Production Stripe Setup Guide

Week 5 Day 3 - Phase 4

Date: October 24, 2025 Version: 20251024.08:00 Purpose: Configure Stripe for production payments

---

Overview

This guide walks through setting up CodeSlick's production Stripe integration to accept real payments for TEAM (€99/month) and ENTERPRISE (€299/month) subscriptions.

Estimated Time: 2-3 hours Prerequisites: Stripe account with business verification complete

---

Part 1: Stripe Account Setup

1.1 Create Production Stripe Account

If you already have a Stripe account: 1. Log in to https://dashboard.stripe.com 2. Switch to Live mode (toggle in top-right) 3. Complete business verification if prompted

If you need a new account: 1. Go to https://stripe.com/register 2. Create account with business email 3. Complete business information: - Legal business name - Business address - Tax ID (VAT number for EU) - Bank account for payouts 4. Verify email and phone number 5. Complete identity verification (upload ID)

Business Verification Status: - ⏳ Pending: May take 1-3 business days - ✅ Approved: Can accept live payments - ❌ Rejected: Contact Stripe support

1.2 Configure Account Settings

1. Navigate to Settings > Account details
2. Set Business name: "CodeSlick" (or your legal entity)
3. Set Support email: support@codeslick.dev

4. Set Customer facing name: "CodeSlick Security Platform"

5. Navigate to Settings > Branding

6. Upload logo (square, 512x512px minimum)
7. Set brand color: #4F46E5 (indigo-600)

8. Set icon: CodeSlick favicon

9. Navigate to Settings > Customer emails

10. ✅ Enable "Successful payments"
11. ✅ Enable "Refunds"
12. ✅ Enable "Disputes"
13. ✅ Enable "Invoices"

---

Part 2: Create Products and Prices

2.1 TEAM Plan Product

1. Navigate to Products > Add product
2. Fill in details:
3. Name: CodeSlick TEAM
4. Description:

   Professional security analysis for development teams.
   - Unlimited PR analyses
   - 5 repositories
   - Priority support
   - Advanced analytics
   

5. Image: Upload product image (optional)

6. Create recurring price:

7. Price: €99.00
8. Billing period: Monthly
9. Currency: EUR
10. Price ID: Will be auto-generated (e.g., price_1ABC...)

11. Tax behavior: Exclusive (tax calculated at checkout)

12. Save product

13. Copy Price ID (starts with price_) - you'll need this for environment variables

2.2 ENTERPRISE Plan Product

1. Navigate to Products > Add product
2. Fill in details:
3. Name: CodeSlick ENTERPRISE

4. Description:

   Enterprise-grade security for large teams.
   - Everything in TEAM
   - Unlimited repositories
   - Unlimited team members
   - Custom security rules
   - Dedicated support
   - SLA guarantees
   

5. Create recurring price:

6. Price: €299.00
7. Billing period: Monthly
8. Currency: EUR

9. Price ID: Will be auto-generated (e.g., price_1DEF...)

10. Save product

11. Copy Price ID - you'll need this for environment variables

2.3 Verify Products

Navigate to Products and confirm: - ✅ CodeSlick TEAM: €99/month, recurring - ✅ CodeSlick ENTERPRISE: €299/month, recurring - Both products show as "Active"

---

Part 3: API Keys Configuration

3.1 Get Live API Keys

1. Navigate to Developers > API keys
2. Switch to Live mode (toggle at top)
3. Find your keys:
4. Publishable key: pk_live_... (visible)
5. Secret key: Click Reveal live key → sk_live_... (keep secret!)

Security Warning: - ⚠️ NEVER commit sk_live_ keys to git - ⚠️ NEVER share secret keys - ⚠️ Store only in environment variables

3.2 Update Environment Variables

Update your .env.local (for local testing) and Vercel environment variables (for production):

# Stripe Live Keys (PRODUCTION)
STRIPE_SECRET_KEY=sk_live_XXXXXXXXXXXXXXXXXXXXXX
STRIPE_WEBHOOK_SECRET=whsec_XXXXXXXXXXXXXXXXXXXXXX  # We'll get this in Part 4
STRIPE_PRICE_ID_TEAM=price_XXXXXXXXXXXXXXXXXXXXXX
STRIPE_PRICE_ID_ENTERPRISE=price_XXXXXXXXXXXXXXXXXXXXXX

