Name: stripe-best-practices
Rating: 90.4 (1 reviews)
Author: stripe

stripe-best-practices

Guides Stripe integration decisions — API selection (Checkout Sessions vs PaymentIntents), Connect platform setup (Accounts v2, controller properties), billing/subscriptions, Treasury financial accounts, integration surfaces (Checkout, Payment Element), migrating from deprecated Stripe APIs, and security best practices (API key management, restricted keys, webhooks, OAuth). Use when building, modifying, or reviewing any Stripe integration — including accepting payments, building marketplaces, integrating Stripe, processing payments, setting up subscriptions, creating connected accounts, or implementing secure key handling.

1.29x

Quality

86%

Does it follow best practices?

Impact

96%

1.29x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Evaluation results

100%

10%

Membership Platform Subscription Integration

SaaS subscription billing setup

Criteria

Without context

With context

Billing API usage

100%

Checkout Sessions for frontend

100%

No payment_method_types on session

100%

Prices not Plans

100%

No manual renewal loop

100%

Customer Portal for self-service

100%

Restricted API key

100%

Latest API version

100%

Webhook signature verification

100%

No Charges API

100%

98%

20%

Freelance Marketplace Payment Platform

Connect marketplace account onboarding

Criteria

Without context

With context

Accounts v2 API

100%

No legacy type parameter

100%

Controller properties used

100%

No legacy account type terms

100%

Stripe-hosted onboarding

100%

Single charge type

100%

PaymentIntents or Checkout for fund flows

100%

No payment_method_types

100%

Restricted API key

100%

Latest API version

100%

60%

92%

38%

Stripe Integration Security Audit and Hardening

API key security hardening

Criteria

Without context

With context

No hardcoded key

100%

Restricted API key recommended

100%

Webhook signature verification

100%

No key logging

100%

Debug env-dump endpoint removed

100%

Pre-commit hook created

100%

payment_method_types removed

100%

IP allowlist recommended

100%

Separate env keys

100%

Stripe IP allowlist for webhooks

Repository: stripe/ai
Commit: ec93d4c

Evaluated: 10 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Membership Platform Subscription Integration Freelance Marketplace Payment Platform Stripe Integration Security Audit and Hardening

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.