Minimal Payment Infrastructure
Production payments. Webhook validation. Error handling. Express server on port 3000.
// Complete payment server
const express = require('express');
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
const app = express();
app.post('/create-payment-intent', async (req, res) => {
const { amount } = req.body;
const paymentIntent = await stripe.paymentIntents.create({
amount: amount * 100,
currency: 'usd'
});
res.json({ client_secret: paymentIntent.client_secret });
});
app.listen(3000);
Webhook Security
Stripe sends events. Verify signatures. Process payments securely.
app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => {
const signature = req.headers['stripe-signature'];
try {
const event = stripe.webhooks.constructEvent(
req.body,
signature,
process.env.STRIPE_WEBHOOK_SECRET
);
if (event.type === 'payment_intent.succeeded') {
handlePaymentSuccess(event.data.object);
}
res.json({received: true});
} catch (err) {
res.status(400).send(`Webhook Error: ${err.message}`);
}
});
Production Considerations
CORS enabled. Rate limiting applied. Environment variables secured. Health checks active.
// Security middleware
app.use(cors({
origin: process.env.CORS_ORIGINS?.split(',') || ['http://localhost:3000']
}));
app.use('/api', rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // requests per window
}));
app.get('/health', (req, res) => res.json({ status: 'ok' }));
Why So Simple
Stripe handles complexity. PCI compliance included. Fraud detection built-in. International payments supported.
Deployed on Digital Ocean. PM2 process management. Nginx reverse proxy. SSL certificates automated.
Built for my portfolio's contribution system. Processes donations without database requirements.