Stripe Integration
CODITECT uses Stripe for secure payment processing. This guide covers Stripe configuration for custom integrations.
Overview
Stripe powers CODITECT's billing system:
- Subscription management
- Payment processing
- Invoice generation
- Tax calculation
For Users
Supported Payment Methods
| Method | Regions |
|---|---|
| Credit/Debit Cards | Worldwide |
| Google Pay | Worldwide |
| Apple Pay | Worldwide |
| Bank Transfer | Enterprise only |
Card Security
All payments are:
- PCI DSS Level 1 compliant
- Encrypted with TLS 1.3
- Tokenized (we never see full card numbers)
Update Payment Method
- Go to Settings → Billing → Payment Methods
- Click Add Payment Method
- Enter card details or use digital wallet
- Click Save
For Developers
Webhook Integration
If building custom billing integrations, configure Stripe webhooks:
Create Webhook Endpoint
curl -X POST https://api.coditect.ai/v1/webhooks \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://yourapp.com/webhooks/billing",
"events": [
"subscription.created",
"subscription.updated",
"subscription.canceled",
"invoice.paid",
"invoice.payment_failed"
]
}'
Handle Stripe Events
CODITECT forwards relevant Stripe events as webhook payloads:
from flask import Flask, request
import hmac
import hashlib
app = Flask(__name__)
WEBHOOK_SECRET = "whsec_xxx..."
@app.route("/webhooks/billing", methods=["POST"])
def handle_billing_webhook():
payload = request.get_data()
signature = request.headers.get("X-Coditect-Signature")
# Verify signature
if not verify_signature(payload, signature, WEBHOOK_SECRET):
return "Invalid signature", 400
event = request.get_json()
if event["type"] == "invoice.paid":
handle_successful_payment(event["data"]["object"])
elif event["type"] == "invoice.payment_failed":
handle_failed_payment(event["data"]["object"])
elif event["type"] == "subscription.canceled":
handle_cancellation(event["data"]["object"])
return "OK", 200
def handle_successful_payment(invoice):
"""Process successful payment."""
print(f"Payment received: ${invoice['amount_paid'] / 100}")
# Update your systems
def handle_failed_payment(invoice):
"""Handle payment failure."""
print(f"Payment failed for: {invoice['customer_email']}")
# Notify user, retry logic
def handle_cancellation(subscription):
"""Handle subscription cancellation."""
print(f"Subscription canceled: {subscription['id']}")
# Revoke access at period end
Subscription Lifecycle
Customer creates subscription
│
▼
┌─────────────────────────┐
│ subscription.created │ → Grant access
└──────────┬──────────────┘
│
▼
┌─────────────────────────┐
│ invoice.created │ → Invoice generated
└──────────┬──────────────┘
│
▼
┌──────┴──────┐
│ │
▼ ▼
┌─────────┐ ┌─────────────────┐
│ invoice │ │ invoice.payment │
│ .paid │ │ _failed │
└────┬────┘ └───────┬─────────┘
│ │
│ ▼
│ ┌─────────────────┐
│ │ Retry (3 times) │
│ └───────┬─────────┘
│ │
│ ▼
│ ┌─────────────────┐
│ │ subscription │ → Revoke access
│ │ .canceled │
│ └─────────────────┘
│
▼
Continue billing cycle
Testing with Stripe
Use test mode for development:
# Set test API key
export CODITECT_API_KEY="cdt_test_xxx..."
# Test card numbers
4242424242424242 # Successful payment
4000000000000002 # Card declined
4000002500003155 # Requires authentication
Stripe Customer Portal
Allow customers to self-manage billing:
# Generate portal session
curl -X POST https://api.coditect.ai/v1/billing/portal-session \
-H "Authorization: Bearer YOUR_TOKEN"
# Response
{
"data": {
"url": "https://billing.stripe.com/session/xxx",
"expires_at": "2026-01-09T11:00:00Z"
}
}
Redirect users to this URL for:
- Updating payment methods
- Viewing invoices
- Canceling subscriptions
Billing Events
Subscription Events
| Event | Description |
|---|---|
subscription.created | New subscription started |
subscription.updated | Subscription modified |
subscription.canceled | Subscription canceled |
subscription.trial_ended | Free trial completed |
Invoice Events
| Event | Description |
|---|---|
invoice.created | Invoice generated |
invoice.paid | Payment successful |
invoice.payment_failed | Payment attempt failed |
invoice.upcoming | Invoice due soon |
Payment Events
| Event | Description |
|---|---|
payment_method.attached | Card added |
payment_method.detached | Card removed |
payment_intent.succeeded | One-time payment success |
payment_intent.failed | One-time payment failed |
Pricing API
Get Current Prices
curl https://api.coditect.ai/v1/plans
{
"data": [
{
"id": "plan_starter",
"name": "Starter",
"price": 0,
"stripe_price_id": "price_xxx"
},
{
"id": "plan_pro",
"name": "Professional",
"price": 4900,
"stripe_price_id": "price_yyy"
}
]
}
Create Checkout Session
For custom checkout flows:
curl -X POST https://api.coditect.ai/v1/billing/checkout \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"plan_id": "plan_pro",
"quantity": 10,
"success_url": "https://yourapp.com/success",
"cancel_url": "https://yourapp.com/cancel"
}'
{
"data": {
"checkout_url": "https://checkout.stripe.com/c/pay/xxx",
"session_id": "cs_xxx"
}
}
Compliance
PCI DSS
CODITECT is PCI DSS Level 1 compliant:
- No card data stored on our servers
- All processing through Stripe
- Regular security audits
SCA (Strong Customer Authentication)
EU payments automatically comply with SCA:
- 3D Secure 2.0 enabled
- Risk-based authentication
- Frictionless when possible
Tax Compliance
CODITECT handles tax calculation:
- Automatic tax rate determination
- Tax ID validation (VAT, GST)
- Invoices include tax breakdown