Replit has a native Stripe connector accessible via the /stripe Agent command that auto-scaffolds a complete checkout flow, webhook handler, and database sync in minutes. Type /stripe in the Replit Agent chat, follow the sandbox setup prompts, then install the Replit Integrated Payments Stripe Marketplace app to go live with real transactions.
Why Replit's Native Stripe Integration Is the Fastest Path to Monetization
Adding payments to an app typically requires reading Stripe docs, wiring up a server-side checkout session, configuring webhook endpoints, and manually managing API keys across environments. Replit eliminates most of this friction with its native Stripe connector. When you type /stripe in the Agent chat, Replit provisions a Stripe sandbox, generates a working checkout flow, creates a webhook receiver with signature verification, and stores credentials in your Secrets automatically — all without leaving the editor.
The integration covers the full payment lifecycle. Your app can accept one-time payments via Stripe Checkout, receive real-time payment confirmations through webhooks, and record completed transactions in the built-in PostgreSQL database. The scaffolded code uses the official Stripe Node.js SDK and follows Stripe's recommended patterns for both server-side session creation and webhook handling. This means you get production-quality code, not a prototype.
Going live is a separate step that requires installing the Replit Integrated Payments app from the Stripe Marketplace and providing live API keys. This two-step model — test first, then go live deliberately — helps you validate your payment flow before real money is involved. For high-traffic apps or apps where a missed payment event would be costly, deploying to a Reserved VM rather than Autoscale ensures webhooks are never missed due to cold starts.
Integration method
Replit's native Stripe connector, launched in 2025, integrates directly into the Agent workflow via the /stripe command. The Agent automatically provisions a Stripe sandbox environment, generates a checkout session handler, wires up webhook verification, and syncs transaction data to your workspace PostgreSQL database. Going live requires installing the Replit Integrated Payments app from the Stripe Marketplace and swapping in production API keys.
Prerequisites
- A Replit account (free or Core plan — Core required for Reserved VM deployment)
- A Stripe account — create one free at stripe.com
- A Replit project with a Node.js or Python backend already running
- Basic understanding of how checkout flows work (user clicks buy → checkout page → confirmation)
Step-by-step guide
Run the /stripe command in Replit Agent
Run the /stripe command in Replit Agent
Open your Replit project and click the Agent icon in the left sidebar to open the Agent chat panel. Type /stripe and press Enter. The Agent detects the /stripe command and begins the native Stripe setup workflow. It will ask you a few questions: what kind of payment you want to accept (one-time, subscription, or marketplace), what currency and price points to use, and whether you want a hosted Stripe Checkout page or a custom payment form. Answer these prompts in plain English — for example, 'One-time payment, $49, USD, hosted checkout page.' The Agent then automatically provisions a Stripe sandbox environment linked to your Replit workspace. It generates and stores STRIPE_PUBLISHABLE_KEY, STRIPE_SECRET_KEY, and STRIPE_WEBHOOK_SECRET in your Replit Secrets (visible by clicking the lock icon in the sidebar). You do not need to log in to Stripe or copy any keys manually at this stage — the sandbox credentials are provisioned programmatically.
/stripe
Paste this in Replit chat
Pro tip: If you do not see the /stripe command option, make sure you are using the Agent (not just the chat assistant). The Agent panel has a distinct icon and is available on all Replit plans.
Expected result: The Agent acknowledges the /stripe command and begins asking setup questions. Replit Secrets now contains STRIPE_PUBLISHABLE_KEY, STRIPE_SECRET_KEY, and STRIPE_WEBHOOK_SECRET with sandbox values.
Review the auto-scaffolded checkout and webhook code
Review the auto-scaffolded checkout and webhook code
After the Agent finishes setup, it generates several files in your project. For a Node.js project you will see a server.js (or index.js) with two key routes: a POST /create-checkout-session endpoint that creates a Stripe Checkout session server-side, and a POST /webhook endpoint that receives and verifies Stripe event notifications. The checkout route uses the official stripe Node.js library, reads your STRIPE_SECRET_KEY from process.env, and creates a session with your configured price and redirect URLs. The webhook route uses express.raw() before express.json() — this ordering is critical because Stripe signature verification requires the raw request body before it is parsed. The Agent also generates a frontend page with a checkout button that calls your /create-checkout-session endpoint. Review these files carefully. Common things to customize: the success_url and cancel_url (they default to your Replit development URL — update them to your deployment URL before going live), the product name and description, and the database write that happens on checkout.session.completed.
Show me the checkout and webhook code that was just generated. Explain what each route does and where I need to customize the product name, price, and redirect URLs.
