This project is not covered by Drupal’s security advisory policy.

8.x-2.x

Provides a "Stripe Checkout" field type that can be used to set the prices of a fielded entity. The field is rendered as a Stripe Checkout button, using Stripe's JS library. Users can click the button and pay the specified price.

This module does not actually do anything after a charge has been completed. However, it provides two ways to react to a charge being made via Stripe:

  • hook_stripe_checkout_charge_succeeded()
  • This branch relies on the Stripe API module, which provides a stripe_api.webhook event to which you can subscribe.

8.x-1.x

Provides a field formatter to format an integer field into a simple Stripe Checkout payment button, following the docs at https://stripe.com/docs/checkout.

It has a callback that will set the field to 0¢ when the payment is successful. For this reason we often call the field "Balance due" and we render the display price using a separate field.

Installation

  • run "composer install" in the module folder
  • enable the module
  • create a content type with an integer field
  • set the display formatter to be "Stripe checkout"
  • create some nodes! Make money!

Remember that you must input the values in cents as this is what Stripe expects. Also, Stripe has a minimum of 50¢ charge.

Upon receiving a successful payment the field will be set to 0¢ so that the button no longer appears. The translatable string "Paid. Thank you." will replace it. If you have a different use case, such as an option to keep the value unchanged (thus keeping the button always-on), patches are welcome!

As a side effect of using the Content Security Policy you can "reveal" third-party embeds when the payment is made in full, simply by embedding the third-party content and enabling CSP (which is the default). You may need to re-save the node or clear the cache if the page has already been rendered when you are testing this functionality.

Production Settings

You may want to hard-code your API keys in your production environment to keep them out of your version control and to prevent these values from being changed in the user interface.

We have also given you the option to enable Content Security Policy to prevent third-party embeds from showing on pages which feature a Stripe Checkout button. This is enabled by default anyway, but you may want to force it on in production so the setting cannot be changed.

Here is what you add to settings.php:

// Stripe API keys
$config['stripe_checkout.settings']['stripe_checkout_key_secret'] = 'sk_1234567';
$config['stripe_checkout.settings']['stripe_checkout_key_public'] = 'pk_1234567';

// Restrict third-party embeds when Stripe Checkout button is present
$config['stripe_checkout.settings']['stripe_checkout_enforce_csp'] = TRUE;

Enabling or disabling CSP may require a cache clear / cache rebuild to take effect. Setting the keys in this way does not.

We recommend http://drupalpcicompliance.org/ if you have questions about PCI in Drupal.

Currency support

The currency used can be set site-wide, but you can also support multiple currencies by creating one field per currency and setting the currency code (3-letter code that Stripe uses) on each field.

Multiple currency fields can exist on the same node BUT THEY MUST BE SET TO DIFFERENT CURRENCIES. So if you want to support both USD and CAD for example you can put a field for each, and then only fill out the one you need in that circumstance.

Supporting organizations: 

Project Information

Downloads