Paystack has an API for charging returning customers. You send the customer’s email, amount and authorization code and that’s it. (The authorization code is one of the parameters returned when you first charge the customer. We will get to it).
Note that this is totally different from subscriptions and plans. Subscriptions are fixed charges that are automatically charged recurrently. My N9,500 monthly wifi.com.ng charge is an example. Charging a returning customer in the context of this post will mean charging a customer that has once used Paystack on your ecommerce site and is back again. Here, the charge is not fixed (he spent N15,000 the first time but now he is spending just N3,500) and does not happen at regular intervals.
Here is what the process looks like:
Let’s start with the renowned payment form that shows up once payment is required.
What we want however is that if the customer has made payment once, he shouldn’t have to enter his payment details again. We use his existing payment details to process the new charge. This is where the charge authorization API comes in. But we need to have the customer’s authorization code to do this. The authorization code is returned anytime we verify a payment like we did above. For reference, below is an example response from the verify API. Notice the authorization code in there:
So let’s update our process.php script and save the authorization code during verification so that we can use it for subsequent charges. For identification purpose, we can also save the last 4 digits of the card, as returned from the API.
We will then update our payment form to check if we have saved an authorization code for the user. If he has, we show him a button he can click to make payment without having to enter his card details again.
You want to ensure that the recharge script is idempotent, that is if the recharge page is called multiple times, the customer is only charged once. There are many ways this can be done. A very simple approach is to use a token as with CSRF validation.
Handling failed charges from authorization code
So what happens when the customer’s card expires? Paystack obviously won’t be able to charge the customer from our authorization code. Remember, the authorization code is attached to the customer’s card. Paystack currently doesn’t have a way for users to update card details. One way to handle this is that on failed charge, we delete the saved authorization code and card 4 digits so that this brings up the payment form again and we can get new payment details.
My name is Opeyemi Obembe. I build things for web and mobile. You should follow me on Twitter (@kehers).