If you want to save a customer's card without charging them for their subscription right away, use Stripe's Setup Intents API to create a SetupIntent to capture their card details. This SetupIntent will optimize the authentication flow when you charge your customer for the first time (using the Payment Intents API), as well as the recurring payment process.
If you want to save card details at the same time as the first charge, create a PaymentIntent to charge and capture the card details for future use. Use the setup_future_usage parameter to indicate how you expect future charges to occur:
on-session means that the customer will actively be on your site or app for future payments.
Their first payment is considered on-session, as the first payment must be authenticated by the customer using 3D Secure authentication.
off-session means that future charges will take place automatically, regardless of whether or not the customer is on your site or app.
When the PaymentIntent is created and you charge your customer, they will be taken through a verification flow to authenticate unless frictionless flow is applied (only available for 3D Secure 2).
If you first created a SetupIntent, or if you created a PaymentIntent with the setup_future_usage parameter set to off_session for their first charge, the next charge will automatically request a Merchant-Initiated-Transaction exemption from the card issuer which would allow the charge to succeed without authentication.
The exemption is allowed at the discretion of the card-issuing bank. If the issuer rejects the exemption request, the customer will need to be brought back to your website or app to authenticate the purchase on-session. This can be done by:
Setting up automatic 3D Secure authentication emails in your Billing settings,
Using Stripe's hosted invoices to email your customer with a customized email that takes them to a hosted authentication URL, or
Manually redirect them to the authentication URL from within your website or app flow.
Exemptions are allowed only at the discretion of the customer's bank, so we recommend setting your checkout flow for off-session payments in the event the exemption request is not accepted.