Library Hat Rotating Header Image

September, 2014:

Using the Stripe API to Collect Library Fines by Accepting Online Payments

*** This post was originally published in ACRL TechConnect on Sep. 10, 2014.***

Recently, my library has been considering accepting library fines via online. Currently, many library fines of a small amount that many people owe are hard to collect. As a sum, the amount is significant enough. But each individual fines often do not warrant even the cost for the postage and the staff work that goes into creating and sending out the fine notice letter. Libraries that are able to collect fines through the bursar’s office of their parent institutions may have a better chance at collecting those fines. However, others can only expect patrons to show up with or to mail a check to clear their fines. Offering an online payment option for library fines is one way to make the library service more user-friendly to those patrons who are too busy to visit the library in person or to mail a check but are willing to pay online with their credit cards.

If you are new to the world of online payment, there are several terms you need to become familiar with. The following information from the article in SixRevisions is very useful to understand those terms.1

  • ACH (Automated Clearing House) payments: Electronic credit and debit transfers. Most payment solutions use ACH to send money (minus fees) to their customers.
  • Merchant Account: A bank account that allows a customer to receive payments through credit or debit cards. Merchant providers are required to obey regulations established by card associations. Many processors act as both the merchant account as well as the payment gateway.
  • Payment Gateway: The middleman between the merchant and their sponsoring bank. It allows merchants to securely pass credit card information between the customer and the merchant and also between merchant and the payment processor.
  • Payment Processor: A company that a merchant uses to handle credit card transactions. Payment processors implement anti-fraud measures to ensure that both the front-facing customer and the merchant are protected.
  • PCI (the Payment Card Industry) Compliance: A merchant or payment gateway must set up their payment environment in a way that meets the Payment Card Industry Data Security Standard (PCI DSS).

Often, the same company functions as both payment gateway and payment processor, thereby processing the credit card payment securely. Such a product is called ‘Online payment system.’ Meyer’s article I have cited above also lists 10 popular online payment systems: Stripe, Authorize.Net, PayPal, Google Checkout, Amazon Payments, Dwolla, Braintree, Samurai by FeeFighters, WePay, and 2Checkout. Bear in mind that different payment gateways, merchant accounts, and bank accounts may or may not work together, your bank may or may not work as a merchant account, and your library may or may not have a merchant account. 2

Also note that there are fees in using online payment systems like these and that different systems have different pay structures. For example, has the $99 setup fee and then charges $20 per month plus a $0.10 per-transaction fee. Stripe charges 2.9% + $0.30 per transaction with no setup or monthly fees. Fees for mobile payment solutions with a physical card reader such as Square may go up much higher.

Among various online payment systems, I picked Stripe because it was recommended on the Code4Lib listserv. One of the advantages for using Stripe is that it acts as both the payment gateway and the merchant account. What this means is that your library does not have to have a merchant account to accept payment online. Another big advantage of using Stripe is that you do not have to worry about the PCI compliance part of your website because the Stripe API uses a clever way to send the sensitive credit card information over to the Stripe server while keeping your local server, on which your payment form sits, completely blind to such sensitive data. I will explain this in more detail later in this post.

Below I will share some of the code that I have used to set up Stripe as my library’s online payment option for testing. This may be of interest to you if you are thinking about offering online payment as an option for your patrons or if you are simply interested in how an online payment API works. Even if your library doesn’t need to collect library fines via online, an online payment option can be a handy tool for a small-scale fund-raising drive or donation.

The first step to take to make Stripe work is getting an API keys. You do not have to create an account to get API keys for testing. But if you are going to work on your code more than one day, it’s probably worth getting an account. Stripe API has excellent documentation. I have read ‘Getting Started’ section and then jumped over to the ‘Examples’ section, which can quickly get you off the ground. ( I found an example by Daniel Schröter in GitHub from the list of examples in the Stripe’s Examples section and decided to test out. ( Most of the time, getting an example code requires some probing and tweaking such as getting all the required library downloaded and sorting out the paths in the code and adding API keys. This one required relatively little work.

Now, let’s take a look at the form that this code creates.


In order to create a form of my own for testing, I decided to change a few things in the code.

  1. Add Patron & Payment Details.
  2. Allow custom amount for payment.
  3. Change the currency from Euro to US dollars.
  4. Configure the validation for new fields.
  5. Hide the payment form once the charge goes through instead of showing the payment form below the payment success message.


4. can be done as follows. The client-side validation is performed by Bootstrapvalidator jQuery Plugin. So you need to get the syntax correct to get the code, which now has new fields, to work properly.

This is the Javascript that allows you to send the data submitted to your payment form to the Stripe server. First, include the Stripe JS library (line 24). Include JQuery, Bootstrap, Bootstrap Form Helpers plugin, and Bootstrap Validator plugin (line 25-28). The next block of code includes an event handler for the form, which send the payment information to the Stripe via AJAX when the form is submitted. Stripe will validate the payment information and then return a token that identifies this particular transaction.


