[ [0x30] Features ] Stripe Payments

Stripe Payments

> Accept payments and manage subscriptions with Stripe.

Overview

[ [0x30] STATUS ]

When someone buys your product, Fabrk uses Stripe to handle everything securely. Customer clicks Buy, enters payment info on Stripe's checkout page (you never see their card number), Stripe charges the card and notifies your app via webhook, then your app grants access. The key benefit: You never handle sensitive credit card data. Stripe is PCI compliant and handles all the security complexity.

Features

[ [0x01] ONE_TIME_PAY ]

STATUS: READY

DESC: Sell lifetime access or single products. Customer pays once, gets access forever.

[ [0x02] SUBSCRIPTION ]

STATUS: READY

DESC: Monthly or yearly recurring payments. Automatic billing and renewal.

[ [0x03] FREE_TRIALS ]

STATUS: READY

DESC: Let users try before they buy. Converts to paid at trial end.

[ [0x04] CUSTOMER_POR ]

STATUS: READY

DESC: Users manage their own billing - update card, change plan, cancel.

[ [0x05] WEBHOOK_HAND ]

STATUS: READY

DESC: Your app reacts to payment events in real-time.

[ [0x06] DUPLICATE_PR ]

STATUS: READY

DESC: Prevents accidental double charges from page refreshes.

Setup

[ [0x01] CREATE STRIPE ACCOUNT ]

DESC: Go to stripe.com and create an account. It's free to sign up. You won't pay anything until you process real payments.

[ [0x02] GET API KEYS ]

DESC: In the Stripe Dashboard, go to Developers → API keys. Copy your test keys. Test keys start with sk_test_ and pk_test_. Live keys start with sk_live_ and pk_live_.

[ [0x03] CREATE PRODUCTS ]

DESC: Go to Products in Stripe Dashboard. Create products for each pricing tier (e.g., Starter, Pro, Enterprise). Each product has a price ID like price_1234567890.

[ [0x04] ADD KEYS TO APP ]

DESC: Add these to your .env.local file

1$# Stripe API Keys (test mode - get from https://dashboard.stripe.com/test/apikeys)
2$STRIPE_SECRET_KEY="sk_test_your_secret_key"  # Server-side only, NEVER expose to browser
3$NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_your_publishable_key"  # Client-side safe
4
5$# Product Lookup Key (NOT a price ID)
6$# Create in Stripe Dashboard: Products → Your Product → Pricing → Lookup key field
7$# Lookup keys let you change prices in Stripe without updating code
8$NEXT_PUBLIC_STRIPE_PRICE_FABRK="fabrk_purchase"  # This is a lookup key, not price_1234567890
9
10$# Optional: Promotion code ID for discounts (if using early adopter offer)
11$STRIPE_COUPON_EARLY_ADOPTER="promo_1SVGK4P7kSSEYWlXBq1LtaNM"
12
13$# Why lookup keys instead of price IDs?
14$# - Price IDs (price_1234...) are hardcoded - changing price requires code update
15$# - Lookup keys (fabrk_purchase) are flexible - change price in Stripe Dashboard anytime

[ [0x05] SETUP WEBHOOKS ]

DESC: Install the Stripe CLI to test webhooks locally. Webhooks notify your app when payments succeed or fail.

1$# Step 1: Install Stripe CLI (one-time setup)
2$# macOS:
3$brew install stripe/stripe-cli/stripe
4
5$# Windows:
6$# Download from https://github.com/stripe/stripe-cli/releases
7
8$# Linux:
9$# See https://stripe.com/docs/stripe-cli#install
10
11$# Step 2: Login to Stripe
12$stripe login
13$# Opens browser window to authenticate
14
15$# Step 3: Forward webhooks to your local app
16$stripe listen --forward-to localhost:3000/api/webhooks/stripe
17
18$# Expected output:
19$# > Ready! Your webhook signing secret is whsec_abc123def456...
20$#
21$# Step 4: Copy the webhook secret (starts with whsec_)
22$# Add it to .env.local:
23$STRIPE_WEBHOOK_SECRET="whsec_abc123def456..."
24
25$# Leave this terminal window OPEN while developing
26$# You'll see webhook events appear here when you test payments

Usage

[ [0xF7] CHECKOUT BUTTON COMPONENT ]

Add this to any pricing card or button

1"use client";
2
3import { useState } from "react";
4import { Button } from "@/components/ui/button";
5
6export function CheckoutButton({ priceId, planName }) {
7  const [loading, setLoading] = useState(false);
8
9  const handleCheckout = async () => {
10    setLoading(true);
11    try {
12      // Call your checkout API
13      const response = await fetch("/api/stripe/checkout", {
14        method: "POST",
15        headers: { "Content-Type": "application/json" },
16        body: JSON.stringify({ priceId }),
17      });
18
19      const { url, error } = await response.json();
20
21      if (error) {
22        alert(error);
23        return;
24      }
25
26      // Redirect to Stripe Checkout
27      window.location.href = url;
28    } catch (err) {
29      alert("Something went wrong. Please try again.");
30    } finally {
31      setLoading(false);
32    }
33  };
34
35  return (
36    <Button onClick={handleCheckout} disabled={loading}>
37      {loading ? "Loading..." : `Get ${planName}`}
38    </Button>
39  );
40}

[ [0xEC] CUSTOMER PORTAL LINK ]

Let users manage their own subscription

1"use client";
2
3import { Button } from "@/components/ui/button";
4
5export function ManageBillingButton() {
6  const handlePortal = async () => {
7    const response = await fetch("/api/stripe/portal", {
8      method: "POST",
9    });
10
11    const { url } = await response.json();
12    window.location.href = url;
13  };
14
15  return (
16    <Button variant="outline" onClick={handlePortal}>
17      Manage Billing
18    </Button>
19  );
20}

Security

[ [0x03] DANGER ]

NEVER COMMIT SECRETS TO GIT

CRITICAL: The STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET are highly sensitive. Leaking them gives attackers full access to your Stripe account.

Never commit .env files to git. Always use .env.local (in .gitignore) for local development.
Never expose STRIPE_SECRET_KEY to the browser. Only use it in server-side code (API routes, server components).
Use secure storage in production: Vercel Environment Variables, AWS Secrets Manager, or similar.
Rotate keys immediately if you suspect they've been exposed. Go to Stripe Dashboard → Developers → API keys → Roll key.

Safe variables: NEXT_PUBLIC_* variables are safe for client-side use. These include pk_test_ (publishable keys) but NOT sk_test_ (secret keys).

Why Stripe

[ [0xC5] WHY STRIPE ]

For You

• No need to handle credit card security
• Instant access to payment data/analytics
• Automatic invoices and receipts
• Built-in fraud protection

For Your Customers

• Trusted, familiar checkout experience
• Apple Pay, Google Pay support
• Self-serve subscription management
• Easy refund process

Understanding Webhooks

[ [0x00] INFO ]

Think of webhooks like a doorbell

When Stripe processes a payment, it "rings your doorbell" (sends a webhook) to let you know something happened. Your app answers the door and takes appropriate action. Without webhooks, you'd have to constantly ask Stripe "did anyone pay yet?" - which is inefficient and slow. With webhooks, Stripe tells you instantly.

[ [0xFE] WEBHOOK EVENTS ]

Common webhook events: checkout.session.completed (someone paid),customer.subscription.deleted (someone cancelled),invoice.payment_failed (payment didn't go through).

Testing Payments

[ [0x35] TEST CARDS ]

Always test payments before going live. Stripe provides test card numbers that simulate different scenarios without charging real money.

Test Card Numbers

Successful payment4242 4242 4242 4242

Card declined4000 0000 0000 0002

Requires authentication4000 0025 0000 3155

Insufficient funds4000 0000 0000 9995

Use any future expiration date, any 3-digit CVC, and any billing ZIP code.

Common Questions

How much does Stripe charge?

Standard pricing is 2.9% + 30 cents per successful transaction. For example, a $100 payment costs you $3.20. There are no monthly fees.

When do I get my money?

By default, Stripe sends payouts to your bank account on a 2-day rolling basis. You can change this to daily or weekly in your Stripe settings.

What happens if a payment fails?

Stripe automatically retries failed subscription payments up to 4 times over a few weeks. You'll receive webhook events to handle access accordingly.

How do I handle refunds?

Issue refunds directly from the Stripe Dashboard. Go to the payment, click "Refund", and enter the amount. Stripe sends a webhook so you can revoke access.

Can customers pay in different currencies?

Yes! Stripe supports 135+ currencies. You can create prices in different currencies or let Stripe auto-convert based on the customer's location.

Going Live Checklist

[ [0x8E] GOING LIVE ]

Before accepting real payments:

Switch to live API keys (sk_live_, pk_live_)
Create webhook endpoint in Stripe Dashboard (not CLI)
Add production webhook secret to your hosting provider
Test a real $1 transaction and refund it
Enable Stripe Radar for fraud protection
Set up email receipts in Stripe settings

Next Steps

[ [0x51] FREE TRIALS ]

Free Trials

Let users try your product before paying with trial periods.

