E-commerce & Payments Skill
Billing Automation
Build automated billing systems for recurring payments, invoicing, subscription lifecycle, and…
$15
Stripe Best Practices
Production-grade Stripe integration best practices.
A production-grade rulebook for modern, secure, PCI-compliant Stripe integrations. It steers you to the right integration surface (Checkout Sessions vs Payment Intents vs Setup Intents), enforces webhook signature verification and idempotency, and steers you away from deprecated APIs (Sources, Charges, Tokens, Card Element) that silently break or leave you exposed.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category E-commerce & Payments
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
A Stripe integration fails quietly: a deprecated API here, an unverified webhook there, a rounding bug in the money math. The hardening pass audits all of it in layers and closes with a verification checklist.
- Routes the integration through the API decision tree first: Checkout Sessions over Payment Intents, SetupIntent for saved cards, the correct Connect charge type for platforms.
- Audits the codebase for deprecated surfaces (Charges, Sources, Tokens, Card Element) and maps each one to its modern replacement.
- Hardens the webhook pipeline in layers: constructEvent signature verification on the raw body, a processed-events table for idempotency, rate limiting on top.
- Enforces money-unit discipline: every amount crosses the cent/dollar boundary through Math.round helpers, never bare multiplication.
- Locks environments down: a startup check so a test key can never reach production, an explicit apiVersion pinned in code, secrets in env vars with rotation.
- Closes with the verification checklist: dynamic payment methods enabled, SCA requires_action handled, a dead-letter queue ready for failed webhooks.
One power source. 6 lines out.
stripe-best-practices · core
core active · 6 lines
- ✓ designing a new stripe i…
Designing a new Stripe integration with the right API choice
- ✓ auditing an existing int…
Auditing an existing integration for deprecated API usage
- ✓ hardening webhook handlers
Hardening webhook handlers with signature verify and idempotency
- ✓ handling sca / 3d secure
Handling SCA / 3D Secure for European payments
- ✓ setting up dynamic payment
Setting up dynamic payment methods by customer locale
- ✓ planning a stripe connect
Planning a Stripe Connect marketplace or multi-tenant platform
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Eliminate duplicate charges and spoofed webhooks at the source
license: perpetual -
Stay PCI-compliant and reduce audit scope with Elements/Checkout
license: perpetual -
Prevent cent/dollar conversion errors that cause direct money loss
license: perpetual -
Future-proof your integration against deprecated-API breakage
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
API selection decision tree (Checkout > Payment Intents > rare alternatives)
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
Developers and technical leads building or auditing payment flows who want a secure, modern Stripe setup that holds up in production.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
Our Stripe integration has been live for years. Is this only for new builds?
Auditing existing integrations is half the point. The rulebook includes a deprecated-to-modern migration mapping for Sources, Charges, Tokens, and Card Element, the APIs that silently break or leave you exposed, plus a checklist for hardening webhook handlers you already have in production.
-
What does this give me that the official Stripe docs do not?
Opinionated decisions. The docs explain every API; this tells you which one to pick via a decision tree (Checkout first, Payment Intents when justified, rare alternatives last), enforces six defensive patterns like signature verification and cent-conversion discipline, and lists the top five field pitfalls with one-line fixes.
-
Does it include the actual implementation code for checkout and subscriptions?
No, this is deliberately the rulebook layer: API selection, security disciplines, migration mappings, and a go-live verification checklist. For hands-on, end-to-end implementation code there is a separate package, stripe-integration; this one decides and audits, that one builds.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.