Create a simple website using ExpressJS that uses the Marqeta and Stripe APIs to generate virtual credit cards and then authorize transaction with these cards.
This is for a minimum "proof-of-concept" app. There are 2 web pages and 3 POST routes to create. Each page consists of a plain HTML form (no styling, no client-side JS). Server-side data is stored in an SQLite database containing a single table (Customer).
-- [url removed, login to view] and POST /setup_marqeta
This is a one-time route that sets up the Marqeta API. The [url removed, login to view] page consists of a HTML credit card input form, and the POST action sets up the Marqeta API so that this credit card can be used as a funding source for the virtual credit cards:
1. Retrieve the credit card information from the form data that was POST'ed via the web form.
2. Create a program funding source via the /fundingsources/ route. Funding sources enable access to funds outside of the Marqeta platform.
3. Assign the credit card that was entered to the funding source via the /fundingsources/paymentcard route.
4. Create a card product /cardproducts. The card product defines the common characteristics of a group of cards (the virtual cards to be issued), and contains the token of the funding source.
5. Create a program gateway via /fundingsources/programgateway and assign the /authorize_transaction route (defined below) as the endpoint.
6. Dump each response to a text file in a folder called /setup.
-- [url removed, login to view] and POST /create_customer
These routes creates a customer and stores the customer's credit card details using the Stripe API. The [url removed, login to view] page consists of name and e-mail text inputs, plus a button that opens the Stripe pop-up widget to enter the credit card information. The POST action stores the Stripe token to be able to later bill that credit card, and then generates a virtual credit card (using the Marqeta API) that is associated with the real credit card. The information is stored in the SQLite database. More specifically, the POST action accomplishes the following steps:
1. Retrieve the customer information Create a Customer object on the Stripe API and save credit card details
2. Create a virtual credit Card object on the Marqeta API, referencing the previously created “card product” or group of cards, and store the details of that virtual credit card in the Customer object.
3. Create a Customer object in the SQLite database and store the customer details (name and e-mail), the token to later charge the real card from the Stripe API, and the token to reference the virtual card from the Marqeta API.
-- POST /bill_customer
This is an HTTP endpoint that serves as the authorization endpoint for billing the virtual credit cards associated with customers. This endpoint is set up (see /setup_marqeta) to be called by Marqeta every time a credit card is billed. The authorization receives a transaction request, bills the real credit card (using Stripe) for the real amount, and authorizes the transaction on the virtual credit card if the funds are available on the real credit card. Please see the attached diagram that explains the flow of the just-in-time authorization.
1. JIT (just-in-time) funding request received from Marqeta on HTTP endpoint.
2. Lookup Customers table in SQLite and select user associated with the virtual credit card.
3. Using the Stripe API, charge the user's real credit card for the amount requested by the transaction.
a. If Stripe raises an error, respond to JIT funding response by denying payment.
4. If payment clears, send back JIT funding response approving release of funds to requesting service.
5. Virtual card is billed for fees by requesting service.