refactor: ECE buttons to use confirmation tokens #11222
Merged
+152
−35
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Test the buildOption 1. Jetpack Beta
Option 2. Jurassic Ninja - available for logged-in A12s🚀 Launch a JN site with this branch 🚀 ℹ️ Install this Tampermonkey script to get more options. Build info:
Note: the build is updated when a new commit is pushed to this PR. |
Contributor
|
Size Change: +13 B (0%) Total Size: 929 kB
ℹ️ View Unchanged
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors Express Checkout Elements (ECE) for Google Pay and Apple Pay to use Stripe's newer Confirmation Tokens API instead of Payment Methods. This is a migration to a newer Stripe API pattern as documented in their migration guide.
Key Changes
- Updated JavaScript client code to call
stripe.createConfirmationToken()instead ofstripe.createPaymentMethod() - Modified data normalization functions to send
wcpay-confirmation-tokeninstead ofwcpay-payment-method - Added server-side support for handling confirmation tokens alongside existing payment method logic for backward compatibility
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
client/express-checkout/event-handlers.js |
Updated to use createConfirmationToken() Stripe API call instead of createPaymentMethod() |
client/express-checkout/utils/normalize.js |
Changed parameter names and field keys from payment method to confirmation token |
client/express-checkout/transformers/stripe-to-wc.js |
Updated transformer to handle confirmation token IDs instead of payment method IDs |
includes/class-wc-payment-gateway-wcpay.php |
Added logic to detect and route confirmation tokens vs payment methods based on ID prefix |
includes/class-payment-information.php |
Updated to extract confirmation token from request data with fallback to payment method |
includes/core/server/request/class-create-intention.php |
Added new set_confirmation_token() method and updated documentation |
includes/core/server/request/class-create-and-confirm-intention.php |
Added confirmation token to allowed parameters and removed payment method from required parameters |
changelog/refactor-ece-to-use-confirmation-tokens-instead-of-payment-methods |
Added changelog entry for this refactor |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
28
to
33
| const REQUIRED_PARAMS = [ | ||
| 'amount', | ||
| 'currency', | ||
| 'payment_method', | ||
| 'customer', | ||
| 'metadata', | ||
| ]; |
There was a problem hiding this comment.
Removing payment_method from REQUIRED_PARAMS means the request can now be sent without either a payment_method or a confirmation_token, which would likely fail at the Stripe API level. Consider adding custom validation in the get_params() method or before calling send() to ensure at least one of these parameters is set. For example, you could override get_params() to check that either payment_method or confirmation_token is present in the params before the request is sent.
Contributor
Author
There was a problem hiding this comment.
send() and get_params() are final
…nstead-of-payment-methods
…nstead-of-payment-methods
htdat
reviewed
Dec 25, 2025
Member
htdat
left a comment
htdat
left a comment
There was a problem hiding this comment.
Look good to me overall. But there are more comments on the server PR.
Please address them too.
htdat
approved these changes
Jan 9, 2026
mgascam
approved these changes
Jan 9, 2026
Contributor
mgascam
left a comment
mgascam
left a comment
There was a problem hiding this comment.
Thanks for working on this refactor, @frosso! The code changes look good to me, and it was a great learning opportunity. I wasn’t aware of the confirmation tokens feature before this.
I tested these changes locally against the server-side branch. I tried both Apple Pay and Google Pay checkouts from all available locations, and everything worked as expected.
One thing to note is the international card fee; I’ve left more details on the server-side PR. I’m approving this PR assuming any required changes will be handled there.
…nstead-of-payment-methods
…nstead-of-payment-methods
…nstead-of-payment-methods
…nstead-of-payment-methods
…nstead-of-payment-methods
…irements, matching server-side
frosso
deleted the
refactor/ece-to-use-confirmation-tokens-instead-of-payment-methods
branch
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes WOOPMNT-5600
Caution
To avoid possible disruptions, this PR can be merged only after the server-side PR has been merged.
Changes proposed in this Pull Request
Migrating existing ECE methods (Google Pay/Apple Pay) to leverage confirmation tokens, instead of payment methods.
Confirmation tokens are a newer Stripe API meant as a drop-in replacement: https://docs.stripe.com/payments/mobile/migration-confirmation-tokens
There are some additional changes needed, but I'm handling them on the server-side.
Testing instructions
This changes Google Pay/Apple Pay payments on block-based cart & checkout, shortcode-based cart & checkout, and product pages.
Hence, I'd recommend testing them individually.
npm run changelogto add a changelog file, choosepatchto leave it empty if the change is not significant. You can add multiple changelog files in one PR by running this command a few times.Post merge