WEBVTT

00:00.020 --> 00:00.260
Okay.

00:00.290 --> 00:05.390
As discussed in the intro lesson, this is the point where we're going to be able to start taking payments

00:05.390 --> 00:11.240
from our users for the products that they have put inside their shopping carts or their basket.

00:11.270 --> 00:14.900
Now, this is not something that we do on our own servers.

00:14.900 --> 00:19.340
For all of the good reasons that I specified in the introduction.

00:19.340 --> 00:25.370
And we're going to be using a payment processor payment provider called stripe, which is going to handle

00:25.370 --> 00:28.850
the receipt of payments from our users.

00:28.880 --> 00:34.640
Now, this is a transaction that really happens directly between the client's browser and the stripe

00:34.640 --> 00:35.540
servers.

00:35.540 --> 00:41.180
And in order to meet the requirements for strong customer authentication, we need to set up on our

00:41.180 --> 00:45.380
back end API side of things, the payment intents.

00:45.380 --> 00:50.570
So our back end API is going to securely communicate with stripe.

00:50.570 --> 00:55.790
So the idea of this system is so that we can implement secure customer authentication.

00:55.790 --> 01:02.580
Is that our user, when they get to our checkout our client browser is going to send our API request

01:02.640 --> 01:06.780
along with the contents of the baskets, what's in their basket?

01:06.780 --> 01:12.990
And our back end API is going to securely communicate with stripe to express an intent to pay on behalf

01:12.990 --> 01:13.890
of the customer.

01:13.920 --> 01:19.950
Stripe will then send back the payment intent to our API, and we'll update our customer's shopping

01:19.950 --> 01:22.980
cart or basket with that payment intent code.

01:22.980 --> 01:28.920
And then the client can effectively communicate with stripe directly to pay for the contents of that

01:28.920 --> 01:29.280
card.

01:29.310 --> 01:34.470
So we're going to set up on the API side of things, the payment intent system first.

01:34.470 --> 01:38.250
And then we're going to move on to our client to deal with the rest of the functionality.

01:38.250 --> 01:40.590
But first we need a stripe account.

01:40.620 --> 01:42.660
So please go to stripe.com.

01:42.660 --> 01:47.070
This is the payment intent provider that we are going to be using.

01:47.070 --> 01:48.510
So please do sign in.

01:48.510 --> 01:50.520
And I've already got an account here.

01:50.520 --> 01:54.900
So I'm going to sign in using my account and get to effectively the dashboard.

01:54.900 --> 02:00.330
And once you're into the dashboard of this you should see something that looks like this.

02:00.330 --> 02:03.130
Now we can have a number of different accounts with stripe.

02:03.130 --> 02:08.170
I already have one or many different accounts that are available inside.

02:08.170 --> 02:08.380
Here.

02:08.380 --> 02:13.690
I'm going to create a new account for this specific course so that I have a clean dashboard and clean

02:13.690 --> 02:18.670
transactions so that we can see clearly what's going on as we test our code.

02:18.700 --> 02:20.860
Now we're going to operate in test mode.

02:20.860 --> 02:25.090
We're not going to receive any live payments as part of this training course.

02:25.090 --> 02:30.550
And then if you ever did want to enable this into live mode, then you turn off test mode, you would

02:30.550 --> 02:33.730
need to complete a business profile with stripe.

02:33.730 --> 02:39.280
There are some rules and regulations with receiving payments depending on where you are in the world.

02:39.310 --> 02:45.970
Whatever you need to do to enable this, you'd need to go through their documentation and get them to

02:46.000 --> 02:51.040
approve your account, I suspect, and all sorts of money laundering rules out there.

02:51.040 --> 02:53.020
So we're just going to operate in test mode.

02:53.020 --> 02:57.070
We're going to use test cards to get the functionality working.

02:57.100 --> 03:02.000
And like I say, if you did want to enable this to receive live payments, then it would be something

03:02.000 --> 03:04.970
that you would need to do outside of this training course.

03:05.270 --> 03:07.760
So I'm going to create a new account.

03:07.790 --> 03:11.060
So on the left hand side I'm going to use this create new account.

03:11.060 --> 03:14.960
And I'm going to call this account restore V2.

03:14.990 --> 03:19.340
And I'm going to pretend that the country of operation is United States.

03:19.340 --> 03:22.010
We're just going to deal with dollars for our payments.

03:22.010 --> 03:24.020
And I'm going to select create.

03:24.800 --> 03:30.110
And once this has been created, then we've effectively got a new account to work with.

