Stripe for Magento 2

Stripe for Magento 2

Top-notch user experience, convenience, and PCI SAQ-A security: Treat your store to ParadoxLabs Stripe.

Magento Community 2.0, 2.1, 2.2
Magento Enterprise 2.0, 2.1, 2.2, Cloud
Latest Version
2.0.0 (Aug 07, 2017) - View Release Notes
We will install and configure the module for you, and make sure it works properly in its intended environment.
Request Demo Login

Questions? Give us a call: 717-431-3330


We know what you're looking for. You want a proven solution that just works, with all of the features you would expect, from a reputable company that stands behind their product. Our payment extensions are used on thousands of Magento stores. We know what we're doing, and we've been doing it for a long time. We pride ourselves on quality support. If you need help, we'll make sure you're taken care of.

Payment processing is a fundamental part of your business, and it's a fundamental part of ours too. We'll help you make sure it never becomes a problem.

Stripe is taking the world of ecommerce payment processing by storm, with simplicity and power. They don't just give you a way to accept credit card payments: They do it in a way that makes sense, and makes life so much easier for you and for your customers. Stripe charges 2.9% + $0.30 for every credit card transaction processed, with zero setup or ongoing fees. Enterprise customers may be eligible for volume discounts. See here for complete pricing info

With ParadoxLabs Stripe, we build on Stripe's top-notch offerings by integrating those payment services into Magento 2, along with extensive stored card functionality. This gives you and your customers the convenience of stored credit cards, with all the security of Stripe. It also allows us to give you many advanced features that other payment methods simply aren't capable of.


This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without compromising PCI compliance.

  • Pay by credit card
  • PCI SAQ-A eligibility: Stripe Elements collects all credit card data for you
  • Save credit cards (tokens) for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders and reorder without contacting the customer for their CC info (even for guests!)
  • Capture funds even after the authorization expires
  • Authorize, Capture, or Save CC Info (without charging) at time of checkout
  • Partially invoice orders (including reauthorization of any remaining balance)
  • Refund your invoices (Online Credit Memo)
  • Partially refund orders (refund individual items from an invoice)
  • Void/cancel authorizations
  • Sending shipping address with transactions
  • Credit Card Verification (CCV)
  • Address Verification (AVS)
  • Multi-store support: Use different Stripe accounts for each website
  • Supports the Magento 2 REST API
  • Supports ParadoxLabs Adaptive Subscriptions

The first time a customer checks out, they are given an advanced unified field to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'My Payment Data' interface in their account. All frontend features are also available in the Magento Admin Panel.


Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to ask customers for credit card info once it's stored.
  • It streamlines order management and integration (for compatible systems).


ParadoxLabs has been building and maintaining Magento payment integrations for years. Our integrations process over $1 billion dollars in transactions every year for sites like yours, and our support is top-notch. Our solutions work for them—they can work for you too.


Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs Stripe will protect you from many forms of credit card scraping hacks.

All communication with Stripe is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Stripe Elements, all credit card forms for this extension are contained within an iframe directly from Stripe. This means all credit card data is sent directly from your customers to Stripe. They give us back a one-time-use token to use in place of the actual credit card data, and we use that to store it in the customer's Stripe profile. This lets your customers pay with a 'saved' card that's not stored on your server at all.

We are often asked about PCI compliance: PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, any other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data or do anything else that would bring you under scrutiny.

This extension implements Stripe Elements for all credit card forms, and does not support collecting credit card data by any other means. According to Stripe, that makes the ParadoxLabs Stripe payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process.

For more information, see Stripe documentation: PCI DSS guidelines

Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form (A-EP or D).

For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

For more information on Stripe's security policies and infrastructure, see Stripe documentation: Security at Stripe


We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).


We pride ourselves on quality support, which includes free bug fixes and updates for the lifetime of this extension. If you find that it doesn't work as we intended in a standard installation, we'll help you make sure that it does.

Our extensions are used on thousands of stores like yours.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

If you are not satisfied, we have a no-questions refund policy for thirty days after purchase.

Only registered users can write reviews. Please, log in or register.

A complete user manual is included with the module. You can download it here: ParadoxLabs Stripe Payments with Stored Cards - User Manual for Magento 2 (pdf)

How do I do an online refund from Magento?

In order to process an 'online' refund through Authorize.Net, you have to go to the invoice you want to refund, and click the 'Credit Memo' button from there.

If you’ve done that correctly, at the bottom of the page you should see a button that says 'Refund'.

