Classe365 accepts online payments which are processed with Stripe Payment Gateway. Stripe authenticates your requests using your account’s API keys. If you do not include your key when invoking a request, or use one that is incorrect or outdated, Stripe returns an error.
Every Stripe account is provided with two pairs of keys: one for testing and one for running live transactions. All API requests exist in either test or live mode, and objects—customers, plans, coupons, and so forth—in one mode cannot be manipulated by objects in the other.
There are also two types of API keys: publishable and secret.
Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. Publishable keys only have the power to create tokens.
Secret API keys should be kept confidential and only stored on your own account. Your account’s secret API key can perform any API request to Stripe without restriction.
Obtaining your API keys
Your API keys are available on your Dashboard. Stripe includes randomly generated API keys in code examples if you are not logged in. Replace these with your own or log in to see code examples populated with your own test API keys
If you cannot see your API keys in the Dashboard, this means you do not have access to them. Contact your Stripe account’s owner and ask to be added to their team as a developer.
On your Dashboard search for Developers > API Keys
(Make sure, you've selected the "Test Mode" or "Live Mode" to set those in Classe365 Payment Gateways)
Copy those Keys and get back to your Classe365 account
Integrating Stripe credentials in Classe365 Account
Go to Settings > Settings for Your_Organization > Payment Gateways > Stripe(use logo) >
To integrate "Live Mode" copy the "Live Keys" from Stripe and paste them in the "Live Block".
Configure Webhook URL
Adding the webhook settings enables the payment status communication back to Classe365 ensuring all invoices are marked with the payment status like paid, unpaid etc.
To set up, the webhook, Search to Developers --> Webhook and click on Add endpoint
Add the below details in the webhook endpoint settings box.
Endpoint URL: https://yourdomain.classe365.com/services/stripeWebhook. Add your Classe365 domain access URL in the format specified above.
Version: Current version
Events to listen in "LEGACY CHECKOUT" (Mandatory):
Events to listen for SCA (Required if using E-Commerce Module or SCA):
SCA (Strong Customer Authentication)
Strong Customer Authentication (SCA), as part of PSD2 regulation in Europe, requires changes to how customers based in European countries authenticate online payments. Card payments require a different user experience, namely 3D Secure, in order to meet SCA requirements. Transactions that don’t follow the new authentication guidelines may be declined by the customers’ banks.
Limitations of SCA | Can't use SCA in these two cases:
1) Option for anchoring subscription start date (starting subscription on some specified fixed date instead of payment date).
Stripe no longer supports the custom subscription start date, so enabling SCA will no longer support this feature.
2) In CRM, the option for linking another recurring/one-time payment fees when one recurring fees is already selected.
In Legacy checkout, Stripe supported "multiple recurring/one-time payment" fees in the CRM Module's Payment, but with SCA, Stripe can enable either one/multiple one-time payment fees or just one recurring fees in any particular form. There can't be more than one recurring fees in CRM Form Payments.
More on Stripe Credentials
Test and live modes
The test and live modes function almost identically, with a few necessary differences:
In test mode, payments are not processed by card networks or payment providers, and only Stripe's test payment information can be used.
Some payment methods using Sources have a more nuanced flow in live mode, with more steps required than those in test mode.
Disputes also have a more nuanced flow in live mode, and a simpler testing process.
Webhooks that were not successfully received are retried for up to five hours (as opposed to 72 hours for live mode).
Keeping your keys safe
Your secret API key can be used to make any API call on behalf of your account, such as creating charges or performing refunds. You should only grant access to your API keys to those that need them. Ensure they are kept out of any version control system that you may be using.
If an API key is compromised, roll the key in the Dashboard to block it and generate a new one.
When rolling an API key, you can choose to block the old key immediately or allow it to work for 12 hours, providing you with time to make the transitions. In either case, the new key can be used immediately.
Limiting access with restricted API keys
Your account’s secret API keys can be used to perform any API request without restriction. For greater security, you can create restricted API keys that limit access to, and permissions for, different areas of your account data. These take the place of your secret API key and should be used if you’re working with microservices that interact with the Stripe API on your behalf.
A restricted key allows only the minimum level of access that the service needs while protecting account data it doesn’t need. For example, you can create a restricted key that grants read-only access to dispute data, then use it with a dispute monitoring service.
If you no longer need a restricted key (or you suspect it has been compromised), you can revoke it at any time. A restricted key can also be rolled, or edited to change its level of access.
Restricted keys are intended to reduce the risk when using or building microservices. They are not to be used as an alternative to your account’s API keys during development of your Stripe integration—restricted keys cannot interact with many parts of Stripe’s API. Use your test API keys during development and live API keys once your integration is live.
If you need more help from Stripe you can use this link to contact Stripe Support
Write us here (firstname.lastname@example.org) if you have any issues with integrating Stripe in Classe365.