# Public key (safe to expose)
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_XXXXXXXXXXXXXXXXXXXXXX

# App URL (production domain)
NEXT_PUBLIC_APP_URL=https://codeslick.dev

3.3 Configure Vercel Environment Variables

1. Go to Vercel Dashboard → Your Project → Settings → Environment Variables
2. Add each variable:
3. Name: STRIPE_SECRET_KEY
4. Value: sk_live_...
5. Environment: Production (only)

6. Save

7. Repeat for all Stripe variables

8. DO NOT add live keys to Preview or Development environments

---

Part 4: Webhook Configuration

4.1 Create Webhook Endpoint

1. Navigate to Developers > Webhooks
2. Click Add endpoint
3. Fill in details:
4. Endpoint URL: https://codeslick.dev/api/billing/webhook
5. Description: "CodeSlick production billing webhooks"

6. Version: Latest API version (2025-09-30)

7. Select events to listen to:

   ✅ checkout.session.completed
   ✅ customer.subscription.updated
   ✅ customer.subscription.deleted
   ✅ invoice.paid
   ✅ invoice.payment_failed
   

8. Click Add endpoint

4.2 Get Webhook Signing Secret

1. After creating the endpoint, click on it
2. Scroll to Signing secret
3. Click Reveal → Copy the secret (starts with whsec_)

4. Add to environment variables:

   STRIPE_WEBHOOK_SECRET=whsec_XXXXXXXXXXXXXXXXXXXXXX
   

5. Update in Vercel:

6. Go to Vercel → Settings → Environment Variables
7. Add STRIPE_WEBHOOK_SECRET
8. Value: whsec_...
9. Environment: Production
10. Save

4.3 Test Webhook Endpoint

1. In Stripe Dashboard → Webhooks → Your endpoint
2. Click Send test webhook
3. Select event: checkout.session.completed
4. Click Send test webhook
5. Check response:
6. ✅ Status: 200 OK
7. ✅ Response time: <2s
8. ❌ If failed: Check Vercel logs for errors

Common Issues: - 401 Unauthorized: Check webhook secret is correct - 500 Internal Server Error: Check database connection - Timeout: Check if endpoint URL is correct

---

Part 5: Customer Portal Configuration

5.1 Configure Customer Portal

1. Navigate to Settings > Customer portal
2. Enable customer portal:

3. ✅ Enable customer portal

4. Configure portal settings:

5. Headline: "Manage your CodeSlick subscription"
6. Privacy policy: https://codeslick.dev/privacy

7. Terms of service: https://codeslick.dev/terms

8. Enable features:

9. ✅ Update payment method
10. ✅ View invoice history
11. ✅ Cancel subscription

12. ⬜ Update subscription (disable for now)

13. Save changes

5.2 Configure Cancellation Flow

1. In Customer Portal settings → Subscription cancellation
2. Set cancellation type:
3. ✅ Cancel at period end (recommended)

4. ⬜ Cancel immediately

5. Add cancellation survey (optional):

6. "Why are you canceling?"

7. Options:

   • Too expensive
   • Not using it enough
   • Switched to competitor
   • Missing features
   • Other

8. Save

---

Part 6: Payment Methods Configuration

6.1 Enable Payment Methods

1. Navigate to Settings > Payment methods
2. Enable methods:
3. ✅ Cards (Visa, Mastercard, Amex)
4. ✅ SEPA Direct Debit (for EU customers)
5. ✅ iDEAL (for Netherlands)
6. ⬜ Google Pay (optional)

7. ⬜ Apple Pay (optional)

8. Configure card settings:

9. ✅ Require CVV
10. ✅ Require postal code

11. ✅ Enable 3D Secure (SCA compliance)

12. Save

6.2 Configure Billing Settings

1. Navigate to Settings > Billing
2. Set retry logic for failed payments:
3. 1^st retry: 3 days after failure
4. 2^nd retry: 7 days after failure
5. 3^rd retry: 10 days after failure

6. After 3 failures: Cancel subscription

7. Email notifications:

8. ✅ Send email on payment failure
9. ✅ Send reminder before retry

10. ✅ Send email before cancellation

11. Save

---

Part 7: Tax Configuration (EU VAT)

7.1 Enable Stripe Tax

1. Navigate to Settings > Tax
2. Click Enable Stripe Tax
3. Confirm your business location
4. Stripe Tax will automatically:
5. Calculate VAT for EU customers
6. Collect tax ID numbers
7. Generate tax reports

7.2 Configure Tax Settings

1. Tax collection:
2. ✅ Collect tax IDs from customers
3. ✅ Validate tax IDs

4. ✅ Apply reverse charge when applicable

5. Tax display:

6. Price display: Exclusive (show "€99 + VAT")

7. Invoice display: Show tax breakdown

8. Save

Note: Stripe Tax costs 0.5% of transaction volume. Alternative: Manual tax handling.

