Stripe.com Gateway Integration

UltraCart integrates seamlessly with the Stripe.com credit card gateway.

Start by creating your Stripe Account

Sign up for your Stripe.com account here: 
https://manage.stripe.com/register

Integrating Stripe into your UltraCart will only take a few minutes.

Gathering your Stripe Credentials

The publishable key is used to generate credit card tokens and should be included with the HTML form. The secret key is used for all other API calls on the server-side. Since UltraCart is already integrated, you'll need only to obtain the live key's. 

You can grab the test and live API keys for your account under: Your Account >> API Keys.

 NAVIGATE:

On the next screen click on "Your Account":

Next, click the menu choice "API Keys":

You'll need the "live keys":

Placing your Stripe API key credentials into your UltraCart account

Copy and paste the keys into the matching UltraCart configuration fields by navigating in UltraCart:

IF IT IS YOUR FIRST TIME NAVIGATING TO THE PAYMENTS CONFIGURATION PAGE:

1) Choose (second radio button) "Accept credit cards" , then click "next" button
2) Choose (second radio button) "I prefer a payment gateway that works with my 
    existing internet merchant account.", then scroll down and select "Stripe" (radio button)
    and click the next button.

3) Paste in (the live API) Publishable  & Secret keys into the respective fields, then click the
    checkboxes for the credit card types you are setup to process through the account, then
    click the "finish" button (you may uncheck the opt-in offer for paypal).

IF YOU HAVE ALREADY PREVIOUSLY COMPLETED THE PAYMENT WIZARD:

Click the checkbox to select "Stripe" from the list of gateways, to see the configuration fields. You'll paste the Publishable and Secret keys into the corresponding fields, then you'll select ALL of the card types in the "methods" section (Stripe requires all of the CC types be selected.)

1. Paste in (the live API) Publishable  & Secret keys into the respective fields.
2. Enter your "Stripe Statement Descriptor" if instructed to do so by Stripe.
3. Select your preference for the "Send Receipts" (Yes/No)
4. Click the checkboxes for ALL of the credit card types, then scroll down to the bottom of the page and click the save button to save the changes. 

You're now integrated with  stripe.com !

Stripe is going global! 

Available in 23 nations and counting!
https://stripe.com/global

•  Australia
•  Canada
•  Denmark
•  Finland
•  Ireland
•  Norway
•  Sweden
•  United Kingdom
•  United States
•  Austria (beta)
•  Belgium  (beta)
•  France (beta)
•  Germany (beta)
•  Italy (beta)
•  Japan (beta)
•  Luxembourg (beta) 
•  Netherlands (beta)
•  Spain (beta)
•  Brazil (private beta)
•  Mexico (private beta)
•  Portugal (private beta)
•  Singapore (private beta)
•  Switzerland (private beta)

PCI Compliance Warning

You may receive a email notification from Stripe warning you about passing complete credit card data to the Stripe servers:

*From: *Stripe <support@stripe.com> 
*Subject: **Action required to process safely on Stripe* 
*Date: *May 21, 2019 at 11:11:01 AM CDT 
*To:  
<https://stripe.com/> 

Hello there, and welcome to Stripe! 

We noticed that you are passing your cardholder's full credit card number 
to Stripe's API. We strongly discourage you from handling this information 
directly because doing so: 

Potentially exposes your customer's sensitive data to bad actors 

Excludes your payments from protection by Radar 
<https://stripe.com/docs/radar>, Stripe's fraud protection solution 

Requires your business to meet complex and burdensome PCI compliance 
requirements <https://stripe.com/docs/security#pci-dss-guidelines> 

To keep your customer's information safe, we were unable to process the 
unsafe charge you just sent us. In order to process payments securely on 
Stripe, change your integration to collect payment information using one of 
our official client integrations <https://stripe.com/docs/payments>. These 
integrations ensure that no sensitive card data ever needs to touch your 
server. 

In rare cases, you may have to continue handling full credit card 
information directly. If this applies to you, you can enable unsafe 
processing in your dashboard 
<https://dashboard.stripe.com/account/integration/settings>. 

For any questions, just reply to this email and we'd be happy to help. 

Yours, 
The Stripe Team 

Properly Configuring PCI related settings

You can inform Stripe that we are PCI level 1 certified and have our own hosted field technology to properly isolate the card holder information from all threats on the page, etc. UltraCart handles all credit card data in full compliance with existing PCI regulations. 

• Stripe Dashbaord: https://dashboard.stripe.com/account/integration/settings
• 

1. Enable the the Slider setting "Handle card information directly" displayed in this screenshot:
   
   
2. On the next screen:
        (1)Select the three checkboxes
        (2)Then select "I collect the payment information securely through a PCI compliant third party vendor"
        (3)Then enter "UltraCart.com" into the input field
        (4) Click the continue button:
   
   
3. The confirmation page will appear like this:
   

Related Documentation:

https://stripe.com/docs/disputes/prevention/verification