Saving card details first without an initial payment

If you want to save a customer's card details straight away without charging them for their subscription, use Stripe's Setup Intents API to create a SetupIntent to capture their card details. This SetupIntent will optimise the authentication flow when you charge your customer for the first time (using the Payment Intents API), as well as the recurring payment process.

Saving card details along with the first payment

If you want to save card details at the same time as the first charge, create a PaymentIntent to charge and capture the card details for future use. Use the setup_future_usage parameter to indicate how you expect future charges to occur:

• On-session means that the customer will actively be on your site or app for future payments.

  • Their first payment is considered to be on-session, as the first payment must be authenticated by the customer using 3D Secure authentication.

• Off-session means that future charges will take place automatically, regardless of whether or not the customer is on your site or app.

When the PaymentIntent is created and you charge your customer, they will be taken through a verification flow to authenticate unless frictionless flow is applied (only available for 3D Secure 2).

Recurring payments

If you first created a SetupIntent, or if you created a PaymentIntent with the setup_future_usage parameter set to off_session for their first charge, the next charge will automatically request a Merchant-Initiated-Transaction exemption from the card issuer, which would allow the charge to succeed without authentication.

The exemption is allowed at the discretion of the card-issuing bank. If the issuer rejects the exemption request, the customer will need to be brought back to your website or app to authenticate the purchase on session. This can be done by:

• Setting up automatic 3D Secure authentication emails in your Billing settings

• Using Stripe's hosted invoices to send a customised email your customer which takes them to a hosted authentication URL or

• Manually redirect them to the authentication URL from within your website or app flow.

Additional information

• Exemptions are allowed only at the discretion of the customer's bank, so we recommend setting your checkout flow for off-session payments in the event that the exemption request is not accepted.