# Stripe Connections Documentation This document lists all Stripe connections in the codebase, including which endpoints use which .env variables for secret keys and webhook secrets. --- ## 1. Stripe Configuration Files ### `evergreen_pos_be/src/config/stripe.config.js` - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` - **Usage**: Default Stripe instance exported and used across multiple controllers - **API Version**: `2025-03-31.basil` --- ## 2. Routes and Endpoints ### 2.1. `/api/v1/stripe/*` (via `routes/Stripe.js`) **File**: `evergreen_pos_be/src/routes/Stripe.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|------------|----------------| | `/create-checkout-session` | POST | `STRIPE_SECRET_KEY` | - | | `/webhook` | POST | `STRIPE_SECRET_KEY` | `STRIPE_WEBHOOK_SECRET` | | `/checkout-success` | POST | `STRIPE_SECRET_KEY` | - | | `/payments` | GET | `STRIPE_SECRET_KEY` | - | | `/overall` | GET | `STRIPE_SECRET_KEY` | - | | `/today` | GET | `STRIPE_SECRET_KEY` | - | | `/monthly` | GET | `STRIPE_SECRET_KEY` | - | | `/weekly` | GET | `STRIPE_SECRET_KEY` | - | | `/client-transactions` | GET | `STRIPE_SECRET_KEY` | - | **Note**: This route file creates its own Stripe instance using `STRIPE_SECRET_KEY` (different from the config file). --- ### 2.2. `/api/v1/stripe-router/*` (via `routes/StripeRouter.js`) **File**: `evergreen_pos_be/src/routes/StripeRouter.js` **Controller**: `controllers/Stripe/Stripe-Controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/create-checkout-session` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET` | | `/checkout-success` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/payments` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/overall` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/today` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/monthly` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/weekly` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/client-transactions` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/readers` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/payment-status/:intentId` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/intiate-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/connection_token` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/termial-readers` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | **Note**: Controller creates its own Stripe instance using `STRIPE_SECRET_KEY_NUS_ECOM` (line 8). --- ### 2.3. `/api/v1/nus-shop/*` (via `routes/nursery/shop.route.js`) **File**: `evergreen_pos_be/src/routes/nursery/shop.route.js` **Controller**: `controllers/nursery/shop-controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/stripe-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM` | | `/create-payment-intent` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/create-session-product-plan` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | **Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handler uses `STRIPE_WEBHOOK_SECRET_ECOM`. **Also registered in**: `app.js` at `/api/v1/nus-shop/stripe-webhook` --- ### 2.4. `/api/v1/nus-sale/*` (via `routes/nursery/sale.route.js`) **File**: `evergreen_pos_be/src/routes/nursery/sale.route.js` **Controller**: `controllers/nursery/nursery.product.controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/payment-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM` | | `/create-payment-intent` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/initiate-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/cancel-reader-payment` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/get-payment-webhook-verify/:id` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | **Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handler uses `STRIPE_WEBHOOK_SECRET_ECOM`. --- ### 2.5. `/api/v1/product-quotation/*` (via `routes/ProductQuotation/product-quote.routes.js`) **File**: `evergreen_pos_be/src/routes/ProductQuotation/product-quote.routes.js` **Controller**: `controllers/ProductQuotation/product-quote.controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/webhook` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | `STRIPE_WEBHOOK_PROD_QUOTE` | | `/create-quote` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/send-acceptance-link/:quoteId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/accept-quote/:token` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/:quoteId/create-payment-link` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/add-installment-customer` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/add-installment-admin` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/create_product_payment_link/:invoiceId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | | `/create_payment_link_for_customers_product/:invoiceId` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | **Note**: Controller creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 2). --- ### 2.6. `/api/v1/product-quote/*` (via `routes/productQuoteRoute.js`) **File**: `evergreen_pos_be/src/routes/productQuoteRoute.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/webhook` | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | `STRIPE_WEBHOOK_PROD_QUOTE` | **Note**: Creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 19). --- ### 2.7. `/api/v1/product-invoice/*` (via `routes/productInvoiceRoute.js`) **File**: `evergreen_pos_be/src/routes/productInvoiceRoute.