Paste this in Replit chat
1// server.js — auto-generated structure (review and customize)2const express = require('express');3const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);4const app = express();56// Webhook route MUST be before express.json() middleware7app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {8 const sig = req.headers['stripe-signature'];9 let event;10 try {11 event = stripe.webhooks.constructEvent(12 req.body, sig, process.env.STRIPE_WEBHOOK_SECRET13 );14 } catch (err) {15 return res.status(400).send(`Webhook Error: ${err.message}`);16 }1718 if (event.type === 'checkout.session.completed') {19 const session = event.data.object;20 // TODO: update database, unlock access, send confirmation email21 console.log('Payment succeeded for:', session.customer_email);22 }2324 res.json({ received: true });25});2627app.use(express.json());2829app.post('/create-checkout-session', async (req, res) => {30 const session = await stripe.checkout.sessions.create({31 payment_method_types: ['card'],32 line_items: [{ price: process.env.STRIPE_PRICE_ID, quantity: 1 }],33 mode: 'payment',34 success_url: `${process.env.APP_URL}/success?session_id={CHECKOUT_SESSION_ID}`,35 cancel_url: `${process.env.APP_URL}/cancel`,36 });37 res.json({ url: session.url });38});3940app.listen(3000, '0.0.0.0', () => console.log('Server running on port 3000'));Pro tip: The webhook route must be registered before app.use(express.json()). If express.json() runs first, it parses the body and Stripe signature verification will always fail with a 400 error.
Expected result: You can see the scaffolded server.js with both /create-checkout-session and /webhook routes. The code reads Stripe keys from process.env and handles signature verification correctly.
Test the checkout flow in Stripe test mode
Test the checkout flow in Stripe test mode
With the sandbox credentials in place, run your Replit app and click the checkout button on your frontend page. You will be redirected to Stripe's hosted checkout page. Use Stripe's test card number 4242 4242 4242 4242 with any future expiry date and any 3-digit CVC to complete a test payment. After the card is submitted, Stripe redirects to your success_url and fires a checkout.session.completed webhook event to your /webhook endpoint. In Replit's console output you should see 'Payment succeeded for: [your test email]' printed. You can also verify the event in your Stripe Dashboard under Developers > Events — look for the checkout.session.completed event and confirm the webhook delivery status shows 200. Test multiple scenarios: a successful payment, a declined card (use 4000 0000 0000 0002), and a cancelled checkout. Check that each scenario routes correctly to your success or cancel pages and that your database updates happen only on genuine payment success events.
Walk me through testing the Stripe checkout. What test card numbers should I use? How do I verify the webhook fired and my database was updated?
Paste this in Replit chat
Pro tip: Open your Replit app in a new browser tab (not the embedded preview) when testing Stripe. The embedded Replit preview can interfere with OAuth redirects and Stripe's redirect flows.
Expected result: A test payment with card 4242 4242 4242 4242 completes successfully, you see the success page, the /webhook endpoint logs the event, and your database reflects the new order or subscription status.
Deploy to a Reserved VM for reliable webhook reception
Deploy to a Reserved VM for reliable webhook reception
Before going live, deploy your app to a Replit Reserved VM. This is important specifically for webhook reliability. If you use Autoscale Deployment, your server scales to zero when no traffic arrives for several minutes, causing a cold start delay on the first webhook after idle. While Stripe retries webhook deliveries multiple times over 24 hours, a cold start can cause the initial webhook to arrive while the server is still starting up, which may result in a 503 or timeout response and trigger a retry. For payment processing, receiving webhooks without delay and without retry complexity is worth the small additional cost of a Reserved VM (starting around $6/month). To deploy: click the Deploy button in the Replit toolbar, select Reserved VM, choose the machine size appropriate for your traffic, and click Deploy. Copy the deployment URL shown after deploy completes (format: https://your-app-name.replit.app) and update your STRIPE_WEBHOOK_SECRET registration in the Stripe Dashboard to point to your deployment URL's /webhook endpoint. Also update success_url and cancel_url in your checkout session code to use the deployment URL, not the development URL.
Deploy my Stripe payment app as a Reserved VM deployment. After deployment, help me update the webhook endpoint URL in Stripe and the redirect URLs in my checkout code to use the production deployment URL.
