Hey everyone! I'm in a bit of a bind with a project for a client who needs a custom payment processing solution since they've been banned from Stripe. It's crucial I get this right because they paid really well, and I don't want to let them down. Here's what I have so far in terms of the implementation:
- **Frontend (Next.js)**: A form that makes a POST request to /api/save-transaction.
- **API /api/save-transaction**: This saves card data to a Vercel Blob (transactions/timestamp.txt).
- **Vercel Blob Storage**: This stores the raw transaction files.
- **API /api/process-transactions**: This tries to read all files, charge the card, and then delete the file.
- **Vercel Cron**: It's set to run /api/process-transactions every minute.
However, I'm having issues with the process transactions part. Here's the code I'm working with, and I would really appreciate your help!
4 Answers
I have to say, this is not a good idea. Handling credit card data yourself can lead to serious compliance issues. You really need to switch to a proper payment processor. There are many available like Braintree and PayPal that not only take care of security but also ensure you're following the law. If your client insists, it might be worth explaining the serious risks involved and your responsibilities as a developer.
This is wild! Seriously, processing credit cards yourself is risky, and it’s just not done anymore unless you have the infrastructure of a huge payment processor. If cost is an issue, find something affordable or maybe look for a direct bank solution. And definitely don't handle sensitive data like this; it’s not worth it!
Oh man, what you’re doing here is a big no-no from a compliance perspective. Unless you really know the financial regulations in your and the client's country, I’d suggest you look for a payment provider that understands this stuff completely. Protecting your client and yourself is more important than landing this project. Just say no if they push you on it! Keep your reputation intact.
You should definitely remove the posted API key - that exposes a huge security risk! And for the actual processing, I'd advise considering PCI compliance; trying to handle payments manually can lead to serious penalties. A tokenization system with a compliant provider is your best bet.
I noticed they replaced the API key, but you’re right on the liability concerns. It’s just not safe to DIY a payment processor.
Exactly! You're setting yourself up for major liability over this. Just connect with a reputable service; the headaches you avoid will be worth it.