Stripe Payment Gateway Implementation in Node.js
Stripe is one of the most popular and developer-friendly payment gateways used to accept online payments securely. In this guide, we will learn how to integrate Stripe in a Node.js backend application step by step.
Why Choose Stripe?
- Easy API integration
- Strong security and compliance
- Supports cards, wallets, and international payments
- Excellent documentation
Prerequisites
- Node.js installed
- Basic knowledge of Express.js
- Stripe account
Create a Stripe Account
First, create a free Stripe account from the official website:
After signing up, get your Secret Key from the Stripe Dashboard.
Install Required Packages
Install Stripe and Express in your Node.js project:
npm install stripe express dotenv
Basic Project Setup
const express = require('express');\nconst Stripe = require('stripe');\nrequire('dotenv').config();\n\nconst app = express();\napp.use(express.json());\n\nconst stripe = new Stripe(process.env.STRIPE_SECRET_KEY);\n
Create Payment Intent (Core Concept)
Stripe uses Payment Intents to handle payments securely.
app.post('/create-payment-intent', async (req, res) => {\n try {\n const { amount } = req.body;\n\n const paymentIntent = await stripe.paymentIntents.create({\n amount: amount * 100,\n currency: 'usd',\n automatic_payment_methods: { enabled: true }\n });\n\n res.status(200).json({\n clientSecret: paymentIntent.client_secret\n });\n } catch (error) {\n res.status(500).json({ error: error.message });\n }\n});
How Payment Flow Works
- Client sends payment amount
- Backend creates Payment Intent
- Stripe returns clientSecret
- Frontend completes payment using Stripe SDK
Handling Webhooks (Important)
Webhooks allow Stripe to notify your backend about payment events.
Official docs:
https://stripe.com/docs/webhooks
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {\n const sig = req.headers['stripe-signature'];\n let event;\n\n try {\n event = stripe.webhooks.constructEvent(\n req.body,\n sig,\n process.env.STRIPE_WEBHOOK_SECRET\n );\n } catch (err) {\n return res.status(400).send(Webhook Error: ${err.message});\n }\n\n if (event.type === 'payment_intent.succeeded') {\n const paymentIntent = event.data.object;\n console.log('Payment successful:', paymentIntent.id);\n }\n\n res.json({ received: true });\n});
Security Best Practices
- Never expose Stripe Secret Key to frontend
- Always validate amounts on backend
- Use HTTPS
- Verify webhook signatures
Useful Stripe Documentation Links
Conclusion
Stripe provides a secure and scalable way to handle payments in Node.js applications. By using Payment Intents and Webhooks, you can build a production-ready payment system with confidence.
