modul 3 — shipping to production
payments: checkout and the webhook
Stripe hosts the payment page, so card data never touches your code. Your work is the webhook: the signed message that tells your database who paid.
~3 min read · ~11 min with the exercise · v1.1 · verified: 2026-07-15
the part you build, and the part you rent
A card number in your database makes you a compliance project. Payment providers exist so that never happens: with Stripe Checkout, the buyer pays on a page Stripe hosts, and your code sees the outcome, never the card. Two pieces remain yours to build:
- the checkout call: your server creates a Checkout Session with the price and redirects the buyer to Stripe
- the webhook (an HTTP endpoint on your server that the provider calls when something happens on your account: a payment, a cancellation, a failed charge): the endpoint where Stripe reports what happened
The webhook carries the module's weight. Subscriptions live asynchronously (Stripe's subscription docs): renewals succeed, cards expire, users cancel, and each event arrives at your endpoint days or months after the original checkout. Your database learns who has access from these events.