Paste this in Replit chat
1# .replit deployment config — ensure port binding is correct2# [[ports]]3# internalPort = 30004# externalPort = 805#6# [deployment]7# run = ["node", "server.js"]8# deploymentTarget = "cloudrun"Pro tip: After deploying, add a new webhook endpoint in your Stripe Dashboard under Developers > Webhooks pointing to https://your-app.replit.app/webhook. The STRIPE_WEBHOOK_SECRET for this new endpoint will differ from your test webhook secret — update it in Replit Secrets and redeploy.
Expected result: Your app is live at https://your-app-name.replit.app, the Stripe webhook endpoint is registered for the deployment URL, and a test webhook delivery from the Stripe Dashboard returns 200.
Go live with Stripe Marketplace Replit Integrated Payments
Go live with Stripe Marketplace Replit Integrated Payments
Going live with real payments requires one additional step beyond swapping test keys for live keys. Replit's native Stripe integration uses the Stripe Marketplace app called 'Replit Integrated Payments' to manage the connection between your Replit workspace and your live Stripe account. In your Stripe Dashboard, navigate to the App Marketplace and search for 'Replit Integrated Payments.' Install the app and authorize it to access your Stripe account. Once installed, the app provisions your live STRIPE_SECRET_KEY and STRIPE_PUBLISHABLE_KEY and links them to your Replit deployment. Back in Replit, click the lock icon to open Secrets and verify that the live keys (starting with sk_live_ and pk_live_) have been injected. Also retrieve your live webhook signing secret from Stripe Dashboard > Developers > Webhooks > your deployment endpoint > Signing secret, and update STRIPE_WEBHOOK_SECRET in Replit Secrets. Redeploy your app one final time to ensure all production secrets are loaded. Run a final end-to-end test with a real card for a small amount to confirm the live flow works, then refund the test charge from your Stripe Dashboard.
I'm ready to go live with Stripe. Help me switch from test mode to live mode. What keys do I need to update in Replit Secrets? What other changes do I need to make before real payments can be accepted?
Paste this in Replit chat
Pro tip: Keep your test-mode secrets (STRIPE_SECRET_KEY_TEST, etc.) stored separately in Replit Secrets as a backup. If something breaks in production, you can swap back to test mode quickly to diagnose without affecting live transactions.
Expected result: Your app accepts real card payments. Live Stripe keys are active in Replit Secrets, the webhook endpoint is receiving live events, and a test live transaction completes and appears in your Stripe Dashboard's live mode payments list.
Common use cases
SaaS Subscription Checkout
A founder building a SaaS tool needs to charge users monthly. The Replit Stripe integration scaffolds a subscription checkout page, handles the payment_intent.succeeded webhook to unlock access, and records subscriber status in the PostgreSQL database.
Add a subscription checkout page using Stripe. When a user clicks Subscribe, create a Stripe checkout session for a $29/month plan. After payment succeeds, update their account status in the database to 'active' and redirect them to the dashboard.
Copy this prompt to try it in Replit
Digital Product One-Time Purchase
An app sells downloadable templates or courses for a one-time fee. The Agent wires up a Stripe Checkout session for each product, listens for the checkout.session.completed webhook, and unlocks download access immediately after payment.
Build a product page where users can buy a $49 template pack. Use Stripe Checkout for the payment. After successful payment, show them a download link. Store the completed order in the database with the customer email and timestamp.
Copy this prompt to try it in Replit
Marketplace Payout Flow
A two-sided marketplace needs to collect payments from buyers and pay out sellers. Using Stripe Connect's express account model, the Agent scaffolds onboarding flows for sellers, split payment routing, and payout management through the Stripe Dashboard.
Set up a marketplace payment flow using Stripe Connect. Sellers should be able to onboard with a Stripe Express account. When a buyer pays, route 80% to the seller and keep 20% as platform fee. Show sellers their pending payouts on a dashboard page.
Copy this prompt to try it in Replit
Troubleshooting
Webhook returns 400 'No signatures found matching the expected signature for payload'
Cause: The webhook route is running after express.json() middleware, which parses and converts the raw request body to a JavaScript object. Stripe's signature verification requires the original raw bytes of the request body. Once parsed by JSON middleware, the raw body is gone and the signature cannot be verified.
Solution: Move your webhook route registration to before app.use(express.json()) in your server file. The webhook route should use express.raw({ type: 'application/json' }) as its own body parser.
1// WRONG — webhook after JSON parser2app.use(express.json());3app.post('/webhook', express.raw({type: 'application/json'}), handler);45// CORRECT — webhook before JSON parser6app.post('/webhook', express.raw({type: 'application/json'}), handler);7app.use(express.json());Stripe checkout redirect loop or success_url shows Replit development domain instead of deployment URL
Cause: The success_url and cancel_url in the checkout session were set to the Replit development domain (ending in .replit.dev or similar) which is only live while the editor is open. When deployed, the development URL is unreachable.
