Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ApexLeo's avatar

Laravel Cashier single Charge for api

Hello Everyone. I am using laravel cashier for payments. and i have implemented it on web side here is what it looks like

public function payment(Request $request)
{
    $intent = auth()->user()->createSetupIntent();
    return view('page.payment', compact('intent'));
}

public function submitPayment(Request $request)
{
    $user          = auth()->user();
    $paymentMethod = $request->input('payment_method');

    try {
        $user->createOrGetStripeCustomer();
        $user->updateDefaultPaymentMethod($paymentMethod);
        $user->charge(3 * 100, $paymentMethod);
    } catch (\Exception $exception) {
        return back()->with('error', $exception->getMessage());
    }
    return redirect()->back()->with('success', 'Payment done.');
}

This thing is working fine. Now the Problem is i want to create a payment API in Laravel for mobile. And i have no idea how to do that should i send intent and they will give me Payment method or some thing else.

Also, I Just read online somewhere that you will receive few fields from api include Number, Expiry Year, Expiry Month, CVC and Name using these fields you can create a stripe Token and use that for Payment.

So i ended up like This but Not Working. Here is the Code.

public function apiSubmitPayment(Request $request)
{	
	$stripe = array(
    	"secret_key"      => config('services.stripe.stripe_key')
        "publishable_key" => config('services.stripe.stripe_secret')
	);

    \Stripe\Stripe::setApiKey($stripe['secret_key']);
    $stripeToken = Token::create(array(
    	"card" => array(
        	"number"    => $request->get('number'),
            "exp_month" => $request->get('exp_month'),
            "exp_year"  => $request->get('exp_year'),
            "cvc"       => $request->get('cvc'),
            "name"      => $request->get('name')
		)
	));

	$user = auth()->user();

	try {
    	$user->createOrGetStripeCustomer();
		$user->updateDefaultPaymentMethod($stripeToken);
        $user->charge(3 * 100, $stripeToken);
	} catch (\Exception $exception) {
    	return $this->response(Response::HTTP_OK, $exception->getMessage(), []);
	}

	return $this->response(Response::HTTP_OK, 'Data fetched Successfully', [
    	'advert' => new AdvertResource($advert),	
	]);
}

Any Help would be great full please help me out of this i really need a solution for this.

0 likes
1 reply
martinbean's avatar
martinbean
5 years ago
Best Answer
Level 80

@apexleo You should absolutely NOT be capturing user’s card details such as card number, expiry date, and CVC. If this data is touching your servers then PCI compliance falls on you, and defeats the point of using a service like Stripe that is meant to handle PCI-compliant payments for you.

Stripe provides solutions to avoid this. If you use Elements, then the details are entered in an iframe so touch Stripe’s servers only. You will then use JavaScript to submit these details, and you’ll get a token back in response. You use the token to make charges; not the user’s actual card details.

1 like

Please or to participate in this conversation.