[ [0x12] TRANSACTIONAL EMAILS ]

Send purchase confirmations and invoices to customers.

[ [0x30] Features ] Stripe Payments

Stripe Payments

> Accept payments and manage subscriptions with Stripe.

Overview

[ [0x30] STATUS ]

Features

[ [0x01] ONE_TIME_PAY ]

STATUS: READY

DESC: Sell lifetime access or single products. Customer pays once, gets access forever.

[ [0x02] SUBSCRIPTION ]

STATUS: READY

DESC: Monthly or yearly recurring payments. Automatic billing and renewal.

[ [0x03] FREE_TRIALS ]

STATUS: READY

DESC: Let users try before they buy. Converts to paid at trial end.

[ [0x04] CUSTOMER_POR ]

STATUS: READY

DESC: Users manage their own billing - update card, change plan, cancel.

[ [0x05] WEBHOOK_HAND ]

STATUS: READY

DESC: Your app reacts to payment events in real-time.

[ [0x06] DUPLICATE_PR ]

STATUS: READY

DESC: Prevents accidental double charges from page refreshes.

Setup

[ [0x01] CREATE STRIPE ACCOUNT ]

DESC: Go to stripe.com and create an account. It's free to sign up. You won't pay anything until you process real payments.

[ [0x02] GET API KEYS ]

DESC: In the Stripe Dashboard, go to Developers → API keys. Copy your test keys. Test keys start with sk_test_ and pk_test_. Live keys start with sk_live_ and pk_live_.

[ [0x03] CREATE PRODUCTS ]

DESC: Go to Products in Stripe Dashboard. Create products for each pricing tier (e.g., Starter, Pro, Enterprise). Each product has a price ID like price_1234567890.

[ [0x04] ADD KEYS TO APP ]

DESC: Add these to your .env.local file

1$# Stripe API Keys (test mode - get from https://dashboard.stripe.com/test/apikeys)
2$STRIPE_SECRET_KEY="sk_test_your_secret_key"  # Server-side only, NEVER expose to browser
3$NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_your_publishable_key"  # Client-side safe
4
5$# Product Lookup Key (NOT a price ID)
6$# Create in Stripe Dashboard: Products → Your Product → Pricing → Lookup key field
7$# Lookup keys let you change prices in Stripe without updating code
8$NEXT_PUBLIC_STRIPE_PRICE_FABRK="fabrk_purchase"  # This is a lookup key, not price_1234567890
9
10$# Optional: Promotion code ID for discounts (if using early adopter offer)
11$STRIPE_COUPON_EARLY_ADOPTER="promo_1SVGK4P7kSSEYWlXBq1LtaNM"
12
13$# Why lookup keys instead of price IDs?
14$# - Price IDs (price_1234...) are hardcoded - changing price requires code update
15$# - Lookup keys (fabrk_purchase) are flexible - change price in Stripe Dashboard anytime

[ [0x05] SETUP WEBHOOKS ]

DESC: Install the Stripe CLI to test webhooks locally. Webhooks notify your app when payments succeed or fail.

1$# Step 1: Install Stripe CLI (one-time setup)
2$# macOS:
3$brew install stripe/stripe-cli/stripe
4
5$# Windows:
6$# Download from https://github.com/stripe/stripe-cli/releases
7
8$# Linux:
9$# See https://stripe.com/docs/stripe-cli#install
10
11$# Step 2: Login to Stripe
12$stripe login
13$# Opens browser window to authenticate
14
15$# Step 3: Forward webhooks to your local app
16$stripe listen --forward-to localhost:3000/api/webhooks/stripe
17
18$# Expected output:
19$# > Ready! Your webhook signing secret is whsec_abc123def456...
20$#
21$# Step 4: Copy the webhook secret (starts with whsec_)
22$# Add it to .env.local:
23$STRIPE_WEBHOOK_SECRET="whsec_abc123def456..."
24
25$# Leave this terminal window OPEN while developing
26$# You'll see webhook events appear here when you test payments

Usage

[ [0xF7] CHECKOUT BUTTON COMPONENT ]