Solution: Store your deployment URL as an APP_URL secret in Replit Secrets and reference it in your checkout session code. After deploying, update APP_URL to your production deployment URL and redeploy.
1const session = await stripe.checkout.sessions.create({2 success_url: `${process.env.APP_URL}/success?session_id={CHECKOUT_SESSION_ID}`,3 cancel_url: `${process.env.APP_URL}/cancel`,4 // ... other options5});Webhooks are missing or delayed intermittently — some payments confirmed in Stripe but not reflected in database
Cause: The app is running as an Autoscale Deployment and has scaled to zero. When Stripe fires the webhook, the server is cold-starting and may not respond in time, causing Stripe to record the initial delivery as failed and queue a retry.
Solution: Switch from Autoscale to Reserved VM Deployment to ensure your server is always running and immediately responsive to webhook events. For lower-traffic apps, Autoscale is generally fine — but for payment webhooks where reliability matters, Reserved VM is the recommended choice.
Best practices
- Always verify Stripe webhook signatures using stripe.webhooks.constructEvent() — never trust incoming webhook data without verification
- Store STRIPE_SECRET_KEY, STRIPE_PUBLISHABLE_KEY, and STRIPE_WEBHOOK_SECRET in Replit Secrets (lock icon), never hardcode them in source files
- Use Stripe's idempotency keys for checkout session creation to prevent duplicate charges if a request is retried
- Test every Stripe webhook event type your app handles using the Stripe CLI or the Send Test Event button in Stripe Dashboard before going live
- Deploy to Reserved VM (not Autoscale) for any app that handles payment webhooks in production to avoid missed events during cold starts
- Use separate Replit Secrets for test keys and live keys — prefix them clearly (e.g., STRIPE_SECRET_KEY_LIVE) and swap only when deliberately going live
- Log all incoming webhook events with their Stripe event ID so you can audit and replay events if your database write fails
- Set spending limits and email alerts in your Stripe Dashboard before going live to catch unexpected charge spikes early
Alternatives
Braintree (owned by PayPal) has no native Replit Agent integration and requires manual SDK setup, but offers PayPal and Venmo payment methods that Stripe does not natively support.
Payoneer focuses on international B2B payouts and freelancer payments rather than checkout flows, making it better suited for marketplace payout infrastructure than consumer-facing payments.
QuickBooks Payments integrates billing with accounting automation, which is useful if you need invoicing and financial reporting alongside payment processing rather than just checkout.
Frequently asked questions
Does the Replit Stripe integration work on the free plan?
The /stripe Agent command and sandbox testing work on all Replit plans including free. However, to deploy your app with a stable URL for production webhooks, you need at minimum Autoscale Deployment, which requires a Core subscription ($25/month). Reserved VM Deployment, which is recommended for payment webhook reliability, also requires Core.
How do I switch from Stripe test mode to live mode in Replit?
Install the Replit Integrated Payments app from the Stripe Marketplace, which provisions live API keys linked to your Stripe account. Then update STRIPE_SECRET_KEY, STRIPE_PUBLISHABLE_KEY, and STRIPE_WEBHOOK_SECRET in Replit Secrets with the live values, and redeploy your app. Do not change any code — the switch is entirely managed through secrets.
Can I use Stripe subscriptions instead of one-time payments?
Yes. When the Agent asks what type of payment you want, specify 'subscription' and the billing interval. The Agent generates a checkout session with mode: 'subscription' and wires up invoice.paid and customer.subscription.updated webhook handlers. You can also prompt the Agent after initial setup to add subscription management features like plan changes and cancellations.
Why does my webhook endpoint return 400 even though my code looks correct?
The most common cause is middleware ordering — if express.json() runs before your webhook route, the raw body is already parsed and Stripe signature verification fails. Ensure your /webhook route is registered before app.use(express.json()). The second most common cause is an outdated STRIPE_WEBHOOK_SECRET — each webhook endpoint in the Stripe Dashboard has its own unique signing secret, so if you created a new endpoint, update the secret in Replit Secrets and redeploy.
Does Replit support Stripe Connect for marketplace payouts?
Yes. Stripe Connect (for paying out third parties) can be built on Replit using the Stripe SDK's connect API. The /stripe command focuses on direct payments, but you can prompt the Agent to add Connect account onboarding and transfer flows after initial setup. The Stripe Marketplace app needs to be connected with the appropriate platform capabilities enabled in your Stripe account settings.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation