Setting up Stripe
How to configure Stripe for payments, webhooks, and testing — including test card details.
Reference guide for connecting and testing Stripe in this application.
Keys
Stripe credentials are stored encrypted in Settings → Finance. Three values are required:
- Publishable key — starts with
pk_live_orpk_test_. Safe to store in plaintext. - Secret key — starts with
sk_live_orrk_(restricted). Use a restricted key scoped to the minimum required permissions. - Webhook secret — starts with
whsec_. Generated in the Stripe dashboard under Developers → Webhooks.
Use pk_test_ / sk_test_ keys during development and testing. Switch to live keys when moving to production.
Webhook endpoint
Register the following endpoint in the Stripe dashboard under Developers → Webhooks:
https://yourdomain.org/webhooks/stripe
Events to listen for:
checkout.session.completedinvoice.payment_succeededinvoice.payment_failedpayment_intent.payment_failedrefund.created
Test card details
Use these details when testing checkout flows in Stripe test mode:
| Field | Value |
|---|---|
| Card number | 4242 4242 4242 4242 |
| Expiry | Any future date (e.g. 12/34) |
| CVC | Any 3 digits (e.g. 123) |
| ZIP | Any 5 digits (e.g. 12345) |
This card simulates a successful payment. Stripe provides additional test card numbers for declined cards, 3D Secure flows, etc. — see the Stripe documentation.
Donation prefix
The URL segment for the donation checkout endpoint is configurable under Settings → General → Routing. Default: donate. This affects the route POST /donate/checkout used by the Donation Form widget.