Stripe

What you need

Stripe has one key set, not separate live and sandbox slots. Test with test-mode keys (pk_test_ / sk_test_), then swap in live keys.

Why we ask for each field

Publishable key

Identifies your account when checkout opens in the buyer’s browser. Public by design.

Secret key

The private half that authorizes creating the charge, so the payment runs through your account.

Webhook signing secret

Proves an incoming webhook is genuinely from Stripe, so nobody can forge a "paid" event. It is a separate value from the secret key.

Success and Cancel URL

Plain settings: where the buyer lands after paying or backing out. Not secret.

Set up

1. Use test mode (free)

   A Stripe account is free, and test mode works before activation. Sign in at dashboard.stripe.com and turn on Test mode (top corner). Set up test first, then repeat in live.

2. Copy your keys

   Go to Developers → API keys and copy the Publishable key and Secret key.

   

3. Add the webhook
   1. Developers → Webhooks → Add endpoint.
   2. Set the endpoint URL to your project webhook address (below).
   3. Select events. For one-time payments: checkout.session.completed, charge.refunded, charge.dispute.created. If you sell subscriptions, also: customer.subscription.created, customer.subscription.updated, customer.subscription.deleted, invoice.payment_succeeded, invoice.payment_failed. Extra events are harmless, we ignore what we do not use.
   4. Copy the endpoint Signing secret (whsec_…). Test and live each have their own.

   https://<your Coin Moebius host>/webhook/stripe/<your project id>

   

4. Test

   Test cards work in test mode only and never charge a real card. Use any future expiration, any CVC, any postal code.

   Result	Card
   Succeeds	4242 4242 4242 4242
   Needs authentication	4000 0025 0000 3155
   Declined	4000 0000 0000 9995

5. Connect in the dashboard

   Add provider → Stripe. Enter the publishable key, secret key, webhook signing secret, Success URL, and Cancel URL. Use test keys to verify the flow, then edit the provider and swap in live keys.

After you connect

Run one test payment before going live:

1. With the provider connected using your test keys, every payment is a test payment.
2. Create a product and place the buy button on a page (a local HTML file works) pointed at your project.
3. Check out with a test card from above.
4. Open the Transactions tab. When the new row status reaches succeeded, your keys and webhook are both working end to end.

Then edit the provider, swap in your live keys, and you are taking real payments.

Troubleshooting

Start with Verify. In the dashboard, click Verify on the provider. It checks your keys against Stripe and returns a specific message if something is off.

Verify says the key format is wrong.

Secret keys start with sk_test_ or sk_live_ (restricted keys start with rk_). The webhook signing secret starts with whsec_. Re-copy the right value into the right field.

Verify says Stripe rejected the key.

Re-copy the secret key from Developers → API keys, and make sure you are not pairing a test key with a live webhook secret or the reverse.

Payment completes but the order stays pending.

The webhook is not arriving. Confirm the endpoint URL matches exactly, that you selected checkout.session.completed, and that a test payment is hitting your test-mode endpoint (test and live are separate endpoints).

Signature verification fails.

Each Stripe endpoint has its own signing secret. Copy the whsec_ from this endpoint settings, not another endpoint.

Confirm it end to end.

Stripe has no simulate button. In the Stripe Dashboard, resend a recent event to your endpoint, or create a test PaymentIntent, then watch the order update.

Good to know

Rotating keys. Roll the secret key or webhook secret anytime, then paste the new value. Secret fields stay blank on edit so you can drop in a rotated key.

Activation. Live keys work only once your account is activated for payments. Test keys work immediately.

Questions? [email protected]