I’m trying to add a card on file for a customer as part of a monthly subscription. I’ve already upserted a catalog object which contains the subscription plan ID for the subscription for me to reference.
A paid subscription requires a card - so it needs the “card_id” argument passed in. In order to generate a card, a credit card nonce or payment ID is required for the “source_id” argument. I don’t think a payment ID would work for this, since subscriptions aren’t one-time payments.
That leaves the option of a nonce. From the documentation I’ve read, the only way to generate a card nonce for Square is through the Web Payments SDK. It seems the only option from the SDK that may work is storing a card on file with SCA (Strong Customer Authentication), which shows sample code on GitHub here. I tried that, but failed to get an authenticated response to the /card endpoint, due to a missing CORS header and resulting 403 error. I did more research on this issue, and it seems using JavaScript to generate a card won’t work due to the insecure risk of exposing the application ID and location ID. I’m not sure if there’s a workaround for cross-origin requests. Another non-option is the SQPaymentForm, which is deprecated and will be retired in October of this year.
At this rate, with it seeming that client-side coding may not be a viable option, I was wondering if there are ways to generate a card nonce and store a card for a customer by using any type of server-side languages. It looks like that solution would be using the /customers/{customer_id}/cards endpoint (documentation) to create a customer card, which requires the parameter “card_nonce.” I happen to be using C# as the back-end for my Web app. If not, I will have to figure something out with the Web Payments SDK, as the SCA method keeps generating CORS errors. I also may need corrected on the notion that it isn’t possible to pass a payment ID to store a card for subscriptions.