|
# Stripe Connections Documentation
|
|
|
|
This document lists all Stripe connections in the codebase, including which endpoints use which .env variables for secret keys and webhook secrets.
|
|
|
|
---
|
|
|
|
## 1. Stripe Configuration Files
|
|
|
|
### `evergreen_pos_be/src/config/stripe.config.js`
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM`
|
|
- **Usage**: Default Stripe instance exported and used across multiple controllers
|
|
- **API Version**: `2025-03-31.basil`
|
|
|
|
---
|
|
|
|
## 2. Routes and Endpoints
|
|
|
|
### 2.1. `/api/v1/stripe/*` (via `routes/Stripe.js`)
|
|
**File**: `evergreen_pos_be/src/routes/Stripe.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|------------|----------------|
|
|
| `/create-checkout-session` | POST | `STRIPE_SECRET_KEY` | - |
|
|
| `/webhook` | POST | `STRIPE_SECRET_KEY` | `STRIPE_WEBHOOK_SECRET` |
|
|
| `/checkout-success` | POST | `STRIPE_SECRET_KEY` | - |
|
|
| `/payments` | GET | `STRIPE_SECRET_KEY` | - |
|
|
| `/overall` | GET | `STRIPE_SECRET_KEY` | - |
|
|
| `/today` | GET | `STRIPE_SECRET_KEY` | - |
|
|
| `/monthly` | GET | `STRIPE_SECRET_KEY` | - |
|
|
| `/weekly` | GET | `STRIPE_SECRET_KEY` | - |
|
|
| `/client-transactions` | GET | `STRIPE_SECRET_KEY` | - |
|
|
|
|
**Note**: This route file creates its own Stripe instance using `STRIPE_SECRET_KEY` (different from the config file).
|
|
|
|
---
|
|
|
|
### 2.2. `/api/v1/stripe-router/*` (via `routes/StripeRouter.js`)
|
|
**File**: `evergreen_pos_be/src/routes/StripeRouter.js`
|
|
**Controller**: `controllers/Stripe/Stripe-Controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/create-checkout-session` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET` |
|
|
| `/checkout-success` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/payments` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/overall` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/today` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/monthly` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/weekly` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/client-transactions` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/readers` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/payment-status/:intentId` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/intiate-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/connection_token` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/termial-readers` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
|
|
**Note**: Controller creates its own Stripe instance using `STRIPE_SECRET_KEY_NUS_ECOM` (line 8).
|
|
|
|
---
|
|
|
|
### 2.3. `/api/v1/nus-shop/*` (via `routes/nursery/shop.route.js`)
|
|
**File**: `evergreen_pos_be/src/routes/nursery/shop.route.js`
|
|
**Controller**: `controllers/nursery/shop-controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/stripe-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM` |
|
|
| `/create-payment-intent` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/create-session-product-plan` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
|
|
**Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handler uses `STRIPE_WEBHOOK_SECRET_ECOM`.
|
|
|
|
**Also registered in**: `app.js` at `/api/v1/nus-shop/stripe-webhook`
|
|
|
|
---
|
|
|
|
### 2.4. `/api/v1/nus-sale/*` (via `routes/nursery/sale.route.js`)
|
|
**File**: `evergreen_pos_be/src/routes/nursery/sale.route.js`
|
|
**Controller**: `controllers/nursery/nursery.product.controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/payment-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM` |
|
|
| `/create-payment-intent` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/initiate-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/cancel-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/get-payment-webhook-verify/:id` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
|
|
**Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handler uses `STRIPE_WEBHOOK_SECRET_ECOM`.
|
|
|
|
---
|
|
|
|
### 2.5. `/api/v1/product-quotation/*` (via `routes/ProductQuotation/product-quote.routes.js`)
|
|
**File**: `evergreen_pos_be/src/routes/ProductQuotation/product-quote.routes.js`
|
|
**Controller**: `controllers/ProductQuotation/product-quote.controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/webhook` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | `STRIPE_WEBHOOK_PROD_QUOTE` |
|
|
| `/create-quote` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/send-acceptance-link/:quoteId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/accept-quote/:token` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/:quoteId/create-payment-link` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/add-installment-customer` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/add-installment-admin` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/create_product_payment_link/:invoiceId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
| `/create_payment_link_for_customers_product/:invoiceId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
