Stripe is a simple way to accept payments online, allowing your customers to pay with Visa, MasterCard, American Express, Discover, JCB, and Diners Club cards - and even BitCoin - in Drupal Commerce. Stripe is available in many countries and currencies - see this FAQ for the complete list.
- PCI-compliant integration/payments (SAQ A-EP by default; SAQ-A can be achieved with Checkout integration).
- Utilizes the Stripe.JS library so that sensitive card data never touches your server - only token representations of cards are stored. See this PCI Compliance discussion for further details.
- Users never leave your site.
- Keeps track of payment status in Stripe.
- Refunds supported through Commerce's terminal form.
- BitCoin support (through Stripe Checkout integration)
- Install and activate Commerce Stripe and Libraries modules.
- Download v3.23.0 of the Stripe PHP library from GitHub.
- Extract the files into sites/all/libraries/stripe-php.
- Create an account at Stripe.com, and insert your API keys from the Stripe dashboard into the Commerce Stripe payment method settings at admin/commerce/config/payment-methods.
Upgrading to 3.0
The 1.x and 2.x versions of this module are currently unsupported and will no longer receive updates. It is highly recommended that any existing installations be upgraded to 3.x, which contains new features and bug fixes. The new version 3.0 is under active development, and while it is used in production on several sites already, please exercise caution while the module is in Alpha as APIs are subject to change.
Upgrading to the 3.0 branch only requires that you have downloaded Stripe PHP SDK version 3.23.0, replacing version 1.18 (located in sites/all/libraries/stripe-php).
Library and API compatibility
Since Stripe continues to iterate on their Library versions, work is underway to make sure that the Drupal version of the Commerce Stripe module correlates to the correct Library version; in other words:
TLS 1.2 requires newer versions of cURL and OpenSSL.
To keep sites that contain sensitive information (such as credit card numbers) secure, Stripe and others are phasing out the older SHA-1, TLS 1.0 and TLS 1.1 in favor of newer technologies such as TLS 1.2.
If you receive the error Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later, this has nothing to do with the Stripe module or the underlying PHP library, but the server itself — you or your hosting company will need to upgrade the installed packages on your server.
See this comment and issue for more information on updating your server's installed packages to resolve this error.
Note on PCI-DSS compliance
As of the implementation of PCI-DSS 3.0 (January 2015), this module is intended to work within the requirements of Self Assessment Questionnaire A-EP. If you are not familiar with the requirements of SAQ A-EP, you should not use this module. For more information on PCI compliance as it applies to Drupal, see the Drupal PCI Compliance White Paper. Also, with Stripe Checkout integration (supported by this module) it is possible to achieve SAQ-A compliance, as Stripe controls the submission of all sensitive data.
Disclaimer: the maintainers and contributors of this module are not experts in PCI-DSS compliance. your compliance with PCI-DSS requirements is entirely your responsibility. For the strongest PCI compliant Commerce Stripe integration, use the Stripe Checkout integration setting.
- Maintenance status: Actively maintained
- Development status: Under active development
- Reported installs: 3,055 sites currently report using this module. View usage statistics.
- Downloads: 24,152
- Last modified: January 12, 2017
- Stable releases are covered by the security advisory policy.
Look for the shield icon below.