---

Part 8: Testing in Live Mode

8.1 Create Test Subscription

WARNING: This will create a REAL charge. Use a real card.

1. Create a test team in your app (as a real user would)
2. Navigate to billing settings
3. Click Upgrade to TEAM
4. Complete Stripe Checkout:
5. Use a real credit card (will be charged €99)
6. Complete 3D Secure authentication if prompted

7. Confirm payment

8. Verify in Stripe Dashboard:

9. Navigate to Payments
10. Confirm payment of €99 received

11. Status: "Succeeded"

12. Verify in your app:

13. Team plan updated to "team"
14. Subscription record created in database
15. Audit log entry created

8.2 Test Webhook Delivery

1. In Stripe Dashboard → Webhooks → Your endpoint
2. Check recent events:
3. checkout.session.completed - Delivered
4. Status: 200 OK

5. Response time: <2s

6. If webhook failed:

7. Click on failed event
8. Check error message
9. View request/response
10. Debug and retry

8.3 Test Customer Portal

1. In your app, navigate to team billing
2. Click Manage Billing
3. Verify redirected to Stripe Customer Portal
4. Test features:
5. ✅ View invoices
6. ✅ Download invoice PDF
7. ✅ Update payment method

8. ✅ Cancel subscription (don't actually cancel!)

9. Return to your app

10. Verify redirect back works

8.4 Test Cancellation Flow

Optional (will cancel your test subscription):

1. In Customer Portal → Cancel subscription
2. Select reason for cancellation
3. Confirm cancellation
4. Verify:
5. Subscription status: "Canceled (ends on [date])"
6. Database updated: cancelAtPeriodEnd: true

7. Team still has access until period end

8. Wait for period end (or manually expire in Stripe):

9. Navigate to Customers → Find customer → Subscription

10. Click Cancel subscription → Cancel now (admin action)

11. Verify:

12. Webhook customer.subscription.deleted delivered
13. Team plan downgraded to "free"
14. Access restricted to 20 analyses/month

---

Part 9: Production Deployment

9.1 Deploy to Vercel

1. Ensure all environment variables are set in Vercel

2. Push code to main branch:

   git add .
   git commit -m "Production Stripe configuration"
   git push origin main
   

3. Vercel will auto-deploy (2-3 minutes)

4. Check deployment logs for errors

9.2 Verify Production Deployment

1. Navigate to https://codeslick.dev
2. Create a test team
3. Navigate to billing → Upgrade to TEAM
4. Verify Stripe Checkout opens correctly
5. DO NOT complete payment yet (unless you want to)

9.3 Monitor First Real Payment

When you get your first customer:

1. Watch Stripe Dashboard → Payments (real-time)
2. Check webhook delivery → Webhooks → Events

3. Verify database updated correctly:

   SELECT * FROM teams WHERE plan = 'team';
   SELECT * FROM subscriptions WHERE team_id = '...';
   

4. Check Vercel logs for any errors:

   Vercel Dashboard → Logs → Filter by /api/billing
   

---

Part 10: Security Checklist

10.1 Production Security Validation

Before going live, verify:

• ✅ API Keys: Live secret key never committed to git
• ✅ Webhook Secret: Stored only in environment variables
• ✅ HTTPS: All URLs use https:// (no http://)
• ✅ Webhook Signature: Verification enabled in code
• ✅ Environment Separation: Test keys not in production
• ✅ Database Backups: Automated daily backups enabled
• ✅ Error Tracking: Vercel logs monitored
• ✅ Rate Limiting: Enabled on billing endpoints

10.2 Compliance Validation

For EU customers (GDPR, PSD2):

• ✅ Privacy Policy: Link in Stripe checkout
• ✅ Terms of Service: Link in Stripe checkout
• ✅ 3D Secure (SCA): Enabled for EU cards
• ✅ VAT Collection: Stripe Tax enabled
• ✅ Data Processing Agreement: Signed with Stripe

10.3 Monitoring Setup

Stripe Dashboard: 1. Enable email alerts: - Failed payments - Chargebacks/disputes - Webhook failures

