I'm creating an app using React Native (using Expo, for what it's worth) and would like the app to be able to support donations via Apple Pay.
Expo's Stripe documentation includes a Snack that demonstrates how to support Apple Pay, and the documentation mentions that the Snack uses a Glitch server.
Furthermore, the Stripe documentation also seems to suggest that I need to create a web service to make things work ("For security reasons, your app can’t create these objects. Instead, add an endpoint on your server that...").
I had assumed that Apple Pay took care of these sorts of things behind the scenes and that payments would be processed by Apple's own servers. Do I really need to create a web service to support donations via Apple Pay?
CodePudding user response:
Yes, absolutely, without doubt, you need a server for that. The payment intent is created with a secret key and your secret key needs to stay secret on your server. Anything you put on the client is insecure and can be manipulated by those with bad intent.
If you wanted to have a client side only way to collect payments you can use Stripe Checkout, but from what I hear, it's fairly limited Related Question