I am using Stripe for payments in my app. There are two Ids:
payment_intent_id. I noticed that when I try to use a payment_method with a different Stripe Customer, it doesn’t let me, so my guess is that it is not that secret. Are payment_intent_ids secret? If I store the payment_intent_id in a database for each transaction is that bad?
PaymentIntent id (pi_123456) is really just an identifier and doesn’t have to be kept secret. No one can do anything with the id unless they have your Secret API key or the
It’s definitely common practice to store the
PaymentIntent id in your database as a reference to the object in the API. It’s similar to how you can store a
Customer id (cus_123) or its
PaymentMethods ids (pm_123) in your database.