it before releasing a “1.0 Final” version. I am NOT affiliated with Stripe Inc, I just like it, ha! Let’s dive in!
First, you will need a sample Grails 2.0 application. You could certainly use Grails 1.3.7 too as there’s nothing limiting the plugin to 2.0, but it does require the resources plugin and I just figure most new Grails apps will be 2.0.
grails create-app stripesample
cd stripesample
grails install-plugin stripe
grails create-controller checkout
We will need to set two configuration items in Config.groovy. Before we can add these though, we need to register for a Stripe account. So, head on over to Stripe and create your account. Once you’re logged in, click on the top-right link for Your Account and then Account Settings. This will pop open a box where you can find your API Keys. Stripe provides each account with separate publishable and secret keys for testing and live. We only care about the testing ones for now. Let’s add these two values to our sample application’s config file:
stripesample/grails-app/Config.groovy
grails.plugins.stripe.secretKey = 'YOUR_TEST_SECRET_KEY'
grails.plugins.stripe.publishableKey = 'YOUR_TEST_PUBLISHABLE_KEY'
You will obviously want to put these config values in the appropriate environment in Config.groovy. The plugin takes care of setting the secret key for you in the Stripe abstract class and the publishable key will be set from our JavaScript which we’ll cover in a bit.
Next we need to include the JavaScript library provided by Stripe. The plugin exposes this library as a standard resource module called stripe. So, you need to include this in your resource modules declaration. Make sure you use modules (plural) if you have more than one as opposed to module (singular).
<r:require modules="application, stripe"/>
or
<r:require module="stripe"/>
The way Stripe works is that it uses JavaScript to capture the credit card details and creates a token. So, the credit card details never actually hit the server which makes it really easy to be PCI compliant. The JavaScript then creates a hidden field on the form with the token as the value and submits the form to the server. Once on the server, we will use Groovy to capture the amount from the form, the token and create a Stripe Charge. Piece of cake!
Create a new file called index.gsp in stripesample/grails-app/views/checkout and put the following for the contents of the file:
Next we need to modify the CheckoutController we created. Put the following for the contents of this file:
And finally, we need to create a simple confirmation.gsp in stripesample/grails-app/views/checkout and put the following for the contents of the file:
This is obviously a really simple example and can be improved greatly with styling, validation, flash message, etc, but I did this on purpose just to keep it really simple. A couple things to notice in the sample code:
- The JavaScript is pulling in your publishable key from Config.groovy
- The JavaScript then takes the credit-card details and creates a token and inserts this into a hidden-field on the form
- The server never sees the credit-card details, only the token created by the Stripe JavaScript library and the amount to charge
Let’s try it out! Here are some sample values that will work for testing:
- Credit Card Number: 4242424242424242
- CVC: 123
- Expiration Month: 12
- Expiration Year: 2015
You can use whatever you want for the amount. Enter it as you normally would in dollars like 12.99 for example. The controller converts this to an integer of cents since Stripe deals in cents. If goes well, you should see the confirmation page with the success message! If something goes wrong and you receive the error message, you can comment out the try/catch block around the Charge.create(chargeParams) to see the actual error message from the Stripe API. Once you have successfully submitted the form and received the confirmation message, go to your Stripe account and click on Payments to verify that it shows up!
This post is just barely touching the surface of the Stripe capabilities! We did a one-time charge here, but you can do all sorts of stuff with the Stripe API with Groovy like subscriptions / plans for recurring payments. You can also do standard stuff like issue refunds or coupons. Take a look at the Java API documentation for more details.
Well that concludes my walk-through of using Stripe for processing credit cards in a Grails application. I hope you found this post interesting and consider trying out my plugin! Here are links to the source for the plugin and the plugin portal page.