Legacy pluginsObsolète

What is a plugin?

Plugins are any integration between a third-party solution and Stripe that requires a user to authenticate with their secret API keys. A plugin typically interacts with Stripe APIs either by making API calls or responding to Stripe API events on behalf of its users. Plugins often run code that allows Stripe to interact with other software, such as accepting payments on WordPress. They can also take other forms, like open-source libraries or website builders.

Best practices for legacy plugins

Follow these best practices to help your users safely process on Stripe’s platform without disruption if our API upgrades or changes. If you have questions, contact us at plugins@stripe.com.

• Register your plugin by creating a Stripe account or using an existing one
• Identify your plugin using setAppInfo and registerAppInfo so we can alert you to any potential issues we notice
• Set Stripe’s API version in your plugin to avoid potentially breaking changes for your users
• Use client-side tokenization to securely collect payment details in the browser

You can also take a few steps to improve the quality of your connector:

• Add the Express Checkout Element to offer multiple one-click payment buttons to your customers, including Apple Pay, Google Pay, Link, and PayPal
• Enable multiple payment methods beyond credit cards to support international users
• Verify your users have HTTPS enabled to improve their security
• Subscribe to our mailing list to keep up to speed with changes to Stripe’s API

Identifying your plugin

Provide identifying information so that we can contact you if there’s an issue with your connector or critical update to the API.

Backend API calls

If you use the APIs to create server-side requests, use setAppInfo with a hash containing the following options:

• name (required): your plugin’s name
• partner_id (required for Stripe Verified Partners, optional otherwise): your Partner ID from the Partners section of the Dashboard
• version (optional): your plugin’s version
• url (optional): the URL for your plugin’s website with your contact details

Stripe.set_app_info(
  'MyStripePlugin',
  partner_id: 
'{{PARTNER_ID}}', # Used by Stripe to identify your connector
  version: '1.2.34',
  url: 'https://example.com'
)

If you’re building a connector and not using one of our official libraries, set the value of the User-Agent header on requests made to the Stripe API as name/version (url).

The following is an example:

User-Agent: WordPress MyStripePlugin/1.2.34 (https://example.com)

Client side / Stripe.js

For frontend libraries that use Stripe.js, use registerAppInfo with the same options as setAppInfo above. For example, using JavaScript:

stripe.registerAppInfo({
  name: "MyOSSLibrary",
  partner_id: 
"{{PARTNER_ID}}",   // Used by Stripe to identify your connector
  version: "1.2.34",
  url: "https://example.com",
});

Setting the API version

Your plugin should use the setApiVersion function, which will set the Stripe-Version HTTP header on all requests. Your users will use their own API keys to access Stripe, but this header will be included with every request. We recommend that you use the most recently published version of the API. The current API version and details on our versioning policy can be found in the API reference.

Stripe.api_key = 
'sk_test_BQokikJOvBiI2HlWgH4olfQ2'
Stripe.api_version = '2022-08-01'

New Stripe users automatically default to the latest version of the API. This header ensures that your connector is pinned to a specific API version, which keeps the occasional backward-incompatible change from breaking your connector’s functionality.

Users can upgrade their own API version through the Stripe Dashboard. If your connector relies on webhook events, their data format and structure depend on the user’s account API version. You should instruct your users to set the version in their Dashboard to match your plugin.

Subscribing to our mailing list for updates

We regularly release new versions of the Stripe API that bring new features and bug fixes. You can subscribe to the api-announce mailing list to be notified of updates that might affect users of your connector.

Securely collecting payment details

Stripe users are subject to PCI compliance, which specifies how credit card data should be securely stored, processed, and transmitted. Their businesses could face stiff penalties for noncompliance or potential breaches, so it’s important to help them safely process on Stripe.

Since your connector will make API calls on behalf of a Stripe user, you must transmit credit card data securely using client-side tokenization. Customers submit their personal information through their web browser or mobile app directly to Stripe, and in exchange a simple token will be sent to the Stripe user. This allows your users to securely collect card details without sensitive data ever touching their server.

If your connector includes a client-side payment form in the browser, we recommend that you use either Stripe.js and Elements or Checkout:

• Elements provides prebuilt UI components and complete control over the look and feel of payment forms
• Checkout provides a complete checkout experience and can be quickly added to a Stripe user’s website

Both of these options provide client-side tokenization.

If your plugin only operates in a backend environment, please include a note in your connector’s documentation asking users to tokenize payment details using Elements or Checkout. Tokenization helps Stripe users process as safely as possible on our platform.

Add the Express Checkout Element

The Express Checkout Element gives you a single integration for accepting payments through one-click payment buttons, including Apple Pay, Google Pay, Link, or PayPal.

The Express Checkout Element allows you to display multiple buttons at the same time. Customers see different payment buttons depending on what their device and browser combination supports.

Enabling multiple payment methods

Stripe supports multiple payment methods, aside from credit cards. We’ve published a guide to payment methods that introduces terminology, key considerations, and how we support each method on our platform.

The Payment Methods API enables your users to collect payments using additional payment methods (for example, Alipay, iDEAL, Sofort). You can add these payment methods using one integration path.

Verifying that HTTPS is enabled

If your plugin presents a payment form in a web browser, it should check if the form is being served over HTTPS. We require our users to enable HTTPS: you should present a clear error to your user if they’re not properly secured.

Here are a few examples to verify whether your users have HTTPS enabled:

# This example uses Sinatra, but the `request` object is provided by Rack
require 'sinatra'

get '/' do
  if !request.https?
    # Present an error to the user
  end
  # ...
end

If your connector has a front-end component, check whether HTTPS is being used from the browser. For example, using JavaScript:

// This example checks for HTTPS from the browser
if (window.location.protocol !== "https:") {
  // Present an error to the user
}