Add this to any pricing card or button

1"use client";
2
3import { useState } from "react";
4import { Button } from "@/components/ui/button";
5
6export function CheckoutButton({ priceId, planName }) {
7  const [loading, setLoading] = useState(false);
8
9  const handleCheckout = async () => {
10    setLoading(true);
11    try {
12      // Call your checkout API
13      const response = await fetch("/api/stripe/checkout", {
14        method: "POST",
15        headers: { "Content-Type": "application/json" },
16        body: JSON.stringify({ priceId }),
17      });
18
19      const { url, error } = await response.json();
20
21      if (error) {
22        alert(error);
23        return;
24      }
25
26      // Redirect to Stripe Checkout
27      window.location.href = url;
28    } catch (err) {
29      alert("Something went wrong. Please try again.");
30    } finally {
31      setLoading(false);
32    }
33  };
34
35  return (
36    <Button onClick={handleCheckout} disabled={loading}>
37      {loading ? "Loading..." : `Get ${planName}`}
38    </Button>
39  );
40}

[ [0xEC] CUSTOMER PORTAL LINK ]

Let users manage their own subscription

1"use client";
2
3import { Button } from "@/components/ui/button";
4
5export function ManageBillingButton() {
6  const handlePortal = async () => {
7    const response = await fetch("/api/stripe/portal", {
8      method: "POST",
9    });
10
11    const { url } = await response.json();
12    window.location.href = url;
13  };
14
15  return (
16    <Button variant="outline" onClick={handlePortal}>
17      Manage Billing
18    </Button>
19  );
20}

Security

[ [0x03] DANGER ]

NEVER COMMIT SECRETS TO GIT

CRITICAL: The STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET are highly sensitive. Leaking them gives attackers full access to your Stripe account.

Never commit .env files to git. Always use .env.local (in .gitignore) for local development.
Never expose STRIPE_SECRET_KEY to the browser. Only use it in server-side code (API routes, server components).
Use secure storage in production: Vercel Environment Variables, AWS Secrets Manager, or similar.
Rotate keys immediately if you suspect they've been exposed. Go to Stripe Dashboard → Developers → API keys → Roll key.

Safe variables: NEXT_PUBLIC_* variables are safe for client-side use. These include pk_test_ (publishable keys) but NOT sk_test_ (secret keys).

Why Stripe

[ [0xC5] WHY STRIPE ]

For You

• No need to handle credit card security
• Instant access to payment data/analytics
• Automatic invoices and receipts
• Built-in fraud protection

For Your Customers

• Trusted, familiar checkout experience
• Apple Pay, Google Pay support
• Self-serve subscription management
• Easy refund process

Understanding Webhooks

[ [0x00] INFO ]

Think of webhooks like a doorbell

[ [0xFE] WEBHOOK EVENTS ]

Common webhook events: checkout.session.completed (someone paid),customer.subscription.deleted (someone cancelled),invoice.payment_failed (payment didn't go through).

Testing Payments

[ [0x35] TEST CARDS ]

Always test payments before going live. Stripe provides test card numbers that simulate different scenarios without charging real money.

Test Card Numbers

Successful payment4242 4242 4242 4242

Card declined4000 0000 0000 0002

Requires authentication4000 0025 0000 3155

Insufficient funds4000 0000 0000 9995

Use any future expiration date, any 3-digit CVC, and any billing ZIP code.

Common Questions

How much does Stripe charge?

Standard pricing is 2.9% + 30 cents per successful transaction. For example, a $100 payment costs you $3.20. There are no monthly fees.

When do I get my money?

By default, Stripe sends payouts to your bank account on a 2-day rolling basis. You can change this to daily or weekly in your Stripe settings.

What happens if a payment fails?

Stripe automatically retries failed subscription payments up to 4 times over a few weeks. You'll receive webhook events to handle access accordingly.

How do I handle refunds?

Issue refunds directly from the Stripe Dashboard. Go to the payment, click "Refund", and enter the amount. Stripe sends a webhook so you can revoke access.

Can customers pay in different currencies?

Yes! Stripe supports 135+ currencies. You can create prices in different currencies or let Stripe auto-convert based on the customer's location.

Going Live Checklist

[ [0x8E] GOING LIVE ]

Before accepting real payments:

Switch to live API keys (sk_live_, pk_live_)
Create webhook endpoint in Stripe Dashboard (not CLI)
Add production webhook secret to your hosting provider
Test a real $1 transaction and refund it
Enable Stripe Radar for fraud protection
Set up email receipts in Stripe settings

Next Steps

[ [0x51] FREE TRIALS ]

Free Trials

Let users try your product before paying with trial periods.

[ [0x12] TRANSACTIONAL EMAILS ]

Send purchase confirmations and invoices to customers.