meta data format (with http post request)

789 views
Skip to first unread message

Harinath Mallepally

unread,
Oct 28, 2016, 1:16:11 PM10/28/16
to Stripe API Discussion
Hi,


does anyone have postman collection for stripe API? or curl requests with complete data?  I want to know the format of meta data

the following simple request works fine.  but when I add meta data it fails with error.
POST /v1/customers HTTP/1.1
Authorization: Bearer sk_test_*************************
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 962fafd6-b607-836a-a700-1d6069f61396

email=hari%2B1%40abc.com&description=test

with meta data the error is

{
  "error": {
    "type": "invalid_request_error",
    "message": "Invalid metadata: metadata must be a set of key-value pairs",
    "param": "metadata"
  }
}


Thanks 
Hari

Remi J.

unread,
Oct 28, 2016, 1:18:15 PM10/28/16
to api-d...@lists.stripe.com
Hey Hari,

Our API expects the POST parameters to be sent as application/x-www-form-urlencoded. Here's an example curl request that would create a charge and pass metadata at the same time:

   -u sk_test_XXXYYYZZZ: \
   -d amount=400 \
   -d currency=usd \
   -d source=tok_TTTOOOKKK \
   -d metadata[key1]="value 1" \
   -d metadata[key2]="value 2"

Hope this helps!
Remi

--
You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss+unsubscribe@lists.stripe.com.
To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at https://groups.google.com/a/lists.stripe.com/group/api-discuss/.

Harinath Mallepally

unread,
Oct 28, 2016, 5:07:41 PM10/28/16
to api-d...@lists.stripe.com
Thank you, it helped.

also for source, i needed to use source[ATTRIBUTE].



Matthew Arkin

unread,
Oct 28, 2016, 5:26:06 PM10/28/16
to api-d...@lists.stripe.com
Note that you should be sending a token as the source, sending the actual card details in the source would require PCI  SAQ D compliance.





To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss...@lists.stripe.com.

Harinath Mallepally

unread,
Oct 29, 2016, 2:57:39 PM10/29/16
to api-d...@lists.stripe.com
Hi Matthew, I didn't get you. I am not storing the user card information (I am just passing on the information to stripe) ,I need stripe to store the data  for subscription and any other future purchases etc.

should my app also have PCI compliance?  how do I pass the user card data to stripe then?

Thanks
hari

Remi J.

unread,
Oct 29, 2016, 3:00:31 PM10/29/16
to api-d...@lists.stripe.com
Hey Hari,

If you pass raw card details to the Create Charge API, it means that you get the card numbers on your server which has some serious PCI compliance [1] implications. This it true even if you never store the card details yourself and they just go through your server. You should modify your integration so that you always tokenize the card details client-side first.

You'd need to use Stripe.js [2] or Stripe Checkout [3] client-side to send the card details to Stripe directly and get a unique card token (tok_XXX) back. You'd then send this token to your server to create the customer or the charge.

This, along with serving your payment page(s) over HTTPS and never sending card details to your server makes you fall under SAQ-A and make sure you're PCI compliant and we take the reporting burden away from you [4].

Hope this helps!
Remi

Harinath Mallepally

unread,
Oct 29, 2016, 3:13:09 PM10/29/16
to api-d...@lists.stripe.com
that is really informative,

we were in big risk of PCI compliance so far. will do the needful changes. 

Thank you so much Remi

Reply all
Reply to author
Forward
0 new messages