Replace MIT SAO payment system with Stripe Checkout#254
Conversation
✅ Deploy Preview for mitoc ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Adds the serverless backend needed to replace the MIT SAO payment system. The function validates the amount, creates a Stripe Checkout Session, and returns the hosted URL. All PCI scope stays on Stripe's side. Stripe Link, Apple Pay, and Google Pay work automatically via Stripe Checkout with no extra config.
Removes the PayPal/MIT SAO payment system and replaces it with Stripe Checkout. Forms now call the Netlify Function to get a hosted checkout URL, then redirect the browser there. Stripe handles card entry, PCI compliance, Link, and receipt emails. Field names are cleaned up from merchantDefinedData* to readable names. The PayPal warning banner is removed.
The Netlify CLI is blocked by Santa on this machine. This sets up a three-container dev environment: Jekyll on 4000, a minimal Node.js wrapper for the Netlify function on 9999, and nginx proxying both under localhost:8888 so the browser sees one origin. Run with: docker-compose up Then open: http://localhost:8888/pay
cameron-gagnon
force-pushed
the
stroopc/stripe-payments
branch
from
8b8c297 to
dd5b141
Compare
There was a problem hiding this comment.
@cameron-gagnon - nobody in MITOC is a fan of the status quo for accepting payments, and Stripe would be wonderful (you're not the first to explore it as an option), but the code/integration isn't the hard part -- it's getting MIT approval to route all funds through a portal for which they don't have oversight.
Are you able to give any information about MIT's approval for integrating with Stripe?
As Michele notes, there's a good deal of automated machinery that translates accepted payments into actual membership records, and this would break that.
If you have approval from MIT's administration to use Stripe (which would be amazing), please reach out to the webmaster team - we can help integrate it in such a way that it meets the club's needs.
Finally, this would only change the public /pay page, not the form that MITOCers use to pay membership.
I believe @LucasEhinger (former treasurer and current voting bod member) is looking on the MIT side. SOLE has hinted in the past that a Stripe account would maybe be an option. This PR has been shared on Slack to show folks what would the Strike integration looks like. It came up in a discussion that followed a multi-day Cybersource downtime that prevented us from getting payments during office hours. |
Cool cool! I'm very much down with a simple demonstration of how easy it is to integrate Stripe -- I'm "requesting changes" merely to indicate that this isn't safe to merge as-is, but we can absolutely leave it up for the Netlify preview. Reach out if we get word from MIT that we can proceed with a third party. |
|
Thanks Cameron! We're still waiting on MIT approval. I've reached out 3 times in the past 2 months, and received no response. From experience, if you push MIT too much, the answer will be no. I'm currently waiting til the end of the semester so SOLE's workload will be lower. I'll stop by there at the end of May with a box of chocolates (this has been an effective strategy previously with insurance) and check in. We have a good relationship with the SOLE admin who offered to help with this, but that's no guarantee that they'll be willing to approve a Stripe account. The hardest part will be getting initial approval. However, even after that, this process will likely be a matter of months not weeks. We'll need approval from both SOLE and OGC, as well as accounting assistance from VPF. I'll reply to the PR and the webmasters once I hear back from MIT. |
|
Hi all! Yep, agree that the code changes here aren't the hard part. I just figured I'd knock out what a potential integration could look like so when it comes time to get buy in from MIT, it's a lot easier to demo what things would look like and get ahead of any doubt or uncertainty about what a Stripe integration would entail and the featureset it would bring. I'm less plugged in to who all needs to approve this on the MIT side, so I'll keep in touch with the current bursar and @LucasEhinger on how I might be able to help beyond the changes here. @DavidCain with regards to the netlify preview branch, it doesn't work yet. Netlify needs a Stripe test secret key added for branch deploys in order for the Stripe integration to work. It works locally because I have a test secret key for my account. I'll DM you and Florian on Slack in case you want to add the test secret key and redeploy the test branch so that anyone can go through the Stripe checkout process on this branch. It might be helpful if we want to demo it to the MIT folks at some point. |
4 participants
Why
The MIT SAO CyberSource payment page (
shopmitprd.mit.edu) has gone down for days at a time, leaving MITOC with no way to accept payments online. Stripe provides a more reliable payment system and a faster checkout experience with support for Stripe Link, Apple Pay, and Google Pay out of the box.I saw some grumblings on the MITOC Slack about moving over to Stripe so I figured I'd take a look.
Summary
create-checkout-session) that creates Stripe Checkout Sessions server-side, keeping the secret key out of the browser/pay/pay/successconfirmation pageTest plan
Tested the gear, trip, and cabin fee forms, all of which worked successfully.
test-payment.mov
How payments via Stripe look in the Stripe dashboard:
Next steps
Decide if MITOC/MIT is okay with the 2.9% + $0.30 fee per transaction and how the new Stripe account would be managed. I'll follow up on the original Slack thread and go from there. Concretely, what still needs to happen with the code is:
STRIPE_SECRET_KEYto Netlify environment variables (live key for production, test key for branch previews)Note: all testing so far has been done with a personal Stripe test API key. The integration needs to be re-verified once a proper MITOC Stripe account exists.
Next next steps
We currently have desk workers put in the last 4 digits of a payment ID into the system when finalizing gear rental. We will probably want to change that if we move over to Stripe since we'll be record keeping a little different.