☀️ Enrolling now for Phase 1 of our Summer 2026 STEM Cohort! Secure a Desk →

Systems Documentation Library

Reference guides and step-by-step Standard Operating Procedures (SOPs).

Launch Portal

Stripe Payments Integration Setup

Standard Operating Procedure ID: SOP-TECH-002
Version: 3.0.0
Effective Date: Summer Term 2026
Owner: Marcus Ruiz, Lead Operations Architect


1. Overview

This project now uses real Stripe Checkout session creation for website registration payments and public donations.

Implemented pieces:

  • Public registration flow hands off to hosted Stripe Checkout
  • Public donation flow hands off to hosted Stripe Checkout
  • Promo code support for APEXEXPLORE
  • Full scholarship bypass support for APEXSCHOLAR
  • Stripe return pages at /register/success, /register/cancel, /donate/success, and /donate/cancel
  • Cloudflare Pages Functions endpoints:
    • POST /api/stripe/create-registration-checkout
    • POST /api/stripe/create-donation-checkout
    • GET /api/stripe/session?session_id=...
    • POST /api/stripe/webhook

2. Environment Variables

Cloudflare Pages / production

Add these environment variables in the hosting dashboard:

STRIPE_SECRET_KEY=sk_test_yourkeyhere
STRIPE_WEBHOOK_SECRET=whsec_yourwebhooksecrethere
STRIPE_WEBHOOK_SECRET_SNAPSHOT=whsec_your_snapshot_secret_here
STRIPE_WEBHOOK_SECRET_THIN=whsec_your_thin_secret_here
PUBLIC_PARENT_CONSULT_URL=https://calendly.com/your-team/parent-consult

Local development with Wrangler

Create a local .dev.vars file from .dev.vars.example:

cp .dev.vars.example .dev.vars

Then set:

STRIPE_SECRET_KEY=sk_test_yourkeyhere
STRIPE_WEBHOOK_SECRET=whsec_yourwebhooksecrethere
STRIPE_WEBHOOK_SECRET_SNAPSHOT=whsec_your_snapshot_secret_here
STRIPE_WEBHOOK_SECRET_THIN=whsec_your_thin_secret_here

3. Stripe Dashboard Setup

  1. Log into the organization’s Stripe Dashboard
  2. Turn on Test Mode
  3. Go to Developers → API keys
  4. Copy the Secret key (sk_test_...)
  5. Go to Developers → Webhooks
  6. Create a webhook endpoint for /api/stripe/webhook
  7. Copy the webhook signing secret (whsec_...)
  8. If Stripe gives you separate snapshot and thin signing secrets, keep both
  9. Add the secret(s) to Cloudflare Pages or local .dev.vars

Recommended subscribed event:

  • checkout.session.completed

4. Current Registration Discount Behavior

The website currently supports these codes directly in application logic:

  • APEXEXPLORE → $20 off tuition
  • APEXSCHOLAR → 100% tuition scholarship, no card charged

In addition, hosted Stripe Checkout is configured with:

  • allow_promotion_codes = true

That means Stripe dashboard-managed promotion codes can also be entered during checkout.


5. Local Test Flow

Build the site:

npm run build

Preview it with Cloudflare Pages Functions enabled:

npx wrangler pages dev dist --compatibility-date=2026-06-05

Then:

  1. Open /register
  2. Complete the student registration wizard
  3. Choose a program
  4. Optionally apply:
    • APEXEXPLORE
    • APEXSCHOLAR
  5. Continue to Stripe Checkout
  6. Complete sandbox payment with a Stripe test card if paying normally
  7. Confirm the return flow at /register/success
  8. Open /donate to test one-time public donations

6. Scheduling Handoff

After a successful registration return, the confirmation page can send families directly into a parent consultation link.

Set the public scheduling URL in site environment config:

PUBLIC_PARENT_CONSULT_URL=https://calendly.com/your-team/parent-consult

If this value is not set, the site falls back to /contact.


7. Webhook Verification

A webhook endpoint now exists at:

POST /api/stripe/webhook

This endpoint verifies the Stripe signature using any configured webhook secret from:

  • STRIPE_WEBHOOK_SECRET
  • STRIPE_WEBHOOK_SECRET_SNAPSHOT
  • STRIPE_WEBHOOK_SECRET_THIN

8. Operational Notes

  • Scholarship registrations do not require card entry
  • Payment confirmation pages write completed registrations and donations back into the local website ops dashboard in the same browser session
  • Secret keys are not exposed client-side
  • Registration success pages can hand families off to a Calendly URL through PUBLIC_PARENT_CONSULT_URL
  • If STRIPE_SECRET_KEY is missing, paid checkout requests will return a configuration error

Recommended follow-up implementation items:

  1. Persist confirmed payments to a real backend or CRM instead of browser-local demo storage
  2. Send email confirmations and internal notifications from webhook events
  3. Sync completed registrations and donations into HubSpot or Mailchimp
  4. Add recurring donation mode if the organization wants monthly giving