stripe/stripe-best-practices

Latest Stripe API version: 2026-04-22.dahlia. Always use the latest API version and SDK unless the user specifies otherwise.

Integration routing

Building…	Recommended API	Details
One-time payments	Checkout Sessions	<references/payments.md>
Custom payment form with embedded UI	Checkout Sessions + Payment Element	<references/payments.md>
Saving a payment method for later	Setup Intents	<references/payments.md>
Connect platform or marketplace	Accounts v2 (`/v2/core/accounts`)	<references/connect.md>
Subscriptions or recurring billing	Billing APIs + Checkout Sessions	<references/billing.md>
Embedded financial accounts / banking	v2 Financial Accounts	<references/treasury.md>
Security (key management, RAKs, webhooks, OAuth, 2FA, Connect liability)	See security reference	<references/security.md>

Read the relevant reference file before answering any integration question or writing code.

Key documentation

When the user’s request does not clearly fit a single domain above, consult:

Integration Options — Start here when designing any integration.
API Tour — Overview of Stripe’s API surface.
Go Live Checklist — Review before launching.

Files6

6 files · 18.4 KB

Select a file to preview

Overall Score

89/100

Grade

A

Excellent

Safety

95

Quality

88

Clarity

87

Completeness

84

Summary

A decision-guidance skill for Stripe integrations that routes developers to the correct APIs and best practices based on their use case. It documents four reference modules (payments, connect, billing, treasury, security) covering API selection, platform setup, security patterns, and deprecated migration paths. The skill does not execute code or modify files; it provides structured routing logic and security guardrails.

Detected Capabilities

API routing and selection guidance based on use caseSecurity best practices documentation (key management, webhooks, OAuth, 2FA, Connect liability)Integration pattern recommendations (Checkout, Payment Element, Setup Intents)Deprecated API identification and migration path documentationConnect platform setup guidance (Accounts v2, controller properties, charge types)Billing and subscription design patterns (recurring revenue, pricing models)Reference file lookup and structured decision trees

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

stripe integrationchoose payment apistripe connect setupsubscription billingapi key securitystripe migrationwebhook verificationconnect marketplace

Risk Signals

INFO

References to Stripe Dashboard, API keys page, and support resources

references/security.md: lines mentioning dashboard.stripe.com, support.stripe.com

INFO

Documentation of security antipatterns (hardcoded keys, logging keys, unverified webhooks)

references/security.md: API keys section, webhook security section

INFO

Explicit guidance against embedding secret keys in source code or client-side code

references/security.md: API keys section, Mobile and client-side integrations section

INFO

No shell commands, file writes, or code execution patterns detected

entire skill content

Referenced Domains

External domains referenced in skill content, detected by static analysis.

dashboard.stripe.comdocs.stripe.comsupport.stripe.com

Use Cases

Choosing between Checkout Sessions and PaymentIntents for a new payment integration
Setting up a Connect marketplace with Accounts v2 API and controller properties
Migrating a subscription system from legacy Stripe APIs to current Billing APIs
Implementing Stripe security best practices (API key management, restricted keys, webhook verification)
Reviewing an existing Stripe integration for deprecated APIs and compliance gaps
Designing a multi-tenant SaaS billing system with subscriptions and usage-based pricing
Setting up financial accounts for an embedded banking integration

Quality Notes

Excellent documentation structure with clear table-of-contents hierarchy and cross-references to external documentation
Strong security guidance with specific antipatterns flagged ('Traps to avoid' sections are well-written and actionable)
Reference files are comprehensive and well-organized by domain (payments, billing, connect, treasury, security)
API versioning is explicitly documented (latest version: 2026-04-22.dahlia) with clear instruction to use latest unless specified
Clear routing logic via integration table with context references to specific files for each use case
Security best practices section covers both technical controls (signature verification, IP allowlists) and operational practices (key rotation, incident response)
Good coverage of deprecated APIs with explicit migration paths (Charges API, Sources API, Card Element)
Consistent use of emphasis for key warnings ('Never', 'Always', 'Do not') makes guidance scannable and memorable
Restricted API Keys (RAKs) guidance includes practical migration procedure with testing steps
Connect section explicitly warns against legacy terminology ('Standard', 'Express', 'Custom') in favor of controller properties
All external references use consistent markdown link syntax and point to official Stripe documentation
No ambiguity in API recommendations — one recommended path per use case with clear reasoning

Model: claude-haiku-4-5-20251001Analyzed: May 2, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

stripe-best-practices

Integration routing

Key documentation

Summary

Detected Capabilities

Trigger Keywords

Risk Signals

Referenced Domains

Use Cases

Quality Notes

Reviews

Command Palette