Screencast GoRails: Stripe Ruby

  • Chris Oliver
  • 1159 views
Badge student

Locked Content

A subscription is required for viewing this video. Enroll now to get full access to all Code School courses and content.

Enroll Now Sign in

Comments

  1. robyedlin said

    Credit card errors are common, so error handling with rescue should be covered.

  2. hoseinA said

    The javascript runs locally on user machine. It's not safe to set your token locally via javascript. Very bad security.

  3. Faculty

    Chris Oliver said

    @hoseinA, not quite correct. The Javascript does run on your browser, but the public key is meant to be shared publicly. You must put that on the public webpage and share that token so that the user's browser can tokenize the credit card securely with their own connection to Stripe's tokenization server. That's all the public key is used for, so this key does not have access to their API.

    The Javascript is secure because it's not sharing out the secret key. The secret key is the one you want to keep private. It's used for accessing Stripe's API where you actually make charges to cards and things. We only set the Stripe.api_key to the secret one on the server, so that's never shared with the Javascript or frontend at all. It must stay entirely on the server like we set it up.

You need to be an enrolled student in order to view this video and subscribe.

Enroll Now