Stripe Integration Options

Overview

Stripe has positioned itself as the most popular payment service for Internet companies of all sizes. Over the years, they have added dozens of major features and products in the payments space.

This article will focus on the integration options available for accepting payments.

Integration Overview

Stripe's integration options include REST APIs, Libraries, UI widgets, and hosted pages accessible from any programming language or framework. The sheer number of options, breadth of documentation, and online examples make it overwhelming.

At the heart of Stripe is their REST API. The REST API enables virtually every action available from the Stripe platform. Coding against the API is possible, but most developers will utilize a high-level library that wraps the REST API.

Due to security and PCI compliance, some actions must be executed from a backend server and not a browser. For this reason, using only the REST API would not be possible if you wanted to avoid PCI compliance (since it would require passing the CC to your servers).

The Stripe JavaScript library Stripe.js solves this in a couple different ways depending on your scenario.

Stripe's Integration History

Let's cover Stripes evolution of integrations to help demystify why there are so many options.

Stripe's First Approach (~2011 - ~2017)

The first broadly available version of Stripe allowed clients to completely design their own Credit Card Input forms. The Stripe.js library (stripe.js v2) provided a way to take the CC values and and submit them to Stripe's servers over HTTPS in exchange for a token representing the Credit Card. Unfortunately, this method made it easy to accidentally leak CC details and violate PCI compliance.

This approach is now deprecated as it is not fully PCI compliant as defined in PCI DSS 3.0.

This method was used for years before Stripe.js v3 was introduced in 2017 to improve the security model.

Stripe Checkout, A fully hosted approach (~ 2013 - present)

In January 2013, Stripe released their first version of Stripe Checkout. Stripe checkout was a fully hosted version of the checkout modal that would appear as an overlay while dimming the background. This checkout modal was implemented as an iFrame thus being PCI compliant from the start.

In Spring of 2019, Stripe overhauled their Stripe Checkout product to a fully hosted/brandable page on the Stripe domain. This simplified the process even futher for developers looking to integrate.

Stripe Elements: A Secure and Customizable Option (2017 - present)

In 2017, Stripe released the JavaScript library Stripe.js v3 (and deprecated v2). This library improved the security model from the previous version by providing a stylable widget called "Elements" that was injected into sites via an iframe.

This meant that users Credit Cards were never on the site directly and fulfilled PCI DSS 3.0 requirements lacking in v2. Using Stripe Elements gave developers infinite control on how to style their UI and payment experiences.

Moving to Payment Intents API (2019 - present)

In response to SCA (Strong Customer Authentication) in the EU (European Union), Stripe released a new API that would track the lifecycle of the customers payment/checkout. SCA will often require additional steps by the customer to authenticate the payment. The previous Charge API was not built to handle this. Rather than extend the Charge API, Stripe decided to introduce a whole new mechanism in PaymentIntents and SetupIntents.

Both the Charge API and Payment Intents API live in the same REST API and language APIs (i.e. node-stripe and stripe.js v3). They are just different entry points into the API.

The Charge API is still supported and significantly easier to work with. If you have business in the EU, Stripe strongly suggests you move to the Payment Intents API.

When working with Stripe Elements and Stripe Checkout, you will still need to interact with either the Charges API or Payment Intents API. Think of Stripe Elements and Stripe Checkout as the Front-end and Charges/Payment Intents as the Backend.

How to choose an option?

coming soon... comparisons and use cases. Stay tuned.