# STRIPE CONFIGURATION FOR PRODUCTION DEPLOYMENT ## CRITICAL: Required Environment Variables Your RateRight app requires these Stripe environment variables to be configured for production deployment: ### Production Environment Variables (.env or deployment configuration): ```bash # === REQUIRED FOR APP TO START === SECRET_KEY= # === STRIPE CONFIGURATION === STRIPE_PUBLISHABLE_KEY=pk_live_... # From Stripe Dashboard -> Developers -> API Keys STRIPE_SECRET_KEY=sk_live_... # From Stripe Dashboard -> Developers -> API Keys STRIPE_WEBHOOK_SECRET=whsec_... # From Stripe Dashboard -> Developers -> Webhooks # === DATABASE === DATABASE_URL=postgresql://username:password@host:port/database ``` ### For Testing/Staging Environment: ```bash # === TESTING STRIPE KEYS === STRIPE_PUBLISHABLE_KEY=pk_test_... # Test keys from Stripe Dashboard STRIPE_SECRET_KEY=sk_test_... # Test keys from Stripe Dashboard STRIPE_WEBHOOK_SECRET=whsec_... # Test webhook endpoint secret ``` ## Step-by-Step Setup Instructions ### 1. Get Stripe API Keys 1. Log into your [Stripe Dashboard](https://dashboard.stripe.com/) 2. Navigate to **Developers** → **API Keys** 3. Copy your keys: - **Publishable key**: `pk_live_...` (for frontend) - **Secret key**: `sk_live_...` (for backend - keep secure!) ### 2. Set Up Webhook Endpoint 1. In Stripe Dashboard: **Developers** → **Webhooks** 2. Click **Add endpoint** 3. Set URL: `https://yourdomain.com/stripe/webhook` 4. Select events you need (or select all) 5. Copy the **Signing secret**: `whsec_...` ### 3. Configure Your Deployment #### For Fly.io: ```bash fly secrets set STRIPE_PUBLISHABLE_KEY=pk_live_... fly secrets set STRIPE_SECRET_KEY=sk_live_... fly secrets set STRIPE_WEBHOOK_SECRET=whsec_... ``` #### For Heroku: ```bash heroku config:set STRIPE_PUBLISHABLE_KEY=pk_live_... heroku config:set STRIPE_SECRET_KEY=sk_live_... heroku config:set STRIPE_WEBHOOK_SECRET=whsec_... ``` #### For Docker/Local .env: ```bash # Create .env file in project root echo "STRIPE_PUBLISHABLE_KEY=pk_live_..." >> .env echo "STRIPE_SECRET_KEY=sk_live_..." >> .env echo "STRIPE_WEBHOOK_SECRET=whsec_..." >> .env ``` ## Current Code Status ✅ **FIXED:** Added missing Stripe configuration to `app/config.py` ✅ **READY:** Stripe validation function in `app/services/stripe_service.py` ✅ **FEATURE FLAG:** Payments disabled by default (`FEATURES['payments'] = False`) ## Security Notes 🔐 **NEVER commit Stripe keys to git** 🔐 **Use test keys for development/staging** 🔐 **Rotate keys if compromised** 🔐 **Webhook secrets prevent request forgery** ## Testing the Configuration Run this to test your Stripe setup: ```bash python -c " import os from app.services.stripe_service import validate_stripe_config from app import create_app app = create_app() with app.app_context(): try: validate_stripe_config() print('✅ Stripe configuration valid!') except Exception as e: print(f'❌ Stripe error: {e}') " ``` ## Enabling Payments When ready to enable payments, update `app/config.py`: ```python FEATURES = { "gamification_leaderboards": True, "payments": True, # Enable payments } ``` ## Troubleshooting **App won't start?** - Check all environment variables are set - Verify Stripe keys are valid (test with API call) - Check webhook endpoint is accessible **Authentication errors?** - Double-check secret key format: `sk_live_...` or `sk_test_...` - Ensure no extra spaces in environment variables - Verify keys match your Stripe account **Webhook issues?** - Confirm webhook URL is correct and accessible - Check webhook signing secret matches - Verify endpoint handles POST requests