1. Set up Slack notifications (optional):
2. Navigate to Settings > Notifications
3. Connect Slack workspace
4. Enable notifications for critical events

Vercel Monitoring: 1. Enable log drains (optional): - Send logs to external service (Datadog, LogDNA) - Alert on billing API errors

1. Set up Sentry (recommended):
2. Install: npm install @sentry/nextjs
3. Configure DSN
4. Monitor billing errors

---

Part 11: Troubleshooting

Common Issues

Issue 1: Webhook 400 Bad Request - Cause: Invalid signature - Fix: Verify STRIPE_WEBHOOK_SECRET matches Stripe Dashboard - Check: Vercel environment variable is set correctly

Issue 2: Checkout Session Expired - Cause: User took >24 hours to complete checkout - Fix: This is expected - user needs to create new checkout session - Prevention: None needed - Stripe automatically expires sessions

Issue 3: Payment Succeeded but Database Not Updated - Cause: Webhook failed to deliver or process - Fix: 1. Check webhook logs in Stripe Dashboard 2. Manually trigger webhook retry 3. If persistent, check Vercel logs for errors

Issue 4: 3D Secure Fails - Cause: Bank declined 3DS authentication - Fix: User must contact their bank - Alternative: Try different payment method

Issue 5: Subscription Not Canceled - Cause: customer.subscription.deleted webhook not received - Fix: 1. Check webhook logs 2. Manually cancel in Stripe Dashboard 3. Sync database:

UPDATE teams SET plan = 'free' WHERE stripe_customer_id = 'cus_...';
UPDATE subscriptions SET status = 'canceled' WHERE stripe_subscription_id = 'sub_...';

Debug Checklist

If something doesn't work:

1. ✅ Check Stripe Dashboard → Webhooks → Events (shows all webhook attempts)
2. ✅ Check Vercel Logs → Filter by /api/billing/webhook
3. ✅ Check database:

   SELECT * FROM audit_logs WHERE action LIKE '%subscription%' ORDER BY created_at DESC LIMIT 10;
   

4. ✅ Test webhook manually in Stripe Dashboard
5. ✅ Verify environment variables match Stripe Dashboard
6. ✅ Check Stripe API version matches code (2025-09-30)

---

Part 12: Launch Checklist

Before announcing production billing:

Pre-Launch (Day 3)

• Stripe live mode verified ✅
• Products created (TEAM €99, ENTERPRISE €299) ✅
• Webhook endpoint configured and tested ✅
• Customer Portal configured ✅
• Tax settings configured (EU VAT) ✅
• Test subscription created and verified ✅
• All environment variables set in Vercel ✅
• Security checklist completed ✅

Launch Day (Day 4)

• Monitor Stripe Dashboard for first payments
• Check webhook delivery in real-time
• Verify database updates correctly
• Test customer portal with real subscription
• Announce production billing to beta users

Post-Launch (Week 6+)

• Monitor daily for failed payments
• Review chargebacks/disputes weekly
• Track MRR growth
• Collect user feedback on billing experience
• Optimize pricing based on data

---

Part 13: Pricing Strategy Notes

Current Pricing

• FREE: €0/month, 20 analyses/month, 1 repo
• TEAM: €99/month, unlimited analyses, 5 repos
• ENTERPRISE: €299/month, unlimited everything

Future Optimizations (Month 2-3)

A/B Testing Ideas: 1. Test €79/month vs €99/month for TEAM 2. Test annual plans (€990/year = 2 months free) 3. Test usage-based pricing (€0.50 per analysis)

Volume Discounts: - 5-10 teams: 10% discount - 10-20 teams: 20% discount - 20+ teams: Custom enterprise pricing

Lifetime Deals (not recommended): - Avoid lifetime deals (unsustainable) - Use 1-year prepaid instead (€990 for TEAM)

---

Conclusion

Production Stripe Setup: ✅ COMPLETE

You are now ready to accept live payments from customers!

Next Steps: - Day 4: Beta user testing (5-10 teams) - Week 6: Public launch + marketing

Support: - Stripe Support: https://support.stripe.com - Stripe Dashboard: https://dashboard.stripe.com - CodeSlick Docs: See PHASE_4_WEEK_5_DAY_1_2_COMPLETE.md for security validation

Emergency Contacts: - If payment issue: Check Stripe Dashboard first - If webhook issue: Check Vercel logs - If database issue: Check audit_logs table

---

Document Version: 1.0 Last Updated: October 24, 2025 Ready for Production: ✅ YES