[{"data":1,"prerenderedAt":176},["ShallowReactive",2],{"blog-launch/stripe-integration":3},{"id":4,"title":5,"body":6,"category":156,"date":157,"dateModified":157,"description":158,"draft":159,"extension":160,"faq":161,"featured":159,"headerVariant":162,"image":161,"keywords":161,"meta":163,"navigation":164,"ogDescription":165,"ogTitle":166,"path":167,"readTime":161,"schemaOrg":168,"schemaType":169,"seo":170,"sitemap":171,"stem":172,"tags":173,"twitterCard":174,"__hash__":175},"blog/blog/launch/stripe-integration.md","Stripe Integration Launch Security Checklist: 14 Items Before Going Live",{"type":7,"value":8,"toc":150},"minimark",[9,19,22,44,63,79,94,110,115,118,121],[10,11,12,16],"tldr",{},[13,14,15],"p",{},"TL;DR",[13,17,18],{},"Before accepting real payments, switch from test to live keys, verify webhooks are secured with signatures, ensure the secret key never touches the browser, test the full payment flow with a real card, and enable Stripe Radar for fraud protection.",[20,21],"print-button",{},[23,24,27,32,36,40],"checklist-section",{"count":25,"title":26},"4","API Keys",[28,29],"checklist-item",{"description":30,"label":31},"Replace test keys (sk_test_, pk_test_) with live keys (sk_live_, pk_live_)","Switch to live mode keys",[28,33],{"description":34,"label":35},"sk_live_ must NEVER appear in browser code or client bundles","Secret key is server-side only",[28,37],{"description":38,"label":39},"pk_live_ can be in client code. Verify it's the right one.","Publishable key is correct",[28,41],{"description":42,"label":43},"Not hardcoded in source files. Check your deployment config.","Keys are in environment variables",[23,45,47,51,55,59],{"count":25,"title":46},"Webhooks",[28,48],{"description":49,"label":50},"Add your production webhook URL in Stripe Dashboard","Webhooks endpoint is set up",[28,52],{"description":53,"label":54},"Always verify stripe-signature header. Never trust webhook data blindly.","Verify webhook signatures",[28,56],{"description":57,"label":58},"Stripe retries failed webhooks. Make your handler idempotent.","Handle failed webhooks",[28,60],{"description":61,"label":62},"At minimum: checkout.session.completed, invoice.paid, customer.subscription.*","Subscribe to relevant events",[23,64,67,71,75],{"count":65,"title":66},"3","Payment Security",[28,68],{"description":69,"label":70},"Stripe's fraud detection is included. Verify it's active.","Enable Stripe Radar",[28,72],{"description":73,"label":74},"Never handle raw card numbers. Use Stripe's secure components.","Use Stripe Checkout or Elements",[28,76],{"description":77,"label":78},"Do a small real transaction to verify the full flow works","Test with a real card",[23,80,82,86,90],{"count":65,"title":81},"Business Settings",[28,83],{"description":84,"label":85},"Fill out business details to avoid payout holds","Complete Stripe account verification",[28,87],{"description":88,"label":89},"Configure when you receive funds","Set up payout schedule",[28,91],{"description":92,"label":93},"Understand Stripe's policies before issues arise","Review refund and dispute settings",[95,96,97,104],"faq-section",{},[98,99,101],"faq-item",{"question":100},"Can I use test keys in production?",[13,102,103],{},"No. Test keys only create test charges that don't process real money. You must switch to live keys (sk_live_, pk_live_) to accept real payments.",[98,105,107],{"question":106},"Is it safe to put the publishable key in my frontend?",[13,108,109],{},"Yes, the publishable key (pk_) is designed for client-side use. It can only create tokens and cannot access your Stripe account data. The secret key (sk_) must stay server-side.",[111,112,114],"h3",{"id":113},"scan-your-stripe-integration","Scan Your Stripe Integration",[13,116,117],{},"Find exposed keys and security issues before launch.",[13,119,120],{},"Start Free Scan",[122,123,124,130,135,140,145],"related-articles",{},[125,126],"related-card",{"description":127,"href":128,"title":129},"Pre-launch security checklist for Netlify deployments. 14 essential items covering environment variables, headers, and p","/blog/launch/netlify-deployment","Netlify Deployment Launch Security Checklist: 14 Items Before Going Live",[125,131],{"description":132,"href":133,"title":134},"Pre-launch security checklist for Next.js applications. 18 essential items covering API routes, middleware, environment ","/blog/launch/nextjs-app","Next.js Launch Security Checklist: 18 Items Before Going Live",[125,136],{"description":137,"href":138,"title":139},"Pre-launch security checklist for Node.js APIs. 16 essential items covering authentication, input validation, rate limit","/blog/launch/node-api","Node.js API Launch Security Checklist: 16 Items Before Going Live",[125,141],{"description":142,"href":143,"title":144},"Security checklist for public API launches. 16 essential items to verify before opening your API to external developers,","/blog/launch/api-public-launch","API Public Launch Security Checklist: 16 Items Before Opening Your API",[125,146],{"description":147,"href":148,"title":149},"Security checklist for beta launches. 14 essential items to verify before inviting your first beta users, including data","/blog/launch/beta-launch","Beta Launch Security Checklist: 14 Items Before Inviting Beta Users",{"title":151,"searchDepth":152,"depth":152,"links":153},"",2,[154],{"id":113,"depth":155,"text":114},3,"launch","2026-02-17","Pre-launch security checklist for Stripe integrations. 14 essential items covering API keys, webhooks, and payment security before accepting real payments.",false,"md",null,"orange",{},true,"Pre-launch security checklist for Stripe. 14 items before accepting payments.","Stripe Integration Launch Security Checklist","/blog/launch/stripe-integration","[object Object]","Article",{"title":5,"description":158},{"loc":167},"blog/launch/stripe-integration",[],"summary_large_image","zrZ9s1M3IsOwke0E3w3cWh9WDvK0_v69B1BkpDbFgpI",1775843935493]