|
|
**Note**: Controller creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 2).
|
|
|
|
---
|
|
|
|
### 2.6. `/api/v1/product-quote/*` (via `routes/productQuoteRoute.js`)
|
|
**File**: `evergreen_pos_be/src/routes/productQuoteRoute.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/webhook` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | `STRIPE_WEBHOOK_PROD_QUOTE` |
|
|
|
|
**Note**: Creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 19).
|
|
|
|
---
|
|
|
|
### 2.7. `/api/v1/product-invoice/*` (via `routes/productInvoiceRoute.js`)
|
|
**File**: `evergreen_pos_be/src/routes/productInvoiceRoute.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| Various checkout endpoints | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - |
|
|
|
|
**Note**: Creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 9).
|
|
|
|
---
|
|
|
|
### 2.8. `/api/v1/invoicee/*` (via `routes/EvergreenInvoice/evergreen-invoice-routers.js`)
|
|
**File**: `evergreen_pos_be/src/routes/EvergreenInvoice/evergreen-invoice-routers.js`
|
|
**Controller**: `routes/EvergreenInvoice/EverGreen-invoice-controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/invoice-payment-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` |
|
|
| `/stripe/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` |
|
|
| `/stripe/verify-payment/:sessionId` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
|
|
**Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handlers use `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE`.
|
|
|
|
**Also registered in**: `app.js` at `/api/v1/invoicee/stripe/webhook`
|
|
|
|
---
|
|
|
|
### 2.9. `/api/v1/subscription/*` (via `routes/subscripiton/subscription.route.js`)
|
|
**File**: `evergreen_pos_be/src/routes/subscripiton/subscription.route.js`
|
|
**Controllers**:
|
|
- `controllers/subscription.controller.js`
|
|
- `controllers/webhook.controller.js`
|
|
|
|
| Endpoint | Method | Secret Key | Webhook Secret |
|
|
|----------|--------|-----------|----------------|
|
|
| `/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` |
|
|
| `/stripe/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` |
|
|
| `/create` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
| `/admin-create-session-product-plan` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - |
|
|
|
|
**Note**:
|
|
- Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`)
|
|
- `/webhook` uses `subscriptionService.constructWebhookEvent()` which uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET`
|
|
- `/stripe/webhook` uses `subscriptionService.constructWebhookEventForProduct()` which uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT`
|
|
|
|
---
|
|
|
|
## 3. Services Using Stripe
|
|
|
|
### 3.1. `services/stripe.service.js`
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`)
|
|
- **Functions**:
|
|
- `ensureStripeCustomer()` - Creates/retrieves Stripe customers
|
|
- `createCompositePrice()` - Creates Stripe prices
|
|
|
|
---
|
|
|
|
### 3.2. `services/nursery/payment.service.js`
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`)
|
|
- **Functions**:
|
|
- `handleStripeCheckout()` - Creates Stripe checkout sessions
|
|
- `handleStripeCheckoutForOrder()` - Creates Stripe checkout sessions for orders
|
|
|
|
---
|
|
|
|
### 3.3. `services/subscripiton.service.js`
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`)
|
|
- **Webhook Secrets**:
|
|
- `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` (for subscription webhooks)
|
|
- `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` (for product plan webhooks)
|
|
- **Functions**:
|
|
- `constructWebhookEvent()` - Uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET`
|
|
- `constructWebhookEventForProduct()` - Uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT`
|
|
- Various subscription management functions
|
|
|
|
---
|
|
|
|
### 3.4. `config/stripe.termianl.js`
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`)
