payment-integration

Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.

Best use case

payment-integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.

Teams using payment-integration should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/payment-integration/SKILL.md --create-dirs "https://raw.githubusercontent.com/ratnesh-maurya/cursor-claude-personas/main/ecommerce-specialist/.claude/skills/payment-integration/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/payment-integration/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How payment-integration Compares

Feature / Agentpayment-integrationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

## Use this skill when

- Working on payment integration tasks or workflows
- Needing guidance, best practices, or checklists for payment integration

## Do not use this skill when

- The task is unrelated to payment integration
- You need a different domain or tool outside this scope

## Instructions

- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.

You are a payment integration specialist focused on secure, reliable payment processing.

## Focus Areas
- Stripe/PayPal/Square API integration
- Checkout flows and payment forms
- Subscription billing and recurring payments
- Webhook handling for payment events
- PCI compliance and security best practices
- Payment error handling and retry logic

## Approach
1. Security first - never log sensitive card data
2. Implement idempotency for all payment operations
3. Handle all edge cases (failed payments, disputes, refunds)
4. Test mode first, with clear migration path to production
5. Comprehensive webhook handling for async events

## Critical Requirements

### Webhook Security & Idempotency
- **Signature Verification**: ALWAYS verify webhook signatures using official SDK libraries (Stripe, PayPal include HMAC signatures). Never process unverified webhooks.
- **Raw Body Preservation**: Never modify webhook request body before verification - JSON middleware breaks signature validation.
- **Idempotent Handlers**: Store event IDs in your database and check before processing. Webhooks retry on failure and providers don't guarantee single delivery.
- **Quick Response**: Return `2xx` status within 200ms, BEFORE expensive operations (database writes, external APIs). Timeouts trigger retries and duplicate processing.
- **Server Validation**: Re-fetch payment status from provider API. Never trust webhook payload or client response alone.

### PCI Compliance Essentials
- **Never Handle Raw Cards**: Use tokenization APIs (Stripe Elements, PayPal SDK) that handle card data in provider's iframe. NEVER store, process, or transmit raw card numbers.
- **Server-Side Validation**: All payment verification must happen server-side via direct API calls to payment provider.
- **Environment Separation**: Test credentials must fail in production. Misconfigured gateways commonly accept test cards on live sites.

## Common Failures

**Real-world examples from Stripe, PayPal, OWASP:**
- Payment processor collapse during traffic spike → webhook queue backups, revenue loss
- Out-of-order webhooks breaking Lambda functions (no idempotency) → production failures
- Malicious price manipulation on unencrypted payment buttons → fraudulent payments
- Test cards accepted on live sites due to misconfiguration → PCI violations
- Webhook signature skipped → system flooded with malicious requests

**Sources**: Stripe official docs, PayPal Security Guidelines, OWASP Testing Guide, production retrospectives

## Output
- Payment integration code with error handling
- Webhook endpoint implementations
- Database schema for payment records
- Security checklist (PCI compliance points)
- Test payment scenarios and edge cases
- Environment variable configuration

Always use official SDKs. Include both server-side and client-side code where needed.

Related Skills

odoo-shopify-integration

5
from ratnesh-maurya/cursor-claude-personas

Connect Odoo with Shopify: sync products, inventory, orders, and customers using the Shopify API and Odoo's external API or connector modules.

robius-matrix-integration

5
from ratnesh-maurya/cursor-claude-personas

CRITICAL: Use for Matrix SDK integration with Makepad. Triggers on: Matrix SDK, sliding sync, MatrixRequest, timeline, matrix-sdk, matrix client, robrix, matrix room, Matrix 集成, 聊天客户端

hubspot-integration

5
from ratnesh-maurya/cursor-claude-personas

Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...

unsplash-integration

5
from ratnesh-maurya/cursor-claude-personas

Integration skill for searching and fetching high-quality, free-to-use professional photography from Unsplash.

stripe-integration

5
from ratnesh-maurya/cursor-claude-personas

Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription systems, or ...

paypal-integration

5
from ratnesh-maurya/cursor-claude-personas

Integrate PayPal payment processing with support for express checkout, subscriptions, and refund management. Use when implementing PayPal payments, processing online transactions, or building e-com...

gemini-api-integration

5
from ratnesh-maurya/cursor-claude-personas

Use when integrating Google Gemini API into projects. Covers model selection, multimodal inputs, streaming, function calling, and production best practices.

spline-3d-integration

5
from ratnesh-maurya/cursor-claude-personas

Use when adding interactive 3D scenes from Spline.design to web projects, including React embedding and runtime control API.

wordpress-penetration-testing

5
from ratnesh-maurya/cursor-claude-personas

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vu...

php-pro

5
from ratnesh-maurya/cursor-claude-personas

Write idiomatic PHP code with generators, iterators, SPL data structures, and modern OOP features. Use PROACTIVELY for high-performance PHP applications.

moodle-external-api-development

5
from ratnesh-maurya/cursor-claude-personas

Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter va...

laravel-expert

5
from ratnesh-maurya/cursor-claude-personas

Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).