Vendors
Vendors
Section titled “Vendors”Last updated: 2026-05-25
Stripe
Section titled “Stripe”- Purpose: Payment processor — PaymentIntents API for card capture, Stripe-hosted checkout, refunds
- SDK: Raw
reqwestHTTP (30s timeout, Basic Auth with secret key as username); no stripe-rust crate - Accounts per env: DEV: test mode keys | PROD: live mode keys
- Secrets location: Fly.io secret
STRIPE_SECRET_KEY(api-rest + finstack-worker); Fly.io secretSTRIPE_WEBHOOK_SECRET(api-rest only) - API version: PaymentIntents v1 — manual capture flow (
capture_method=manual) - Idempotency: All Stripe API calls set
Idempotency-Key: {payment_id}(create),{payment_id}/capture,{payment_id}/cancel,{refund_id}(refund) - Webhook:
POST /webhooks/stripe— HMAC-SHA256 signature validation, 300s replay tolerance, idempotency guard viastripe_webhook_events.stripe_event_id - Data storage:
payments.stripe_payment_intent_id,payments.stripe_processor_status,refunds.stripe_refund_id,stripe_webhook_events,stripe_tenant_configs
Vendor Template
Section titled “Vendor Template”[Vendor Name]
Section titled “[Vendor Name]”- Purpose:
- Accounts per env: DEV: | STAGE: | PROD:
- Secrets location: [Cloudflare Worker secret VENDOR_API_KEY]
- API version:
- Pricing:
- Data storage:
- Reconciliation: