Skip to main content

Stripe Integration

Stripe powers subscription billing. The primary entry point is reformer-platform/src/api/checkout.js, with webhook handling elsewhere (webhooks/stripe). This page documents the checkout flow and required configuration.

Environment Variables

Configure these in Render and GitHub secrets:

STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_PRICE_FREE=price_...
STRIPE_PRICE_STARTER=price_...
STRIPE_PRICE_PRO=price_...
STRIPE_PRICE_ENTERPRISE=price_...
NEXT_PUBLIC_URL=https://dash.reformer.la

Fallback: process.env.Stripe_Reformer_Product_Mgmt is used if STRIPE_SECRET_KEY missing. Replace that legacy value with the official STRIPE_SECRET_KEY.

Checkout Endpoint

GET /api/checkout?plan=starter

  • Requires authenticated user (req.user set via middleware).
  • Normalizes plan names and validates against configured Stripe price IDs.
  • Fetches existing Stripe customer ID from subscriptions table; creates one if not found.
  • Creates Stripe Checkout Session:
    • mode: 'subscription'
    • success_url: https://dash.reformer.la/?checkout=success&session_id={CHECKOUT_SESSION_ID}
    • cancel_url: https://dash.reformer.la/pricing?checkout=canceled
    • Metadata includes user_id, plan, plan_tier.
    • Allows promotion codes and collects billing address.

Response behaviour

  • Browser request without Authorization header → redirect to signup first, then redirect to checkout (preserves original URL via redirect query param).
  • Authenticated API call with Accept: application/json → returns { url, sessionId, plan }.
  • Otherwise returns 303 redirect to Stripe Checkout.

Webhooks (not shown in file excerpt)

Stripe webhooks update subscription state:

  • checkout.session.completed → finalize onboarding, update subscriptions table.
  • invoice.paid / invoice.payment_failed → log billing status.

Ensure the Stripe webhook endpoint is deployed and the secret (STRIPE_WEBHOOK_SECRET) matches the value in Stripe Dashboard.

Testing Checklist

  • Unit test npm run test -- checkout-success-url asserts success_url points to dashboard.
  • Script scripts/test-checkout-urls.js ensures unauthenticated browser requests redirect to signup.
  • Manual:
    • Log in, hit /api/checkout?plan=starter, expect redirect to Stripe.
    • Complete checkout, confirm Stripe customer + subscription entries.
    • Verify redirect to dash.reformer.la/?checkout=success&session_id=....

For staging/local testing, use Stripe test keys and set NEXT_PUBLIC_URL=http://localhost:5173. Rotate live keys carefully; update env vars in Render + GitHub simultaneously.***