Awesome. Thanks for that feedback everybody! @lin_d_hop @nick @CynthiaReynolds @Oliver
Just looking at the docs a little further, and found another argument in favour of Stripe Connect. It will allow us to store customer card details centrally (against the instance’s stripe account) and then use those to charge customers to any connected enterprise. This way we only have to ask customers to enter their card details once (ever), and we can make that card available as a payment option anywhere on the instance. Obviously this need to be explained but I think it is a fairly palatable proposition. More info in the Sharing Customers section of the Stripe docs.
The alternative where we store individual API keys would mean that we need to ask customers to enter their details at least once per shop, as there is no mechanism for sharing details across (from Stripe’s perspective) two completely disconnected accounts.
@oliver Thanks for those thoughts. I certainly don’t feel confident enough to say that the API keys option (option 2) is the easier route. Yes we have a solution that ‘works’ out of the box, but IMHO simply running with this as-is creates an unacceptable level of risk unless we do some serious work on encryption/decryption of keys (not very pretty or fun), or on enforcing some serious protocols for downloading and managing access to copies of the database (which means ongoing work). I’ve been looking at the code and I am hopeful that tweaking Spree’s Stripe gateway to work with Stripe Connect may not be huge amount of work - the API, and the existing Spree gateway appear to be well written and quite flexible. Fingers crossed, will report back when I know more.
@lin_d_hop: I think perhaps there is a little confusion about what is being proposed: at this stage I am not suggesting that customers be asked to connect their stripe accounts to the OFN, merely that they enter their card details which we can ask Stripe to store for later use. We can certainly look into supporting this as a next step, but I don’t think it should be part of the initial round of work? The flow for customers entering their card details will be entirely ‘in-house’, so no need to redirect customers to Stripe. In fact Stripe need not be mentioned to the customer at all.
The component that will require users to be directed through Stripe is the ‘Connect’ aspect for enterprise users wishing to use Stripe as a payment method ie. enterprise users connecting their stripe accounts to the instance, which authorises the instance to charge customers on their behalf. The flow for connection is relatively straight-forward: enterprises users would click a ‘Connect to Stripe’ button somewhere in the admin section, which would send them to Stripe to confirm authorisation, and then they would be sent back to the OFN. There is an example of what this might look like on this page (about halfway down). Once enterprises have ‘connected’ to the instance, they can create payment methods based on that connection, which then behaves like any other payment method (except that we can do cool stuff like auto-load info for any customers with stored card details, or charge customers with standing orders without them having to touch the site).
I am still completely undecided as to whether we should ‘Connect’ stripe accounts to users or to enterprises. What is clear to me is that if we connect them to users, we will need to allow each user to link multiple Stripe accounts to their OFN user, because a single user can foreseeably own two enterprises that need to use two separate Stripe accounts to charge customers. It is important to note that Stripe accounts connected in this way would not be at all equivalent to those connected via the front-end (if we decide to implement that at some point): the former represents an authorisation for the instance to charge on behalf of the Stripe account holder, the second represents an authorisation for the instance to charge the Stripe account holder on behalf of another. Stripe treats these as two very different classes of relationship: the first is a ‘Connected Account’ and the second is a ‘Customer’.