When the token is received, this code calls for the function, stripeResponseHandler(). This function, stripeResponseHandler() checks if the Stripe server did not return any error upon receiving the payment information and, if no error has been returned, attaches the token information to the form and submits the form.


The server-side PHP script then checks if the Stripe token has been received and, if so, creates a charge to send it to Stripe as shown below. I am using PHP here, but Stripe API supports many other languages than PHP such as Ruby and Python. So you have many options. The real payment amount appears here as part of the charge array in line 326. If the charge succeeds, the payment success message is stored in a div to be displayed.


The reason why you do not have to worry about the PCI compliance with Stripe is that Stripe API asks to receive the payment information via AJAX and the input fields of sensitive information does not have the name attribute and value. (See below for the Card Holder Name and Card Number information as an example; Click to bring up the clear version of the image.)  By omitting the name attribute and value, the local server where the online form sits is deprived of any means to retrieve the information in those input fields submitted through the form. Since sensitive information does not touch the local server at all, PCI compliance for the local server becomes no concern. To clarify, not all fields in the payment form need to be deprived of the name attribute. Only the sensitive fields that you do not want your web server to have access to need to be protected this way. Here, for example, I am assigning the name attribute and value to fields such as name and e-mail in order to use them later to send a e-mail receipt.

(NB. Please click images to see the enlarged version.)

Screen Shot 2014-08-17 at 8.01.08 PM

Now, the modified form has ‘Fee Category’, custom ‘Payment Amount,’ and some other information relevant to the billing purpose of my library.


When the payment succeeds, the page changes to display the following message.


Stripe provides a number of fake card numbers for testing. So you can test various cases of failures. The Stripe website also displays all payments and related tokens and charges that are associated with those payments. This greatly helps troubleshooting. One thing that I noticed while troubleshooting is that Stripe logs sometimes do lag behind. That is, when a payment would succeed, associated token and charge may not appear under the “Logs” section immediately. But you will see the payment shows up in the log. So you will know that associated token and charge will eventually appear in the log later.


Once you are ready to test real payment transactions, you need to flip the switch from TEST to LIVE located on the top left corner. You will also need to replace your API keys for ‘TESTING’ (both secret and public) with those for ‘LIVE’ transaction. One more thing that is needed before making your library getting paid with real money online is setting up SSL (Secure Sockets Layer) for your live online payment page. This is not required for testing but necessary for processing live payment transactions. It is not a very complicated work. So don’t be discouraged at this point. You just have to buy a security certificate and put it in your Web server. Speak to your system administrator for how to get the SSL set up for your payment page. More information about setting up SSL can be found in the Stripe documentation I just linked above.

My library has not yet gone live with this online payment option. Before we do, I may make some more modifications to the code to fit the staff workflow better, which is still being mapped out. I am also planning to place the online payment page behind the university’s Shibboleth authentication in order to cut down spam and save some tedious data entry by library patrons by getting their information such as name, university email, student/faculty/staff ID number directly from the campus directory exposed through Shibboleth and automatically inserting it into the payment form fields.

In this post, I have described my experience of testing out the Stripe API as an online payment solution. As I have mentioned above, however, there are many other online payment systems out there. Depending your library’s environment and financial setup, different solutions may work better than others. To me, not having to worry about the PCI compliance by using Stripe was a big plus. If your library accepts online payment, please share what solution you chose and what factors led you to the particular online payment system in the comments.

* This post has been based upon my recent presentation, “Accepting Online Payment for Your Library and ‘Stripe’ as an Example”, given at the Code4Lib DC Unconference. See the slides  below..

  1. Meyer, Rosston. “10 Excellent Online Payment Systems.” Six Revisions, May 15, 2012.
  2. Ullman, Larry. “Introduction to Stripe.” Larry Ullman, October 10, 2012.

Why I Don’t Talk Much about Gender or Race & Why I Support the Ada Initiative

I rarely talk about gender or race issues.  Not because I am not interested but because I am afraid that I may say things that are viewed negatively by a socially acceptable norm.  As a person who grew up in one country with one culture (the Confusian culture that is notoriously preferential to men to boot) and then moved to, live, and now work in another country with a completely different culture (just as discriminatory to women and minorities I am afraid) and who often has opinions that are different from those held by the majorities in both societies, I am acutely aware of various disadvantages, backlashes, and penalties that can result as a consequence of a minor slip and the pervasive social norm of inequality applied to women and racial/ethnic/gender minorities reinforced in everyday life.

I hate telling stories about how things went all wrong because it can reinforce negative sentiments such as frustration, anger, and the general sentiment of feeling pathetic about oneself. But I will make an exception and tell you this one story in the hope that you will join me in supporting the Ada Initiative.

