Here is an interview with Amber Feng, software engineer for a leading payment API on the web, Stripe. In this interview we will discuss Stripe security and dealing with multiple currencies. Check out our Stripe API profile.
Ajay- What makes the Stripe API attractive to developers to create mashups for? How does Stripe distinguish itself from other payment APIs?
Amber- The Stripe API gives developers access to a very fundamental capability: moving money across the internet. We set out to create the easiest and most natural technology for developers to integrate into web and mobile applications, while still allowing them to retain complete control over the user experience.
Before Stripe, online payments mainly consisted of decades-old banking infrastructure grafted onto the web, resulting in an exceedingly complex process for businesses and a cumbersome experience for their customers. With Stripe, developers don’t need a merchant account or gateway – we handle everything, including card storage and tokenization, subscriptions, and direct payouts to bank accounts.
As the number of businesses using Stripe grew, we found people were building awesome services that extended the abilities of a Stripe account: powerful invoice or storefront creators, one-click accounting, SaaS analytics, and more. We built Stripe Connect, an OAuth2 API that gives developers access to the full Stripe API on behalf of their users, to standardize these kinds of integrations. The door is now wide open for some excellent mashups that accept payments or do something interesting with a company’s financial data, and we’re very excited to see what people build.
Ajay- What are some of the ways you keep Stripe secure from fraudulent activity on the Payments API?
Amber- Making sure people don’t defraud either Stripe or our users is very important to us. Stripe’s systems analyze events (like accounts or payments being created), monitor for unusual activity, and take automatic action where needed.
Ajay- What are some of the challenges you face as you roll out the Stripe system to other geographies and currencies?
Amber- Some of the biggest challenges we’ve faced include understanding local payment and regulatory differences between countries, as well as finding financial partners that align well with Stripe’s technical and business approaches. It can be hard to find banks and financial institutions that are well-tested, can support everything we want to do, and can move quickly with us. Payments companies often compromise the product when they expand internationally, and we want to avoid that.
Another challenge is collaborating with these partners and our users across time zones, languages, and cultures. We recently opened a Stripe office in London, so these challenges are becoming less of an issue.
Ajay- What are some of the traffic, and usage statistics you can share about the API? What are some of the key learning lessons or best practices you can share with other API creators?
Amber- Thousands of businesses are built on top of the Stripe API, and it sees millions of dollars in transaction volume each day.
Many of our key best practices are not in the design of the API itself, but in supporting the API. Documentation and test environments, for example, are really important. We’ve tried to make our API highly accessible, with embedded code snippets in the documentation that can be directly copied and pasted into the terminal or code. Regardless of whether you have a Stripe account or not, you can easily follow along with the tutorials/documentation and see the Stripe API in action.
Similarly, making it easy for developers to test the behavior of the API when integrated with their application is a huge win — we allow triggering certain behaviors (such as declined cards) so developers can test their application in all scenarios.
As developers, we know debugging is sometimes a large (and frustrating) portion of writing software. We try to minimize this as much as possible with in-dashboard API logs and error messages that try to help in addition to reporting on the issue. One of my favorite examples is:
Stripe::AuthenticationError: No API key provided. (HINT: set your API key using “Stripe.api_key = “. You can generate API keys from the Stripe web interface. See https://stripe.com/api for details, or email firstname.lastname@example.org if you have any questions.)
Even with good documentation and testing assistance, people still sometimes run into issues. We do the best we can to help in those cases, as well; we run an IRC server where Stripe engineers hang out and answer questions, and offer technical customer support via email.
Ajay- How is life working for Stripe as an employee, and what are some of the ways we can encourage more and more young people to become hackers?
Amber- Working at Stripe is incredible.
One of the things I love most is the open, transparent culture. The majority of emails are (by convention) cc’ed to common mailing lists that are viewable by the entire company, product decisions are made from the bottom up, and employees are even invited to attend board meetings. One of my co-workers recently attended a board meeting and said that the most astonishing thing he learned was the fact that he already knew everything!
Another thing I find extraordinary is that the hierarchy is extremely flat. We don’t have any dedicated product managers at Stripe; when I worked on Stripe Connect earlier last year, I played a major role in the engineering and product management, made sales calls (this was before we had built our business development team), and even wrote marketing copy while organizing the official launch. I’ve always been interested in entrepreneurship, so wearing this many hats — essentially “building a startup” within a startup — was really exciting and helped me learn a lot.
I first became interested in programming through my Dad, who’s a software engineer. I quickly realized that I could solve my own problems with software, and that’s what got me hooked: I built apartment bill-splitting and furniture arranging apps when I moved into my first apartment, and even wrote something to help me keep track of the companies I was interviewing at during my senior year job hunt.
I’d highly recommend learning to code by having an idea of something you want to build in mind — its easiest to get started when the problem you’re trying to solve is your own, and it’s also much more motivating and fun.