Using Stripe Connect in Ruby on Rails - Winvoice

For product #2 of the 20/20 Challenge, we launched Winvoice: the ultimate invoicing tool for individuals or small companies who simply want invoicing.  No time tracking, no tax calculations, no expense reports...just invoicing. 

In this week's Nerd Notes, I will be focusing primarily on using Stripe Connect in a Ruby on Rails application using Devise for authentication. Hopefully it's helpful to some of you building your own web applications.

What is Stripe?

Stripe a set of API tools that allows for developers to integrate payments into their applications. Amid countless options it has quickly become my tool of choice for payments due to their great docs, superior interface, simple signup, and responsive customer support. 

Stripe somewhat recently launched Stripe Connect, which allows users to connect to applications using OAuth strategies.  It's kind of like the "Connect/Login with Facebook" buttons you see all over the internet, but for bank accounts.  We decided to have every user sign in with their bank account in order to easily standardize payments.

The flow when a user signs in with Stripe looks like this:

Stripe's OAuth Flow.

So how do we use it?

Integrating Stripe Connect with a Ruby on Rails app is not too difficult, but there are several factors that aren't directly documented on the Stripe website.  Since there is no tutorial online, I figured I'd share how I did it in this case.

Step 1: Registering with Stripe

The first thing you want to do, is head over to the Stripe website, and create an account or login here.  Once you've created your account, it will take your account settings, where you can register your account with Stripe Connect.  You must register with Stripe Connect as well in order for this process to work.  Once the registration process is complete you will have access to the three following keys in development and production mode:

  1. Stripe Publishable Key:  This key, also called the public key, is used in checkout and payment situations and can be written into javascript files without compromising your account.
  2. Stripe Secret Key:  This key should be kept secret and helps you process payments on the client side.
  3. Stripe Connect Client ID:  This final key, as indicated by the name, allows you to use Stripe Connect.  Also keep this one secret.

Put the following development keys in your configuration file.  I use the gem figaro in order to manage my ENV variables.

Once, you have these keys, go to your account settings and go to the Apps tab.  There, set your Redirect URI to the following: http://lvh.me:3000/users/auth/stripe_connect.  You may need to use localhost instead of lvh.me depending on your local setup.

(bonus tip: You can create new accounts from within your Stripe dashboard.  Just click on the "Your Account" dropdown in the top right, then click "Create new Account...".  This can help with testing, or if you have multiple apps)

Step 2 - Authenticating and accessing users

Now, we need to use OAuth to actually use Stripe in your application.  We will use the OmniAuth Stripe Connect gem, which you can read about here.  Add the following to your gemfile:


    gem 'omniauth-stripe-connect'

Run 'bundle install'.   For this app, we are using devise for authentication and user accounts, so if you are not using devise, your steps will be slightly different.  Head to your config/initializers/devise.rb and insert the following:


    config.omniauth :stripe_connect,
      ENV['STRIPE_CONNECT_CLIENT_ID'],
      ENV['STRIPE_SECRET_KEY'],
      :scope => 'read_write',
      :stripe_landing => 'register'

This will allow stripe connect to write to your database after the flow.  If you think that your users will have a stripe account, change stripe_landing to 'login'.

Before communicating with Stripe, we have make some space for the info in our database.  Create a new migration with the following information:


  class AddPublishableKeyToUsers < ActiveRecord::Migration
    def change
      add_column :users, :publishable_key, :string
      add_column :users, :provider, :string
      add_column :users, :uid, :string
      add_column :users, :access_code, :string
    end
  end

For each user, you will now have their publishable (public) key, the provider ("stripe"), the unique id of the user (the stripe user's ID), and the access token for the user.  These will allow you to make calls on their behalf.

Now, you need a way to communicate with Stripe to react to their flow and process.  We are going to make a controller and route the callbacks to your app.  Start out by editing your devise route (in config/routes.rb) to the following:


    devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }

Then, create a controller called omniauth_callbacks_controller.rb.  In here, we will update the user based on Stripe's response.  Enter the following code:


  def stripe_connect
    @user = current_user
    if @user.update_attributes({
      provider: request.env["omniauth.auth"].provider,
      uid: request.env["omniauth.auth"].uid,
      access_code: request.env["omniauth.auth"].credentials.token,
      publishable_key: request.env["omniauth.auth"].info.stripe_publishable_key
    })
      # anything else you need to do in response..
      sign_in_and_redirect @user, :event => :authentication
      set_flash_message(:notice, :success, :kind => "Stripe") if is_navigational_format?
    else
      session["devise.stripe_connect_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end

So now we have a way to receive the response from Stripe.  Now, wherever you need it in your views, put:


    <%= data-preserve-html-node="true" link_to image_tag('STRIPE_IMAGE_URL'), user_omniauth_authorize_path(:stripe_connect) %>

Replace the image tag with the url for one of the buttons on Stripe's branding page.   Now a user can come to your app and connect their Stripe account!  So, the only thing left now is:

Step 3 - Managing and Using your users Stripe accounts

Now that you have access to your user's Stripe accounts, there is an endless possibility of what you can do.  You can monitor their payments, create a marketplace, or anything else you desire.  For us, we needed to allow our users to collect payments through their invoices.

We decided to use the excellent Stripe Checkout.   They have a great tutorial on how to use it with Ruby on Rails here, so I won't dive to deep in to that, but let me know if their are any issues you run into.   Just remember, if you need to use a Stripe key for a request, you are using the keys of the user, not yours.  The only key that you will use for most API calls is your Stripe Connect Client ID.

What next?

So now that you have Stripe connected and can access their accounts, be sure to check out some of their other features.  Make sure you also incorporate webhooks in their application.  Stripe is really useful, so more tutorials are sure to come sometime in this challenge.

And that's it for this week.  Now go use Winvoice. And let us know what you think @teammuno.


Ruben