Implementing Stripe and PayPal Online Payments Using Grails

What this is

Grails 3.3.8 is used in the accompanying code. This is not a Grails tutorial. Very little will be said about Grails itself - you will have to know how to use Grails. The code is available here. It is a complete Grails project which will run as is provided you provide a source for the database connection and your Stripe public and private keys. Your private key must be put in the StripeController and your publishabe key in the Stripe form handler Javascript file.

PayPal

PayPal is also implemented and also works. But it goes just as far as getting a response back from PayPal which is then rendered in the browser. Unlike the Stripe example things are not taken further and the sale/order is not recorded in the database. That would be much the same as already done for Stripe. If you start Grails on the command line you will see print outs of the JSON object returned by PayPal. Using PayPal in production, I get the values I want back from this JSON object.

Why Stripe?

So far, I've used PayPal for everyone who wanted to be able to process online payments. Recently, I had en enquiry from someone who wanted an online tobacconist. I soon found out that accepting payment for quite a list of products and services on PayPal is not straightforward. Personally, I think it commendable of PayPal that they don't want to be roped into the service of the booze barons, tobacco kingpins, and gambling bosses willy-nilly. However, sometimes one may want to use an online payment provider other than PayPal.

A second factor is cost. In Australia, selling to Australian customers with Australian credit cards, Stripe is cheaper up to $15,000/month in transactions. Here are the two pages with the fees: Stripe and PayPal. If you are from another country, it is easy to find the two pages relevant to you.

With PayPal, the user is transferred to PayPal's site for payment. Some see this as a disadvantage. Maybe they think the user will think less of their site if they have to send the user to another site for handling payments. With Stripe, the user fills in a form on one's site, the form contents is transmitted to the Stripe site using Javascript, Stripe records the credit card details and returns a token to one in the response. Only then is the form transmitted to one's site. Everything, but the credit card details, reaches one's' site and one does with it whatever one wishes. The token is used by sending it to Stripe and requesting a payment. Stripe matches the token to the credit card details and processes the payment. The user never leaves one's site. In production, the page on which the user fills in his credit card details will have to use the https protocol, i.e. make use of encryption. A certificate signed by a known certificate authority is mandatory. For testing, this is not neccessary.

Seeing no credit card information ever hits your server, Stripe is a safe way to implement online payments. You will of course either have encountered, or will still encounter, clients wishing to store their clients' credit card details. The people wishing to do this will, in nearly all cases, have extremely limited IT knowledge. The hard task of convincing them that this is a very bad idea falls on your shoulders. Stripe handles online payments securely, relieving the site owner of the security responsibilities inherent in handling credit card payments online. This, believe it or not, is a good thing.

The Grails application

Instead of taking you line for line through the code, I'm going to tell you how this application is put together. You can download the application code, read throught what follows and look at the code as we go along. You will surely understand.

Look at build.gradle to see which dependencies were added. There are really only three: the Stripe dependency, the Ajax tags for the tags used in cart.gsp and the MySQL JDBC dependency. One can write out the Ajax code using jQuery and do away with the Ajax tags plugin.

Main parts of the application

This application sells items online. You will have to enter these items into your database, which in my case is a MySQL database called stripe. You will have to fill in your database connection details in grails-app/conf/application.yml. You will also have to enter your Stripe keys in CartController.groovy, the pay() method, and in custom/stripe_form_handler.jsp. In fact, besides having an empty database up and running as indicated by your database connection specifications in application.yml, that's all you have to do to get the downloadable application up and running.

Both your PayPal keys go into the PayPalController.

The first domain class you need is Item.groovy. Have a look at the code of the application you downloaded. That just specifies what you have for sale. A sold item is a LineItem. That's just a combination of an item, the number of that items sold, the price (written from the Item, prices may change of Items, but not for items already sold), an 'added' field which is just the time in milliseconds which is used to manipulate items in the cart. It also has a transient field to get the total for this item in case more than one was bought.

There is also a Customer, which is juse a name, surname and email address. The last is unique and used to identify returning customers. There is no sign in in this example. Sales to customers are persisted as a CustomerOrder. After successful payment, the customer is taken to the CustomerOrder show page of the order just completed. Only when a payment is successfully completed does persistence of the Customer, the CustomerOrder and all the LineItems on that order take place.

The Cart is not a domain class. You will find that in grails-app/utils. It has methods for manipulating the cart contents. It's stored in the Session. Stripe does not want to know anything about your cart or the items or services bought. That's for you to persist in your own database.

The payment form has a few fields, all about the customer, which Stripe doesn't need. All the fields in the form are evaluated against Javascript in a file, buy.js. Stripe now creates its own form input for credit card details using an id of "card-element" as you will see in stripe/index.gsp. You can add other input fields, like name, surname, etc. and Stripe will bounce them back to you so you can use them.

Stripe has a list of test credit card numbers which you can use for testing. The name and surname can be any name and surname, the three number CV code any three numbers and the expiry date any date in the future.

That's it, really. Stripe is actually easy.

If you find what you learned on this page useful, please use the social media widgets at the bottom and pin, tweet, plus-one or whatever this page.