Stripe With Stored Cards

Compatible With: Community 2.0, 2.1, 2.2, 2.3 Enterprise 2.0, 2.1, 2.2, 2.3

Tech Specifications

Current Version:
Stable Build
12 July, 2019
Extensions, Payments & Security, Payment Integration
License Type:


Top-notch user experience, convenience, and PCI SAQ-A security: Treat your store to ParadoxLabs Stripe.


Back to top

Stripe is taking ecommerce payment processing by storm, with simplicity and power. They don't just give you a way to accept credit card payments: They do it in a way that makes sense, and makes life so much easier for you and for your customers.

With ParadoxLabs Stripe, we build on Stripe's top-notch offerings by integrating those payment services into Magento 2, along with extensive stored card functionality. This gives you and your customers the convenience of stored credit cards, with all the security of Stripe. It also allows us to give you many advanced features that other payment methods simply aren't capable of.


Account & Pricing

Stripe charges 2.9% + $0.30 for every credit card transaction processed, with zero setup or ongoing fees. Enterprise customers may be eligible for volume discounts. See complete pricing info



This module supports all standard payment actions. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

The first time a customer checks out, they are given an advanced unified field to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.

  • Pay by credit card, Apple Pay, and Google Pay
  • Save credit cards (tokens) for reuse
  • PCI SAQ-A eligibility: Stripe collects all credit card data for you
  • Add, edit, and delete saved payment data
  • Edit orders and reorder, without having to ask the customer for CC info again
  • Authorize, Capture, or Save CC Info (without charging) at time of checkout
  • Capture funds even after the authorization expires
  • Partially invoice orders (including reauthorization on partial invoice)
  • Partially refund (online credit memo)
  • Send shipping address to Authorize.Net
  • Credit Card Verification (CCV)
  • Address Verification (AVS)
  • Integrate your systems thanks to Magento API support (REST and GraphQL)
  • Use a different Stripe account for each website (multi-store support)
  • Great User Experience

The Stripe Elements credit card form provides a unique user experience that is highly optimized for all devices. Customers are given a single input for their credit card information. Input automatically flows from one field to the next, and credit card type is auto-detected. Validation happens in real-time, and customers are given immediate feedback if they enter an invalid number or expiration date.

The input field adjusts on the fly based on the credit card type, matching the formatting they see on their credit card. It is also responsive for mobile devices, supporting numeric input, and supports browser autofill.

Look and feel of the input can be customized through an admin setting, with support for most CSS properties.



Stored payment info is good for your business and customers.

  • It simplifies checkout.
  • It encourages customer loyalty.
  • It streamlines order management and integrations.
  • It lets your staff quickly process orders and billing changes, without needing customers to repeat their credit card info.

All frontend features are available in the admin panel. This means admins can view, add, edit, and delete customers' stored cards, and place orders using them.

When editing an order, you can reuse the payment info, even for guest orders.



Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs Stripe will protect you from many forms of credit card scraping hacks.

All communication with Stripe is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Stripe Elements, all credit card forms for this extension are contained within an iframe hosted by Stripe.

This means all credit card data is sent directly from your customers to Stripe, and none of it is exposed to your website or server at any time. They give us back a one-time-use token to use in place of the actual credit card data, and we use that token to store it in the customer's Stripe profile. This lets your customers pay with a 'saved' card that's not stored on your server at all.


PCI Compliant

PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.

This extension implements Stripe Elements for all credit card forms, and does not support collecting credit card data by any other means. According to Stripe, that makes the ParadoxLabs Stripe payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process. Stripe will even pre-fill the form for you.

For more information, see Stripe documentation: PCI DSS guidelines

Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form (A-EP or D).

For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

For more information on Stripe's security policies and infrastructure, see Stripe documentation: Security at Stripe



Progressive Web Apps are the future, and we're ready for them.

This extension fully supports GraphQL and guest/customer REST APIs, allowing you to build out checkout and customer card management interfaces within your PWA, mobile app, or other 'headless' architecture.

GraphQL requires Magento 2.3.1 or newer.

Complete API documentation is available in our user manual.



The user manual covers:

  • Installation
  • Configuration
  • Features and usage
  • Common questions and issues
  • Technical info

View: Stripe Payments User Manual (PDF)



We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify it any way you need to (within the license terms).

ParadoxLabs is a proud Magento Solution Partner and member of ExtDN.org, the Extension Developers Network.



We pride ourselves on excellent support. Your purchase includes one year of complimentary extension support, plus free bug fixes and updates for the lifetime of this extension. If you find that it doesn't work as we intended in a standard installation, we'll help you fix that.

ParadoxLabs has been building and maintaining Magento payment integrations for years. Our integrations process billions of dollars in transactions every year for thousands of stores like yours, and our support is top-notch. Our solutions work for others—they can work for you too.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at sales@paradoxlabs.com.

