Build a mobile app that can sign up merchants and allow payers to make payments.
You are a building a native mobile app for your e-commerce marketplace that lets people sell goods to people nearby.
This document outlines the best practices for using the three main touchpoints of the WePay API on a mobile app.
One of the most challenging parts of handling payments on mobile is security. Any secret (such as an
client_secret) that is included in the code of a mobile app could potentially be exposed to anyone who downloads that app. Thus, it is important to not store these secrets in the mobile app, but to let the server backend for you app do the heavy lifting.
On a mobile app, you’ll want to be able to sign up merchants for a payment account without them needing to leave your app during that experience. You can do so with the /user/register call.
When a merchant downloads your app and you want to enable them to collect payments, you’ll make the /user/register call. You’ll immediately receive an
access_token in response that will let you create a payment account for that merchant and process payments for them.
The merchant will receive an email letting them know that you have set them up on WePay to accept payments. They’ll need to click on the link in the email to confirm and set their WePay password. If they don’t do so within 90 days of signup or 14 days of accepting their first payment, then their payment account will be deleted and all payments refunded.
However, it is important that you make the /user/register call from the server backend from your app, and not from the app itself. This way, you do not have to store the
client_secret on the app itself.
To process payments on a mobile app, you’ll want to be able to securely collect credit card information and send it to WePay. We have built an iOS SDK that will help you make the /credit_card/create call. You can learn more about how to use it in the iOS SDK guide.
You can learn about the standard way to let merchant’s verify their identity and link their bank account in the embedded withdrawals guide.
If you want to do so as part of a mobile app, we recommend that you make the /account/get_update_uri call from your server, and then send the update URI to the app. Then you can either redirect the merchant to the URI in the browser, or show the update URI in a WebView inside your app.