| title | Stripe Plugin |
|---|---|
| label | Stripe |
| order | 110 |
| desc | Easily accept payments with Stripe |
| keywords | plugins, stripe, payments, ecommerce |
With this plugin you can easily integrate Stripe into Payload. Simply provide your Stripe credentials and this plugin will open up a two-way communication channel between the two platforms. This enables you to easily sync data back and forth, as well as proxy the Stripe REST API through Payload's Access Control. Use this plugin to completely offload billing to Stripe and retain full control over your application's data.
For example, you might be building an e-commerce or SaaS application, where you have a products or a plans collection that requires either a one-time payment or a subscription. You can to tie each of these products to Stripe, then easily subscribe to billing-related events to perform your application's business logic, such as active purchases or subscription cancellations.
To build a checkout flow on your front-end you can either use Stripe Checkout, or you can also build a completely custom checkout experience from scratch using Stripe Web Elements. Then to build fully custom, secure customer dashboards, you can leverage Payload's Access Control to restrict access to your Stripe resources so your users never have to leave your site to manage their accounts.
The beauty of this plugin is the entirety of your application's content and business logic can be handled in Payload while Stripe handles solely the billing and payment processing. You can build a completely proprietary application that is endlessly customizable and extendable, on APIs and databases that you own. Hosted services like Shopify or BigCommerce might fracture your application's content then charge you for access.
This plugin is completely open-source and the [source code can be found here](https://github.com/payloadcms/payload/tree/main/packages/plugin-stripe). If you need help, check out our [Community Help](https://payloadcms.com/community-help). If you think you've found a bug, please [open a new issue](https://github.com/payloadcms/payload/issues/new?assignees=&labels=plugin%3A%20stripe&template=bug_report.md&title=plugin-stripe%3A) with as much detail as possible.- Hides your Stripe credentials when shipping SaaS applications
- Allows restricted keys through Payload access control
- Enables a two-way communication channel between Stripe and Payload
- Proxies the Stripe REST API
- Proxies Stripe webhooks
- Automatically syncs data between the two platforms
Install the plugin using any JavaScript package manager like pnpm, npm, or Yarn:
pnpm add @payloadcms/plugin-stripeIn the plugins array of your Payload Config, call the plugin with options:
import { buildConfig } from 'payload'
import { stripePlugin } from '@payloadcms/plugin-stripe'
const config = buildConfig({
plugins: [
stripePlugin({
stripeSecretKey: process.env.STRIPE_SECRET_KEY,
}),
],
})
export default config| Option | Type | Default | Description |
|---|---|---|---|
stripeSecretKey * |
string | undefined |
Your Stripe secret key |
stripeWebhooksEndpointSecret |
string | undefined |
Your Stripe webhook endpoint secret |
rest |
boolean | false |
When true, opens the /api/stripe/rest endpoint |
webhooks |
object or function | undefined |
Either a function to handle all webhooks events, or an object of Stripe webhook handlers, keyed to the name of the event |
sync |
array | undefined |
An array of sync configs |
logs |
boolean | false |
When true, logs sync events to the console as they happen |
* An asterisk denotes that a property is required.
The following custom endpoints are automatically opened for you:
| Endpoint | Method | Description |
|---|---|---|
/api/stripe/rest |
POST |
Proxies the Stripe REST API behind Payload access control and returns the result. See the REST Proxy section for more details. |
/api/stripe/webhooks |
POST |
Handles all Stripe webhook events |
If rest is true, proxies the Stripe REST API behind Payload access control and returns the result. This flag should only be used for local development, see the security note below for more information.
const res = await fetch(`/api/stripe/rest`, {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
// Authorization: `JWT ${token}` // NOTE: do this if not in a browser (i.e. curl or Postman)
},
body: JSON.stringify({
stripeMethod: 'stripe.subscriptions.list',
stripeArgs: [
{
customer: 'abc',
},
],
}),
})If you need to proxy the API server-side, use the stripeProxy function.
**Note:**The /api part of these routes may be different based on the settings defined in your Payload
config.
Opening the REST proxy endpoint in production is a potential security risk. Authenticated users will have open access to the Stripe REST API. In production, open your own endpoint and use the stripeProxy function to proxy the Stripe API server-side.
Stripe webhooks are used to sync from Stripe to Payload. Webhooks listen for events on your Stripe account so you can trigger reactions to them. Follow the steps below to enable webhooks.
Development:
- Login using Stripe cli
stripe login - Forward events to localhost
stripe listen --forward-to localhost:3000/api/stripe/webhooks - Paste the given secret into your
.envfile asSTRIPE_WEBHOOKS_ENDPOINT_SECRET
Production:
- Login and create a new webhook from the Stripe dashboard
- Paste
YOUR_DOMAIN_NAME/api/stripe/webhooksas the "Webhook Endpoint URL" - Select which events to broadcast
- Paste the given secret into your
.envfile asSTRIPE_WEBHOOKS_ENDPOINT_SECRET - Then, handle these events using the
webhooksportion of this plugin's config:
import { buildConfig } from 'payload'
import stripePlugin from '@payloadcms/plugin-stripe'
const config = buildConfig({
plugins: [
stripePlugin({
stripeSecretKey: process.env.STRIPE_SECRET_KEY,
stripeWebhooksEndpointSecret: process.env.STRIPE_WEBHOOKS_ENDPOINT_SECRET,
webhooks: {
'customer.subscription.updated': ({ event, stripe, stripeConfig }) => {
// do something...
