Idempotency key is not enough?

[Alberto Gori]

I am trying to avoid double charging my customers, even under the most unlikely chain of events. I have this scenario in my mind, and I can't find a proper solution due to what I think is an hole in Stripe API. Scenario is:

- cutomer has a card, charge succeeds but a network error happens. An idempotency key has been used and saved in the db.

- customer change card

- system retry the failed charge, using the same idempotency key. Charge fails because parameters are not the same as before (card is different!).

Under this circumstance, we lack the api to proceed. If I reset the idempotency key and retry again, I am going to charge twice. Notice I do not have a chargeId, neither I could have one because network failed. 

IMHO we need an api to retrieve the charge by idempotency key, or query by metadata.

Any thoughts?

[Remi J.]

Hey Alberto,

When you get a network error with your first idempotency key, you should retry the request again at that point. Idempotent requests allow you to retry the same request without performing the resulting operation twice. Doing so would return the original response with the charge id that was created on the first attempt, if any.

This would allow you to ensure you return the right status to your customer after his payment attempt. Otherwise, if you already returned an error, you can have a background job that will retry the request, get the charge id and then refund that charge so that the customer gets his funds back on his end.

Hope this helps!

Remi

--
You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss+unsubscribe@lists.stripe.com.
To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at https://groups.google.com/a/lists.stripe.com/group/api-discuss/.

[Alberto Gori]

Thank you Remi. So following your answer I do this:

- if network error I save idempotency key and card data (customer id in my system is enough).

- on retry, I just use both and get the correct status of the charge.

For any other error I do not save idempotency key and original card id, and on retry a new charge will be attempted.

Thanks again for the suggestion.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss...@lists.stripe.com.

[Remi J.]

That approach sounds correct yes!

I'd also recommend adding some failsafe here too by listening to webhooks. You would get `charge.succeeded` events asynchronously and could reconcile this charge with the list of charges that you already know of. If you get an event for a charge you have not heard of (for example after a network error) you can then decide to contact the customer or refund it asynchronously.

Hope this helps!

Remi

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss+unsubscribe@lists.stripe.com.