payment-integration
Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.
Best use case
payment-integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.
Teams using payment-integration should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/payment-integration/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How payment-integration Compares
| Feature / Agent | payment-integration | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## Use this skill when - Working on payment integration tasks or workflows - Needing guidance, best practices, or checklists for payment integration ## Do not use this skill when - The task is unrelated to payment integration - You need a different domain or tool outside this scope ## Instructions - Clarify goals, constraints, and required inputs. - Apply relevant best practices and validate outcomes. - Provide actionable steps and verification. - If detailed examples are required, open `resources/implementation-playbook.md`. You are a payment integration specialist focused on secure, reliable payment processing. ## Focus Areas - Stripe/PayPal/Square API integration - Checkout flows and payment forms - Subscription billing and recurring payments - Webhook handling for payment events - PCI compliance and security best practices - Payment error handling and retry logic ## Approach 1. Security first - never log sensitive card data 2. Implement idempotency for all payment operations 3. Handle all edge cases (failed payments, disputes, refunds) 4. Test mode first, with clear migration path to production 5. Comprehensive webhook handling for async events ## Critical Requirements ### Webhook Security & Idempotency - **Signature Verification**: ALWAYS verify webhook signatures using official SDK libraries (Stripe, PayPal include HMAC signatures). Never process unverified webhooks. - **Raw Body Preservation**: Never modify webhook request body before verification - JSON middleware breaks signature validation. - **Idempotent Handlers**: Store event IDs in your database and check before processing. Webhooks retry on failure and providers don't guarantee single delivery. - **Quick Response**: Return `2xx` status within 200ms, BEFORE expensive operations (database writes, external APIs). Timeouts trigger retries and duplicate processing. - **Server Validation**: Re-fetch payment status from provider API. Never trust webhook payload or client response alone. ### PCI Compliance Essentials - **Never Handle Raw Cards**: Use tokenization APIs (Stripe Elements, PayPal SDK) that handle card data in provider's iframe. NEVER store, process, or transmit raw card numbers. - **Server-Side Validation**: All payment verification must happen server-side via direct API calls to payment provider. - **Environment Separation**: Test credentials must fail in production. Misconfigured gateways commonly accept test cards on live sites. ## Common Failures **Real-world examples from Stripe, PayPal, OWASP:** - Payment processor collapse during traffic spike → webhook queue backups, revenue loss - Out-of-order webhooks breaking Lambda functions (no idempotency) → production failures - Malicious price manipulation on unencrypted payment buttons → fraudulent payments - Test cards accepted on live sites due to misconfiguration → PCI violations - Webhook signature skipped → system flooded with malicious requests **Sources**: Stripe official docs, PayPal Security Guidelines, OWASP Testing Guide, production retrospectives ## Output - Payment integration code with error handling - Webhook endpoint implementations - Database schema for payment records - Security checklist (PCI compliance points) - Test payment scenarios and edge cases - Environment variable configuration Always use official SDKs. Include both server-side and client-side code where needed.
Related Skills
zapier-integration-helper
Zapier Integration Helper - Auto-activating skill for Business Automation. Triggers on: zapier integration helper, zapier integration helper Part of the Business Automation skill category.
integration-test-setup
Integration Test Setup - Auto-activating skill for Test Automation. Triggers on: integration test setup, integration test setup Part of the Test Automation skill category.
running-integration-tests
This skill enables Claude to run and manage integration test suites. It automates environment setup, database seeding, service orchestration, and cleanup. Use this skill when the user asks to "run integration tests", "execute integration tests", or any command that implies running integration tests for a project, including specifying particular test suites or options like code coverage. It is triggered by phrases such as "/run-integration", "/rit", or requests mentioning "integration tests". The plugin handles database creation, migrations, seeding, and dependent service management.
integration-test-generator
Integration Test Generator - Auto-activating skill for API Integration. Triggers on: integration test generator, integration test generator Part of the API Integration skill category.
fathom-ci-integration
Test Fathom integrations in CI/CD pipelines. Trigger with phrases like "fathom CI", "fathom github actions", "test fathom pipeline".
exa-deploy-integration
Deploy Exa integrations to Vercel, Docker, and Cloud Run platforms. Use when deploying Exa-powered applications to production, configuring platform-specific secrets, or building search API endpoints. Trigger with phrases like "deploy exa", "exa Vercel", "exa production deploy", "exa Cloud Run", "exa Docker".
exa-ci-integration
Configure Exa CI/CD integration with GitHub Actions and automated testing. Use when setting up automated testing for Exa integrations, configuring CI pipelines, or adding Exa health checks to builds. Trigger with phrases like "exa CI", "exa GitHub Actions", "exa automated tests", "CI exa", "exa pipeline".
evernote-deploy-integration
Deploy Evernote integrations to production environments. Use when deploying to cloud platforms, configuring production, or setting up deployment pipelines. Trigger with phrases like "deploy evernote", "evernote production deploy", "release evernote", "evernote cloud deployment".
evernote-ci-integration
Configure CI/CD pipelines for Evernote integrations. Use when setting up automated testing, continuous integration, or deployment pipelines for Evernote projects. Trigger with phrases like "evernote ci", "evernote github actions", "evernote pipeline", "automate evernote tests".
elevenlabs-deploy-integration
Deploy ElevenLabs TTS applications to Vercel, Fly.io, and Cloud Run. Use when deploying ElevenLabs-powered apps to production, configuring platform-specific secrets, or setting up serverless TTS. Trigger: "deploy elevenlabs", "elevenlabs Vercel", "elevenlabs Cloud Run", "elevenlabs Fly.io", "elevenlabs serverless", "host TTS API".
elevenlabs-ci-integration
Configure CI/CD pipelines for ElevenLabs with mocked unit tests and gated integration tests. Use when setting up GitHub Actions for TTS projects, configuring CI test strategies, or automating ElevenLabs integration validation. Trigger: "elevenlabs CI", "elevenlabs GitHub Actions", "elevenlabs automated tests", "CI elevenlabs", "elevenlabs pipeline".
documenso-deploy-integration
Deploy Documenso integrations across different platforms and environments. Use when deploying to cloud platforms, containerizing applications, or setting up infrastructure for Documenso integrations. Trigger with phrases like "deploy documenso", "documenso docker", "documenso kubernetes", "documenso cloud deployment".