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | Various checkout endpoints | POST | `STRIPE_SECRET_KEY_PROD_QUOTE` | - | **Note**: Creates its own Stripe instance using `STRIPE_SECRET_KEY_PROD_QUOTE` (line 9). --- ### 2.8. `/api/v1/invoicee/*` (via `routes/EvergreenInvoice/evergreen-invoice-routers.js`) **File**: `evergreen_pos_be/src/routes/EvergreenInvoice/evergreen-invoice-routers.js` **Controller**: `routes/EvergreenInvoice/EverGreen-invoice-controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/invoice-payment-webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` | | `/stripe/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` | | `/stripe/verify-payment/:sessionId` | GET | `STRIPE_SECRET_KEY_NUS_ECOM` | - | **Note**: Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`). Webhook handlers use `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE`. **Also registered in**: `app.js` at `/api/v1/invoicee/stripe/webhook` --- ### 2.9. `/api/v1/subscription/*` (via `routes/subscripiton/subscription.route.js`) **File**: `evergreen_pos_be/src/routes/subscripiton/subscription.route.js` **Controllers**: - `controllers/subscription.controller.js` - `controllers/webhook.controller.js` | Endpoint | Method | Secret Key | Webhook Secret | |----------|--------|-----------|----------------| | `/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` | | `/stripe/webhook` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` | | `/create` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | | `/admin-create-session-product-plan` | POST | `STRIPE_SECRET_KEY_NUS_ECOM` | - | **Note**: - Uses `stripe.config.js` (which uses `STRIPE_SECRET_KEY_NUS_ECOM`) - `/webhook` uses `subscriptionService.constructWebhookEvent()` which uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` - `/stripe/webhook` uses `subscriptionService.constructWebhookEventForProduct()` which uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` --- ## 3. Services Using Stripe ### 3.1. `services/stripe.service.js` - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`) - **Functions**: - `ensureStripeCustomer()` - Creates/retrieves Stripe customers - `createCompositePrice()` - Creates Stripe prices --- ### 3.2. `services/nursery/payment.service.js` - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`) - **Functions**: - `handleStripeCheckout()` - Creates Stripe checkout sessions - `handleStripeCheckoutForOrder()` - Creates Stripe checkout sessions for orders --- ### 3.3. `services/subscripiton.service.js` - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`) - **Webhook Secrets**: - `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` (for subscription webhooks) - `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` (for product plan webhooks) - **Functions**: - `constructWebhookEvent()` - Uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` - `constructWebhookEventForProduct()` - Uses `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` - Various subscription management functions --- ### 3.4. `config/stripe.termianl.js` - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` (via `stripe.config.js`) - **Functions**: - `createTerminalPayment()` - Creates terminal payment intents --- ## 4. Summary of .env Variables Required ### Secret Keys: 1. `STRIPE_SECRET_KEY` - Used by `routes/Stripe.js` 2. `STRIPE_SECRET_KEY_NUS_ECOM` - Used by most controllers/services (via `stripe.config.js`) 3. `STRIPE_SECRET_KEY_PROD_QUOTE` - Used by product quotation routes/controllers ### Webhook Secrets: 1. `STRIPE_WEBHOOK_SECRET` - Used by `routes/Stripe.js` and `controllers/Stripe/Stripe-Controller.js` 2. `STRIPE_WEBHOOK_SECRET_ECOM` - Used by nursery shop and sale webhooks 3. `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` - Used by Evergreen invoice webhooks 4. `STRIPE_WEBHOOK_PROD_QUOTE` - Used by product quotation webhooks 5. `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` - Used by subscription webhooks 6. `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` - Used by product plan subscription webhooks --- ## 5. Quick Reference by Feature ### E-commerce/Nursery Shop - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` - **Webhook Secret**: `STRIPE_WEBHOOK_SECRET_ECOM` - **Endpoints**: `/api/v1/nus-shop/stripe-webhook`, `/api/v1/nus-sale/payment-webhook` ### Product Quotations - **Secret Key**: `STRIPE_SECRET_KEY_PROD_QUOTE` - **Webhook Secret**: `STRIPE_WEBHOOK_PROD_QUOTE` - **Endpoints**: `/api/v1/product-quotation/webhook`, `/api/v1/product-quote/webhook` ### Invoices (Evergreen) - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` - **Webhook Secret**: `STRIPE_WEBHOOK_SECRET_ECOM_INVOICE` - **Endpoints**: `/api/v1/invoicee/stripe/webhook`, `/api/v1/invoicee/invoice-payment-webhook` ### Subscriptions - **Secret Key**: `STRIPE_SECRET_KEY_NUS_ECOM` - **Webhook Secrets**: - `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET` (general subscriptions) - `STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT` (product plans) - **Endpoints**: `/api/v1/subscription/webhook`, `/api/v1/subscription/stripe/webhook` ### Legacy Stripe Routes - **Secret Key**: `STRIPE_SECRET_KEY` - **Webhook Secret**: `STRIPE_WEBHOOK_SECRET` - **Endpoints**: `/api/v1/stripe/*` --- ## 6. Important Notes 1. **Multiple Stripe Instances**: The codebase uses different Stripe instances for different features: - `STRIPE_SECRET_KEY_NUS_ECOM` - Main e-commerce/nursery operations - `STRIPE_SECRET_KEY_PROD_QUOTE` - Product quotations - `STRIPE_SECRET_KEY` - Legacy routes 2. **Webhook Security**: All webhook endpoints use `express.raw({ type: 'application/json' })` middleware to ensure raw body parsing for signature verification. 3. **Terminal Operations**: Terminal-related operations (readers, connection tokens) use `STRIPE_SECRET_KEY_NUS_ECOM`. 4. **Configuration File**: Most controllers import from `config/stripe.config.js`, which uses `STRIPE_SECRET_KEY_NUS_ECOM`. Some routes create their own Stripe instances directly. --- ## 7. Environment Variables Checklist Ensure these are set in your `.env` file: ```env # Main E-commerce/Nursery STRIPE_SECRET_KEY_NUS_ECOM=sk_... STRIPE_WEBHOOK_SECRET_ECOM=whsec_... # Product Quotations STRIPE_SECRET_KEY_PROD_QUOTE=sk_... STRIPE_WEBHOOK_PROD_QUOTE=whsec_... # Invoices STRIPE_WEBHOOK_SECRET_ECOM_INVOICE=whsec_... # Subscriptions STRIPE_SUBSCRIPTION_WEBHOOK_SECRET=whsec_... STRIPE_SUBSCRIPTION_WEBHOOK_SECRET_PRODUCT=whsec_... # Legacy (if still in use) STRIPE_SECRET_KEY=sk_... STRIPE_WEBHOOK_SECRET=whsec_... ``` --- **Last Updated**: Generated from codebase analysis **Total Stripe Endpoints Found**: 50+ endpoints across multiple routes