Add getPaymentConfig endpoint for Payment Sheet saved cards

Returns customer ID, ephemeral key, and publishable key needed for Stripe Payment Sheet to display saved payment methods on iOS/Android. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-17 18:00:56 -08:00 · 2026-02-17 18:00:56 -08:00 · 29327c4a13
commit 29327c4a13
parent 07c2f24d67
1 changed files with 114 additions and 0 deletions
--- a/api/stripe/getPaymentConfig.cfm
+++ b/api/stripe/getPaymentConfig.cfm
@ -0,0 +1,114 @@
+<cfsetting showdebugoutput="false">
+<cfsetting enablecfoutputonly="true">
+<cfcontent type="application/json; charset=utf-8" reset="true">
+
+<cfscript>
+/**
+ * Get Payment Config for Stripe Payment Sheet (saved cards)
+ *
+ * Returns customer ID, ephemeral key, and publishable key needed
+ * for Payment Sheet to display saved payment methods.
+ *
+ * POST: { UserID: int }
+ */
+
+response = { "OK": false };
+
+try {
+    requestData = deserializeJSON(toString(getHttpRequestData().content));
+    userID = val(requestData.UserID ?: 0);
+
+    if (userID == 0) {
+        response["ERROR"] = "UserID is required";
+        writeOutput(serializeJSON(response));
+        abort;
+    }
+
+    stripeSecretKey = application.stripeSecretKey ?: "sk_test_LfbmDduJxTwbVZmvcByYmirw";
+
+    // Get user's Stripe Customer ID
+    qUser = queryExecute("
+        SELECT StripeCustomerId, EmailAddress, FirstName, LastName
+        FROM Users
+        WHERE ID = :userID
+    ", { userID: userID }, { datasource: "payfrit" });
+
+    if (qUser.recordCount == 0) {
+        response["ERROR"] = "User not found";
+        writeOutput(serializeJSON(response));
+        abort;
+    }
+
+    stripeCustomerId = qUser.StripeCustomerId ?: "";
+
+    // Create Stripe Customer if user doesn't have one
+    if (len(trim(stripeCustomerId)) == 0) {
+        customerService = new http();
+        customerService.setMethod("POST");
+        customerService.setUrl("https://api.stripe.com/v1/customers");
+        customerService.setUsername(stripeSecretKey);
+        customerService.setPassword("");
+
+        customerName = trim((qUser.FirstName ?: "") & " " & (qUser.LastName ?: ""));
+        if (len(customerName) > 0) {
+            customerService.addParam(type="formfield", name="name", value=customerName);
+        }
+        if (len(trim(qUser.EmailAddress ?: "")) > 0) {
+            customerService.addParam(type="formfield", name="email", value=qUser.EmailAddress);
+        }
+        customerService.addParam(type="formfield", name="metadata[user_id]", value=userID);
+
+        customerResult = customerService.send().getPrefix();
+        customerData = deserializeJSON(customerResult.fileContent);
+
+        if (structKeyExists(customerData, "error")) {
+            response["ERROR"] = "Failed to create customer: " & customerData.error.message;
+            writeOutput(serializeJSON(response));
+            abort;
+        }
+
+        stripeCustomerId = customerData.id;
+
+        // Save to Users table
+        queryExecute("
+            UPDATE Users SET StripeCustomerId = :custId WHERE ID = :userId
+        ", {
+            custId: stripeCustomerId,
+            userId: userID
+        }, { datasource: "payfrit" });
+
+        writeLog(file="stripe_webhooks", text="Created Stripe Customer #stripeCustomerId# for user #userID# via getPaymentConfig");
+    }
+
+    // Create Ephemeral Key for this customer
+    ephemeralService = new http();
+    ephemeralService.setMethod("POST");
+    ephemeralService.setUrl("https://api.stripe.com/v1/ephemeral_keys");
+    ephemeralService.setUsername(stripeSecretKey);
+    ephemeralService.setPassword("");
+
+    // Stripe API version for ephemeral keys - must match mobile SDK version
+    ephemeralService.addParam(type="header", name="Stripe-Version", value="2023-10-16");
+    ephemeralService.addParam(type="formfield", name="customer", value=stripeCustomerId);
+
+    ephemeralResult = ephemeralService.send().getPrefix();
+    ephemeralData = deserializeJSON(ephemeralResult.fileContent);
+
+    if (structKeyExists(ephemeralData, "error")) {
+        response["ERROR"] = "Failed to create ephemeral key: " & ephemeralData.error.message;
+        writeOutput(serializeJSON(response));
+        abort;
+    }
+
+    response["OK"] = true;
+    response["CUSTOMER"] = stripeCustomerId;
+    response["EPHEMERAL_KEY"] = ephemeralResult.fileContent; // Raw JSON for SDK
+    response["PUBLISHABLE_KEY"] = application.stripePublishableKey ?: "pk_test_sPBNzSyJ9HcEPJGC7dSo8NqN";
+
+} catch (any e) {
+    response["ERROR"] = e.message;
+    response["DETAIL"] = e.detail ?: "";
+}
+
+writeOutput(serializeJSON(response));
+</cfscript>