Release Notes

Back to top


  • Compatible with CE: 2.1 2.2 2.3
  • Compatible with EE: 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Added support for Apple Pay, Google Pay, etc. via PaymentRequest API. Apple Pay requires additional setup.
    - Fixed admin order submit buttons staying disabled when switching to the 'free' payment method.
    - Fixed gateway syncing on REST card create/update.
    - Fixed possible admin order submit issues.
    - Fixed possible PHP notice/missing account name on settings page.
    - Fixed quality issues for latest Magento coding standards.


  • Compatible with CE: 2.1 2.2 2.3
  • Compatible with EE: 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Added GraphQL API support for customer card management.
    - Added protection to frontend checkout to help prevent abuse. (Will now block after numerous failures.)
    - Added REST API support for guest and customer card management.
    - Improved codebase by moving common code from gateways into the TokenBase library.
    - Changed Stripe API version to 2019-03-14.
    - Fixed handling of duplicate cards within database records.
    - Fixed incorrect ship-to name for virtual orders.


  • Compatible with CE: 2.1 2.2 2.3
  • Compatible with EE: 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Fixed template loading on composer installs.


  • Compatible with CE: 2.1 2.2 2.3
  • Compatible with EE: 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Updated composer dependency versions for Magento 2.3.
    - Fixed active payment method detection to improve validation.
    - Fixed compatibility issue with OneStepCheckout.


  • Compatible with CE: 2.0 2.1 2.2
  • Compatible with EE: 2.0 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Fixed API delete not reaching payment gateway.
    - Fixed partial invoicing with reauthorization disabled.
    - Fixed potential admin order infinite spinner in some circumstances.


  • Compatible with CE: 2.0 2.1 2.2
  • Compatible with EE: 2.0 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Added support for restricted API keys.
    - Fixed incorrect OrderCommand argument with 'save info' payment action.
    - Fixed possible VirtualType compilation errors.
    - Fixed required indicator when phone number is set to not required.


  • Compatible with CE: 2.0 2.1 2.2
  • Compatible with EE: 2.0 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Added support for $0 checkout.
    - Improved performance of Manage Cards with many cards and orders (thanks Steve).
    - Fixed 'Auto-select' setting on default checkout.
    - Fixed currency handling.
    - Fixed field validation stripping dashes from addresses.
    - Fixed logging issues in Magento 2.2.
    - Fixed order status handling on 'save' payment action and some other edge cases.
    - Fixed possible submit issue on admin checkout.
    - Fixed possible unserialize address errors on 2.0 upgrade.
    - Fixed possible validation JS errors on CC forms.
    - Fixed stored card association on post-register checkout.
    - Fixed stored card validation with no expiration date given.
    - Changed param type of setMethodInstance() in ParadoxLabs\TokenBase\Api\Data\CardInterface.


  • Compatible with CE: 2.0 2.1 2.2
  • Compatible with EE: 2.0 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Compatibility fixes for Magento 2.2.
    - Improved API support, particularly for card create/update.
    - Changed DI proxy argument handling for Magento 2.2 compatibility.
    - Changed order status handling for Magento 2.2 compatibility.
    - Changed payment command classnames for PHP 7.1 compatibility.
    - Fixed admin card 'delete' button deleting rather than queuing deletion.
    - Fixed ExtensionAttribute implementation on Card model.
    - Fixed possible PHP error on admin order create in compiled multi-store environments.
    - Fixed possible static content deploy issues with template comments.
    - Fixed REST API permission handling.
    - Fixed restricted order statuses being selectable as payment method 'New Order Status'.
    - Fixed Stripe tokenization error handling on payment forms.
    BACKWARDS-INCOMPATIBLE CHANGES: This release adds support for Magento 2.2. It is still compatible with Magento 2.0 and 2.1, but there are some notable code changes from earlier releases. If you have customizations around the extension, these may be significant:
    - Added getAdditionalObject() to ParadoxLabs\TokenBase\Api\Data\CardInterface.
    - Added saveExtended() to ParadoxLabs\TokenBase\Api\CardRepositoryInterface.
    - Added CardAdditionalInterface support to ParadoxLabs\TokenBase\Model\Card::setAdditional().
    - Changed argument type of ParadoxLabs\TokenBase\Api\Data\CardInterface::setExtensionAttributes().
    - Changed paradoxlabs_stored_card 'address' and 'additional' fields from serialized to JSON.
    - Changed Proxy constructor arguments throughout module to inject Proxy via DI configuration.
    - Removed Unserialize constructor argument from ParadoxLabs\TokenBase\Model\Card\Context.


  • Compatible with CE: 2.0 2.1
  • Compatible with EE: 2.0 2.1
  • Stability: Stable Build
  • Description:

    Added protection to frontend My Payment Data page to help prevent abuse. (Will now require order history to use, and block after numerous failures.)
    Added settings check for corrupted API credentials.
    Added split database support
    Fixed error on checkout if billing address zipcode is empty.
    Fixed error on databaseless code generation.
    Fixed missing soft descriptor on 'Authorize and Capture' payment action.
    Fixed type error on refund.
    Fixed validation error on admin checkout with new card.


  • Compatible with CE: 2.0 2.1
  • Compatible with EE: 2.0 2.1
  • Stability: Stable Build
  • Description:

    Initial release for Magento 2.


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top