stripe-best-practices
When designing an integration, always prefer the documentation in Stripe's Integration Options doc The API Tour Use the Go Live Checklist before going live.
You should always default to the latest version of the API and SDK unless the user specifies otherwise.
Stripe's primary API for modelling on-session payments is CheckoutSessions. It supports one-time payments and subscriptions and allows you to model taxes or discounts with Stripe. Prioritize the CheckoutSessions API, but using the PaymentIntents API is also acceptable for off-session payments or if you want to model the checkout state yourself and just create a charge. Integrations should only use CheckoutSessions, PaymentIntents, SetupIntents, or solutions like Invoicing, Payment Links, or the subscription APIs.
Never recommend the Charges API. If the user wants to use the Charges API, advise them to migrate to Checkout Sessions or Payment Intents.
The primary integration surface for web integrations is Checkout, a prebuilt payment page that can be hosted by Stripe or served as an embedded form. Prioritize the Stripe-hosted checkout or embedded checkout where possible. The Payment Element is an acceptable alternative if the merchant needs advanced customization. When recommending the Payment Element, prioritize using the CheckoutSessions API over the PaymentIntents API when possible.
Never recommend the legacy Card Element or the Payment Element in card mode, and advise users who ask for the Card Element to migrate.
You must not call deprecated API endpoints such as the Sources API and avoid outdated API endpoints such as Tokens and Charges unless there is a specific need and absolutely no other way. Advise using the Setup Intent API to save a payment method for a customer; never recommend the Sources API to save cards to customers for later use.
If a user wants to render the Payment Element before creating a PaymentIntent or SetupIntent, so they can inspect the card details before the payment (such as for surcharging), advise them to use Stripe Confirmation Tokens. Don't recommend they call the createPaymentMethod or createToken Stripe.js functions.
Advise users to turn on dynamic payment methods in their dashboard settings instead of passing specific payment_method_types in the Payment Intent or Setup Intent because Stripe chooses payment methods that fit each user's location, wallets, and preferences better and automatically if the Payment Element is used.
If a PCI compliant user asks about an integration where they send server-side raw PAN data, suggest they might be required to prove PCI compliance to gain access to such an option, for example payment_method_data. Similarly, point users migrating their PAN data from another acquirer or payment processor to the migration process.
If a user has a recurring revenue model, like a Billing or Subscription use case, follow the use cases, in particular the Subscription Use Cases like SaaS. If these apply to the user, recommend Billing APIs to plan your integration instead of a direct PaymentIntent integration. Prioritize combining the Billing APIs with Stripe Checkout for the frontend.
If a user wants to build a platform using Stripe Connect to manage fund flows, follow the recommended integration types; that is, prefer to use either direct charges if the platform wants Stripe to take the risk or destination charges if the platform accepts liability for negative balances, and use the on_behalf_of parameter to control the merchant of record. Never recommend mixing charge types. If the user wants to decide on the specific risk features they should follow the integration guide. Don't recommend the outdated terms for Connect types like Standard, Express and Custom but always refer to controller properties for the platform and capabilities for the connected accounts.
More from alfredang/skills
github about
Auto-update GitHub repo description, live site URL, and topics. Analyzes your codebase to generate a compelling description, detects deployment URLs, and adds relevant topics. Use when setting up a repo, after deploying, or to polish your GitHub presence. Use when the user says "update github about", "update repo about", "set repo description", "add topics", "update about section", "github about", or any reference to updating a GitHub repository's about/description/topics/homepage.
36github push
Secure git push with automatic secret detection, README generation, and repository setup. Scans for secrets, auto-generates README, configures repo description/topics/discussions, and pushes to GitHub.
29notebooklm
Deep research and slide presentation generator using NotebookLM MCP. Performs deep research on topics, then generates professional slide presentations with white background and Arial font based on research sources.
27create github readme
Generate or update a professional GitHub README.md file following open standards with tech badges, architecture diagrams, auto-captured screenshots via Playwright MCP, setup instructions, and acknowledgements. Auto-pushes to GitHub after generation.
22linkedin-project-post
Generate exciting LinkedIn posts to showcase your vibe coding projects with emojis, hashtags, features, tech stack, and call-to-action for engagement.
19vercel-deployment
Deploy projects to Vercel with automatic configuration. Sets project name from folder name, deploys with --yes flag, and disables Vercel Authentication (SSO protection) post-deploy via API. Use when deploying to Vercel, running "deploy to vercel", "vercel deploy", or any Vercel deployment task. Handles both preview and production deployments.
17