A few years ago, in one of the library mailing listservs, the idea of creating a sub-group of women among the members was floated up. I do not recall all the context now but in relation to that idea, which I supported, I posed a question to the listserv specifically directed at only women.  To my dismay, this did not stop any men on the mailing list to liberally exercise their freedom to object to the idea in the name of the good of the listserv.  The idea was attacked as something akin to a separatist movement and was vehemently objected by a man who is regarded as very influential in that venue. My response to this was simply “how dare you,” not personally to me but to the entire group of women in the listerv. The question was submitted to women. No opinion was solicited from men.

But this is not why I brought up this story. The reason why I brought up this story is that I wanted to tell you what I did after this incident.  I didn’t respond back and communicate my indignation, frustration, and anger.  I simply disengaged myself from the conversation and abandoned the whole thread.  I didn’t want to have a conversation with this famous person who was so blatantly unaware of his faux pas. (Although his describing that idea as a separatist movement was not at all fair, I now see the point that it is actually a valid worry as women are not a minority but 50 percent of the population. And we all know well that the majority in the library is indeed women, not men. Potentially, the current listserv may have to compete with this new one -if the new one succeeds- and may lose its precious prestige and some other social privileges that go with the membership for some people.)

I justified my behavior by telling myself that I don’t have enough energy to deal with this right now. Fortunately, women who are much wiser, more articulate, and more courageous than me stood up and wrote great replies to this person.  Because I decided to not attach myself to the thread any longer, I also sent a personal email to these women who were my heroes.  At that time, I thought that was a good thing to do because I was so relieved by and hugely appreciated the fact that someone was taking the stance and was articulating the reasons in such a cool manner that I could not maintain. But looking back I can’t but think that it was so cowardly of me not openly supporting them. I have to add that this realization only dawned on me when the same thing happened to me only in the reverse role this time around. Another librarian sent me a private Twitter message personally thanking me about what I said openly. This taught me the lesson that what I meant as kudos to someone could have felt to that person like a punch in the gut instead. I thought about this incident a lot always as one of my (many) failings, although I only once dared to vent about it to one of my male colleagues because I knew he wouldn’t mind listening to me. (Our internalization of the social norm is indeed very deep even when we are critical of the very norm.)

It wasn’t until at last year’s Code4Lib pre-conference, “Technology, Librarianship, and Gender: Moving the conversation forward,” organized by Lisa Rabey and attended by many awesome people including Valerie Aurora from the Ada Initiative — She also gave the keynote at the Code4Lib Conference — that I was told for the first time that those who belong to minority groups do NOT have the obligation to always speak up, defend their positions, etc., etc. That was a refreshing thought that respects the additional burden that many minorities carry, the feeling of having to be a vocal champion of a cause at a personal level whether you are exhausted and sick or all or not. I also loved hearing that one thing that those with existing privileges can and should do is to listen to those without such privileges and their experience, not shouting out their own thoughts and dominating the conversation. It recognizes the important fact that the voice of sympathetic advocates should never overpower that of women and racial/ethnic/gender minorities. To be sustainable, a social change must be implemented by those who need and want the change by themselves.

So it is not an exaggeration to say that being a woman in technology can complicate things. (And I only told you just one story, and I am not even touching the issue of belonging to a racial/ethnic minority group here.) How many more awesome and productive things would women be able to achieve if they do not have to deal with this kind of crap that turns up all the time when they are simply trying to get things done?

I support the Ada Initiative because it acknowledges and articulates common issues often unacknowledged, opens and legitimizes a conversation about those issues, and helps organizations institute and establish more just and more equitable norms with useful and tangible tools and resources, thereby leveling the playing field for everyone. This results in benefiting all, not just women and minorities in race and gender.


Consider donating to the Ada Initiative below or at Share your reasons in Twitter with the hashtag, #libs4ada, and check out many thoughtful and amazing posts people wrote about their reasons for supporting the Ada Initiative. (If you think that this is all irrelevant because you have never been physically harmed or threatened in librarianship, check out this terrific post by the Library Loon.) I invite you to become an ally to those who are with less privileges than you. Thanks for reading this post!

Donation button

Donate to the Ada Initiative

If you are not familiar with the Ada initiative, here is some information from its website.

The Ada Initiative helps women get and stay involved in open source, open data, open education, and other areas of free and open technology and culture. These communities are changing the future of global society. If we want that society to be socially just and to serve the interests of all people, women must be involved in its creation and organization.
The Ada Initiative is a feminist organization. We strive to serve the interests and needs of women in open technology and culture who are at the intersection of multiple forms of oppression, including disabled women, women of color, LBTQ women, and women from around the world.

We are making a difference in open technology and culture by:

  • Supporting and connecting women in these communities
  • Changing the culture to better fit women, instead of changing women to fit the culture
  • Helping women overcome internalized sexism that is the result of living within the existing culture
  • Asking men and influential community members to take responsibility for culture change
  • Giving people the tools they need to change their communities (e.g., policies and ally skills)
  • Creating sustainable systems to support feminist activists in these communities
  • Being the change we want to see by making our own events and communities safer and more inclusive