stripe
Stripe
Stripe is a payment processing platform with APIs for accepting payments, managing subscriptions, handling payouts, Connect marketplaces, and fraud prevention.
Documentation
Best Practices
- Use PaymentIntents, not Charges — the Charges API and Sources API are legacy. Always use PaymentIntents (or Checkout Sessions) for new integrations. Agents default to Charges; this pattern is deprecated.
- Use Payment Element, not Card Element — the Payment Element is the current recommended frontend component. The Card Element is older and handles fewer payment methods. Agents often reach for Card Element.
- Webhook signature verification is mandatory — always verify webhooks with
stripe.webhooks.constructEvent(rawBody, sig, secret). Skipping verification means any attacker can send fake events. This is a security-critical step agents frequently omit. - Webhooks require the raw request body — do not parse the body with
express.json()or equivalent middleware before the webhook handler. The signature check needs the raw buffer, not a parsed object. Applying a body parser upstream silently breaks verification. - Add idempotency keys to mutations — pass
{ idempotencyKey: 'unique-key' }on PaymentIntent creation and other write operations to prevent duplicate charges on network retries. Agents almost never include these. - Never hardcode
payment_method_types— omit the parameter to let Stripe dynamically show the optimal payment methods for each customer's location and wallet. Hardcoding limits international acceptance unnecessarily.
More from mikkelkrogsholm/dev-skills
meilisearch
Meilisearch — fast, open-source search engine with typo tolerance, faceted search, and AI-powered hybrid search. Use when building with Meilisearch or asking about its index configuration, search parameters, filters, facets, API keys, geosearch, ranking rules, or integration with JavaScript/TypeScript clients. Fetch live documentation for up-to-date details.
42shadcn-ui
shadcn/ui — copy-owned React component library built on Radix UI and Tailwind CSS. Use when building with shadcn/ui or asking about its components, CLI, theming, configuration, or integration with Next.js, Vite, Remix, or other frameworks. Fetch live documentation for up-to-date details.
10zod
Zod — TypeScript-first schema validation with static type inference. Use when building with Zod or asking about schema definitions, type inference, parsing, transformations, refinements, coercion, error handling, or integration with forms, APIs, or tRPC. Fetch live documentation for up-to-date details.
10bun
Bun — fast all-in-one JavaScript/TypeScript runtime, package manager, bundler, and test runner. Use when building with Bun, running TypeScript, managing packages with bun install, writing tests with bun test, or asking about Bun APIs, configuration, or Node.js migration. Fetch live documentation for up-to-date API details.
9better-auth
Better Auth — framework-agnostic authentication and authorization framework for TypeScript. Use when building with Better Auth or asking about its APIs, configuration, plugins, session management, OAuth, or integration. Fetch live documentation for up-to-date details.
7react
React — JavaScript library for building user interfaces with components. Use when building with React or asking about hooks, state management, effects, Server Components, Suspense, or any React APIs, patterns, or configuration. Fetch live documentation for up-to-date details.
7