If you only have one button that says ‘Refund Offline’, it’s because you clicked ‘Credit Memo’ from the order instead of from the invoice.

The reason for this is that the refund needs to be associated with a particular capture transaction. An order can contain any number of capture transactions, but every capture has an invoice that’s directly related. You refund an invoice, not an order.


Error on checkout: “An error occurred on the server. Please try to place the order again.”

Magento made a change in 2.1.x that means no payment error messages actually make it out to the customer. When these error messages occur, the underlying error is usually some payment failure, like AVS failure, or invalid CCV, or transaction declined. These messages will be recorded in the transaction log (var/log/tokenbase.log), but the customer will only ever be given the generic failure message. Yes, this makes for bad user experience, but it’s not something we can control.

The issue should be resolved with Magento 2.2. In the meantime, you can fix it by overwriting two core files with their versions from 2.2:

vendor/magento/module-checkout/Model/GuestPaymentInformationManagement.php to new version

vendor/magento/module-checkout/Model/PaymentInformationManagement.php to new version

Making these changes will mean customers get the precise error message we intend, and can fix their payment information accordingly.

Download the complete user manual here: Stripe for Magento 2 - User Manual (pdf)


  • Purchasing this product grants you a license for use on one installation of Magento, plus any associated non-production environments.
  • Our products are 100% unencoded. You are free to modify it as you see fit, within the terms of the complete license below.

Software License

This a legal agreement between you (either an individual or a single entity) and ParadoxLabs inc. for the ParadoxLabs inc software product(s) which may include associated software components, media, printed materials, and "online" or electronic documentation ("software product"). By installing, copying, or otherwise using the software product, you agree to be bound by the terms of this Agreement. This license agreement represents the entire agreement concerning the program between you and ParadoxLabs inc, (referred to as "licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If you do not agree to the terms of this agreement, do not install or use the software product.

The software product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The software product is licensed, not sold.

    The software product is licensed as follows:
    1. Installation and Use.
      ParadoxLabs inc grants you the right to install and use the software product on one website.
    2. Backup Copies.
      You may also make copies of the software product as may be necessary for backup and archival purposes.

    1. Maintenance of Copyright Notices.
      You must not remove or alter any copyright notices on any and all copies of the software product.
    2. Distribution.
      You may not distribute copies of the software product to third parties.
    3. Prohibition on Reverse Engineering, Decompilation, and Disassembly.
      You may not reverse engineer, decompile, or disassemble the software product, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
    4. Rental.
      You may not rent, lease, or lend the software product.
    5. Support Services.
      ParadoxLabs inc may provide you with support services related to the software product ("Support Services"). Any supplemental software code provided to you as part of the Support Services shall be considered part of the software product and subject to the terms and conditions of this Agreement.
    6. Compliance with Applicable Laws.
      You must comply with all applicable laws regarding use of the software product.

    Without prejudice to any other rights, ParadoxLabs inc may terminate this Agreement if you fail to comply with the terms and conditions of this Agreement. In such event, you must destroy all copies of the software product in your possession.

    All title, including but not limited to copyrights, in and to the software product and any copies thereof are owned by ParadoxLabs inc. All title and intellectual property rights in and to the content which may be accessed through use of the software product is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties. This Agreement grants you no rights to use such content. All rights not expressly granted are reserved by ParadoxLabs inc.

    ParadoxLabs inc expressly disclaims any warranty for the software product. The software product is provided 'As Is' without any express or implied warranty of any kind, including but not limited to any warranties of merchantability, noninfringement, or fitness of a particular purpose. ParadoxLabs inc does not warrant or assume responsibility for the accuracy or completeness of any information, text, graphics, links or other items contained within the software product. ParadoxLabs inc makes no warranties respecting any harm that may be caused by the transmission of a computer virus, worm, time bomb, logic bomb, or other such computer program. ParadoxLabs inc further expressly disclaims any warranty or representation to Authorized Users or to any third party.

    In no event shall ParadoxLabs inc be liable for any damages (including, without limitation, lost profits, business interruption, or lost information) rising out of 'Authorized Users' use of or inability to use the software product, even if ParadoxLabs inc has been advised of the possibility of such damages. In no event will ParadoxLabs inc be liable for loss of data or for indirect, special, incidental, consequential (including lost profit), or other damages based in contract, tort or otherwise. ParadoxLabs inc shall have no liability with respect to the content of the software product or any part thereof, including but not limited to errors or omissions contained therein, libel, infringements of rights of publicity, privacy, trademark rights, business interruption, personal injury, loss of privacy, moral rights or the disclosure of confidential information.