},
},
// NOTE: you can also catch all Stripe webhook events and handle the event types yourself
// webhooks: (event, stripe, stripeConfig) => {
// switch (event.type): {
// case 'customer.subscription.updated': {
// // do something...
// break;
// }
// default: {
// break;
// }
// }
// }
}),
],
})
export default configFor a full list of available webhooks, see here.
When using the Stripe Plugin within a serverless environment, the process that handles running webhooks will immediately close before these webhooks finish executing.
The reason for this is that the webhook handler that this plugin processes webhooks asynchronously. This is because Stripe places a timeout on these requests, and if the request takes longer than 10-20 seconds to respond with a 2xx status code, it assumes that the event has failed and will retry at a later date. Stripe expects an immediate response from your application. If your webhooks interact with the database or perform other slow API requests, for example, this can lead to multiple, duplicative events, and potentially data inconsistencies.
From the Stripe docs:
Your endpoint must quickly return a successful status code (2xx) prior to any complex logic that could cause a timeout. For example, you must return a 200 response before updating a customer's invoice as paid in your accounting system.
Reference: https://docs.stripe.com/webhooks#acknowledge-events-immediately
If you're on Vercel, you can install the @vercel/functions package. When detected, we wrap your custom webhook handler in waitUntil function that this module provides. This allows the serverless function instance to stay alive and complete processing after the response has been sent.
From the Vercel docs:
The waitUntil() method enqueues an asynchronous task to be performed during the lifecycle of the request. You can use it for anything that can be done after the response is sent, such as logging, sending analytics, or updating a cache, without blocking the response from being sent.
Reference: https://vercel.com/docs/functions/functions-api-reference#waituntil
On the server you should interface with Stripe directly using the stripe npm module. That might look something like this:
import Stripe from 'stripe'
const stripeSecretKey = process.env.STRIPE_SECRET_KEY
const stripe = new Stripe(stripeSecretKey, {
apiVersion: '2022-08-01',
})
export const MyFunction = async () => {
try {
const customer = await stripe.customers.create({
email: data.email,
})
// do something...
} catch (error) {
console.error(error.message)
}
}Alternatively, you can interface with the Stripe using the stripeProxy, which is exactly what the /api/stripe/rest endpoint does behind-the-scenes. Here's the same example as above, but piped through the proxy:
import { stripeProxy } from '@payloadcms/plugin-stripe'
export const MyFunction = async () => {
try {
const customer = await stripeProxy({
stripeSecretKey: process.env.STRIPE_SECRET_KEY,
stripeMethod: 'customers.create',
stripeArgs: [
{
email: data.email,
},
],
})
if (customer.status === 200) {
// do something...
}
if (customer.status >= 400) {
throw new Error(customer.message)
}
} catch (error) {
console.error(error.message)
}
}This option will setup a basic sync between Payload collections and Stripe resources for you automatically. It will create all the necessary hooks and webhooks handlers, so the only thing you have to do is map your Payload fields to their corresponding Stripe properties. As documents are created, updated, and deleted from either Stripe or Payload, the changes are reflected on either side.
**Note:**If you wish to enable a two-way sync, be sure to setup webhooks and pass the
stripeWebhooksEndpointSecret through your config.
import { buildConfig } from 'payload'
import stripePlugin from '@payloadcms/plugin-stripe'
const config = buildConfig({
plugins: [
stripePlugin({
stripeSecretKey: process.env.STRIPE_SECRET_KEY,
stripeWebhooksEndpointSecret: process.env.STRIPE_WEBHOOKS_ENDPOINT_SECRET,
sync: [
{
collection: 'customers',
stripeResourceType: 'customers',
stripeResourceTypeSingular: 'customer',
fields: [
{
fieldPath: 'name', // this is a field on your own Payload Config
stripeProperty: 'name', // use dot notation, if applicable
},
],
},
],
}),
],
})
export default configDue to limitations in the Stripe API, this currently only works with top-level fields. This is because every Stripe object is a separate entity, making it difficult to abstract into a simple reusable library. In the future, we may find a pattern around this. But for now, cases like that will need to be hard-coded.
Using sync will do the following:
- Adds and maintains a
stripeIDread-only field on each collection, this is a field generated by Stripe and used as a cross-reference - Adds a direct link to the resource on Stripe.com
- Adds and maintains an
skipSyncread-only flag on each collection to prevent infinite syncs when hooks trigger webhooks - Adds the following hooks to each collection:
beforeValidate:createNewInStripebeforeChange:syncExistingWithStripeafterDelete:deleteFromStripe
- Handles the following Stripe webhooks
STRIPE_TYPE.created:handleCreatedOrUpdatedSTRIPE_TYPE.updated:handleCreatedOrUpdatedSTRIPE_TYPE.deleted:handleDeleted
All types can be directly imported:
import {
StripeConfig,
StripeWebhookHandler,
StripeProxy,
...
} from '@payloadcms/plugin-stripe/types';