Stripe Secure Proxy - What goes in the service Authorization field?

Mon Jul 06, 2015 7:55 pm

When setting up the Stripe plugin to work with a secure proxy (following the tutorial here), I am able to get the service to work IF I leave the Authorization field where we set up the service as follows:

This defeats the purpose of using the proxy (since the authorization key can sill be obtained on the client's device). Is there a way to replace the "Bearer sk_test_XXXXXXXXXXXXXXXXXXXXX" with something that references the keyValue in the StripeDB that we created? Or perhaps it can be done in the StripePayment_Settings:

Edit:
To clarify, I have tried using 'Bearer {keyValue}' in the Authorization header field in the service, but this did not work (even though the secure proxy was setup, and enabled from within the service).

Thank you!

Wed Jul 08, 2015 9:32 pm

Hey guys,

Just hoping to follow up on this topic. The tutorial does not indicate what needs to be put in the Authorization field of the Stripe Service. I'm hoping someone can provide some clarification as to how the stripe service is used, without leaving trace of the Stripe API Key on the client's device.

Thank you!

Thu Jul 09, 2015 10:35 pm

Bump. Another day with no response.

Sat Jul 11, 2015 1:20 am

Hello Jon,

Sorry for radio silence here.
Working on it, we will get back with reply as soon as have news from development team.

Sat Jul 11, 2015 9:31 pm

Jon,

Tutorial doesn't indicates what should be put in Authorization field of the Stripe Service, because you really shouldn't. The value is predefined within the plugin. Carefully check your DB, collection name and keys created there. And note, predefined value is:
Bearer {api_key_proxy}
Not the:
Bearer {keyValue} as you wrote.

It should be certain key value, not the title of column in collection.

Mon Jul 13, 2015 10:25 pm

Thanks Alena for the response, and for clarifying that I should use the key value, not the column title in the collection. Unfortunately, when you say "The value is predefined within the plugin," you're correct, but the predefined value doesn't work either, as it returns "Invalid API Key provided: {**oxy}" in the stripe error display.

It isn't recognizing that this as a reference to the StripeDB credentials table. Any other suggestions? Again, currently the only way to get stripe plugin to work is to use "Bearer sk_test_ZXXXXXXXXXXXXXXXXXXXX" which is no good.

Please advise... Thanks!

Tue Jul 14, 2015 11:04 am

Hi Jon -

Could you please clarify, how you are testing your app? Inside the builder using Test tab?

Also make sure that you have turned secure proxy for this service, here are details: https://devcenter.appery.io/documenta...

Tue Jul 14, 2015 4:31 pm

Illya,

Actually you cannot test the Stripe token service in the test tab, based on the issue I raised here, so the only way to test is either in browser or installed on the app. I was trying in the browser. I can also try installing the app on the device, but this shouldn't change anything.

Also, I did follow that tutorial, so the proxy is configured and turned on for this service.

When I try using the stripe card token service in the browser, the Stripe error label (which displays the error from the StripeGlobal script) shows this:

Here's another way I tested it. Create a new app. Import the Stripe plugin. Link it to the stripe proxy that was created in accordance with the Tutorial you posted, and test (in the test tab - even though it wouldn't actually work even if you hardcode the stripe api key instead of using "{api_key_proxy}")... The response is:

Thanks

Tue Jul 14, 2015 4:41 pm

So in reality, the proxy service that the tutorial shows us how to set up doesn't actually work... Has anyone else tested the stripe plugin with the proxy setup as in the tutorial and actually got it to work?

Fri Jul 17, 2015 6:34 pm

Hey guys,

Do you need any more info to help address this issue? Has anyone on the dev team side tried to quickly test it to verify that the default setting in the plugin and simply following the tutorial doesn't work?

Is 3 days not long enough to respond with a mere update? A simple update saying "hey, we're working on it" takes less than 30 seconds to keep people informed whether or not you're even making progress. I know you guys have been hearing it a lot lately (for good reason) but this is very frustrating.