|
|
- **Functions**:
|
|
- `createTerminalPayment()` - Creates terminal payment intents
|
|
|
|
---
|
|
|
|
## 4. Summary of .env Variables Required
|
|
|
|
### Secret Keys:
|
|
1. `STRIPE_SECRET_KEY` - Used by `routes/Stripe.js`
|
|
2. `STRIPE_SECRET_KEY_NUS_ECOM` - Used by most controllers/services (via `stripe.config.js`)
|
|
3. `STRIPE_SECRET_KEY_PROD_QUOTE` - Used by product quotation routes/controllers
|
|
|
|
### Webhook Secrets:
|
|
1. `STRIPE_WEBHOOK_SECRET` - Used by `routes/Stripe.js` and `controllers/Stripe/Stripe-Controller.js`
|
|
2. `STRIPE_WEBHOOK_SECRET_ECOM` - Used by nursery shop and sale webhooks
|
|
3. `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` - Used by Evergreen invoice webhooks
|
|
4. `STRIPE_WEBHOOK_PROD_QUOTE` - Used by product quotation webhooks
|
|
5. `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` - Used by subscription webhooks
|
|
6. `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` - Used by product plan subscription webhooks
|
|
|
|
---
|
|
|
|
## 5. Quick Reference by Feature
|
|
|
|
### E-commerce/Nursery Shop
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM`
|
|
- **Webhook Secret**: `STRIPE_WEBHOOK_SECRET_ECOM`
|
|
- **Endpoints**: `/api/v1/nus-shop/stripe-webhook`, `/api/v1/nus-sale/payment-webhook`
|
|
|
|
### Product Quotations
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_PROD_QUOTE`
|
|
- **Webhook Secret**: `STRIPE_WEBHOOK_PROD_QUOTE`
|
|
- **Endpoints**: `/api/v1/product-quotation/webhook`, `/api/v1/product-quote/webhook`
|
|
|
|
### Invoices (Evergreen)
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM`
|
|
- **Webhook Secret**: `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE`
|
|
- **Endpoints**: `/api/v1/invoicee/stripe/webhook`, `/api/v1/invoicee/invoice-payment-webhook`
|
|
|
|
### Subscriptions
|
|
- **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM`
|
|
- **Webhook Secrets**:
|
|
- `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` (general subscriptions)
|
|
- `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` (product plans)
|
|
- **Endpoints**: `/api/v1/subscription/webhook`, `/api/v1/subscription/stripe/webhook`
|
|
|
|
### Legacy Stripe Routes
|
|
- **Secret Key**: `STRIPE_SECRET_KEY`
|
|
- **Webhook Secret**: `STRIPE_WEBHOOK_SECRET`
|
|
- **Endpoints**: `/api/v1/stripe/*`
|
|
|
|
---
|
|
|
|
## 6. Important Notes
|
|
|
|
1. **Multiple Stripe Instances**: The codebase uses different Stripe instances for different features:
|
|
- `STRIPE_SECRET_KEY_NUS_ECOM` - Main e-commerce/nursery operations
|
|
- `STRIPE_SECRET_KEY_PROD_QUOTE` - Product quotations
|
|
- `STRIPE_SECRET_KEY` - Legacy routes
|
|
|
|
2. **Webhook Security**: All webhook endpoints use `express.raw({ type: 'application/json' })` middleware to ensure raw body parsing for signature verification.
|
|
|
|
3. **Terminal Operations**: Terminal-related operations (readers, connection tokens) use `STRIPE_SECRET_KEY_NUS_ECOM`.
|
|
|
|
4. **Configuration File**: Most controllers import from `config/stripe.config.js`, which uses `STRIPE_SECRET_KEY_NUS_ECOM`. Some routes create their own Stripe instances directly.
|
|
|
|
---
|
|
|
|
## 7. Environment Variables Checklist
|
|
|
|
Ensure these are set in your `.env` file:
|
|
|
|
```env
|
|
# Main E-commerce/Nursery
|
|
STRIPE_SECRET_KEY_NUS_ECOM=sk_...
|
|
STRIPE_WEBHOOK_SECRET_ECOM=whsec_...
|
|
|
|
# Product Quotations
|
|
STRIPE_SECRET_KEY_PROD_QUOTE=sk_...
|
|
STRIPE_WEBHOOK_PROD_QUOTE=whsec_...
|
|
|
|
# Invoices
|
|
STRIPE_WEBHOOK_SECRET_ECOM_INVOICE=whsec_...
|
|
|
|
# Subscriptions
|
|
STRIPE_SUBSCRIPTION_WEBHOOK_SECRET=whsec_...
|
|
STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT=whsec_...
|
|
|
|
# Legacy (if still in use)
|
|
STRIPE_SECRET_KEY=sk_...
|
|
STRIPE_WEBHOOK_SECRET=whsec_...
|
|
```
|
|
|
|
---
|
|
|
|
**Last Updated**: Generated from codebase analysis
|
|
**Total Stripe Endpoints Found**: 50+ endpoints across multiple routes
|