03:30.140 --> 03:32.870
If I take a look at transactions we don't have anything.

03:32.870 --> 03:39.290
And if we go to the home then what we do have inside the dashboard and this is not within my control

03:39.320 --> 03:44.780
to ensure this always looks the same, but what you're looking for and it's available on the dashboard

03:44.780 --> 03:45.080
here.

03:45.080 --> 03:47.300
So this is the codes that I'm going to use.

03:47.300 --> 03:49.460
We have a publishable key.

03:49.490 --> 03:53.810
This is something that we use on our client side as well as our back end server side.

03:53.810 --> 03:59.570
And we also have a secret key that's stored only on our server side.

03:59.990 --> 04:05.880
So we're going to use those keys soon, but we're going to go back to VS code first of all.

04:05.880 --> 04:09.150
And we're going to create what we need to on our back end API.

04:09.180 --> 04:12.960
Now the first thing we'll do is we'll install a package from stripe.

04:12.960 --> 04:14.640
So we're going to go to NuGet.

04:14.640 --> 04:20.760
And we're just going to look for stripe inside NuGet because there's a package we need to install for

04:20.760 --> 04:20.880
our.

04:21.060 --> 04:22.110
Net application.

04:22.110 --> 04:24.390
And it's this one it's called stripe dot net.

04:24.390 --> 04:28.170
And we're going to install this into our API Csproj.

04:28.170 --> 04:29.310
Don't worry about the version.

04:29.310 --> 04:34.050
Just make sure you get the latest version available for your application.

04:34.050 --> 04:40.020
And now that is installed we will supply our configuration keys in our settings.

04:40.020 --> 04:48.420
Now for this example what I am going to use is the well I've got a choice of two the app settings development

04:48.570 --> 04:51.540
JSON or the app Settings.json.

04:51.540 --> 05:00.540
Now for convenience, and because I can easily change the account details that I'm using here and it's

05:00.540 --> 05:04.360
only a test account, then I'm just going to put it inside the app settings development.

05:04.510 --> 05:11.020
Jason, A bit later on when it comes to publishing, I'll use a different key for the published version

05:11.020 --> 05:11.980
of this application.

05:11.980 --> 05:17.020
It will still operate in test mode, so there's still going to be an element of fakery inside here.

05:17.020 --> 05:22.930
But for this one I'm just going to add a configuration in App Settings development dot JSON.

05:22.930 --> 05:28.240
And inside the quotes here I'm going to specify stripe settings as the configuration key.

05:28.270 --> 05:29.650
Open curly brackets.

05:29.650 --> 05:32.170
And we're going to use both of our keys inside here.

05:32.170 --> 05:36.700
So I'm going to have a publishable key for stripe settings.

05:36.700 --> 05:42.610
And I'm going to go across to the dashboard and copy the publishable key.

05:42.640 --> 05:49.120
Go back to App Settings and paste that in there, a very long key that goes right off the edge of the

05:49.120 --> 05:49.750
screen.

05:49.750 --> 05:53.710
So I'm not going to worry about that and just keep it on the edge of the screen.

05:53.710 --> 05:57.190
And we'll also have a secret key here.

05:57.190 --> 06:05.030
And again I'm going to go back to the dashboard and copy the secret key and paste it in here.

06:05.060 --> 06:10.970
Now, both of these are test keys, as we can clearly see, because this one is called PK underscore

06:10.970 --> 06:14.060
test for the public key and for the secret key.

06:14.060 --> 06:16.340
It's also underscore test.

06:16.580 --> 06:22.070
When you do have a live active account that can actually receive payments, then they won't have the

06:22.070 --> 06:23.810
word test here.

06:23.810 --> 06:28.550
So whether or not these keys get out into the big bad world of the internet, what's the worst that

06:28.550 --> 06:30.320
can happen in this scenario?

06:30.350 --> 06:36.110
I can receive fake payments into my fake store and okay, but I will change the keys.

06:36.140 --> 06:41.390
Not that I expect anybody's going to go through the tedium of copying these, but they will be visible

06:41.420 --> 06:42.920
on my GitHub repo.

06:43.010 --> 06:48.500
But they won't be valid for anything because I'll have changed the account before anybody gets to actually

06:48.500 --> 06:49.340
use them.

06:49.880 --> 06:52.730
So now we have that available.

06:52.760 --> 06:58.190
The next thing we're going to take a look at is creating a payment service, which will be able to reach

06:58.190 --> 07:02.360
out to stripe and create that payment intent I was referring to.