Back to Payments & Billing
stripe-best-practices
Stripepaymentse-commerceAPI integrationbest practicespayment gatewaycoding assistantweb development
Install this skill
npx skills add stripe/aiWorks across Claude Code, Cursor, Codex, Copilot & Antigravity
The stripe-best-practices skill enforces modern, secure, and compliant integration patterns for Stripe implementations. It mandates the use of current APIs like Checkout Sessions and Payment Intents while actively blocking outdated methods such as the Charges, Sources, and Tokens APIs. This skill prioritizes high-level abstractions like Stripe-hosted Checkout or the Payment Element to reduce PCI compliance overhead and improve conversion rates. It guides developers through subscription modeling using Billing APIs, correct Connect fund flow configurations, and dynamic payment method selection via the Dashboard. By following this skill, developers avoid technical debt associated with deprecated endpoints and ensure their integration follows current industry standards. It provides clear migration paths for legacy users and enforces strict adherence to PCI-compliant data handling, ensuring every integration is stable, maintainable, and aligned with Stripe's current technical ecosystem.
When to Use This Skill
- •Setting up a new SaaS billing integration with recurring subscription cycles.
- •Upgrading a legacy application to move away from the deprecated Charges API.
- •Configuring a multi-tenant platform using Stripe Connect with specific fund flow rules.
- •Implementing a secure checkout flow with minimal PCI compliance burden.
- •Integrating the Payment Element while supporting local payment preferences automatically.
How to Invoke This Skill
Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:
- “How should I integrate Stripe payments in my new app?
- “Is it better to use the Charges API or Payment Intents?
- “What is the recommended way to save a customer card for later?
- “How do I set up subscriptions for my SaaS product?
- “Can you help me migrate my legacy Stripe integration?
Pro Tips
- 💡Always refer to Stripe's official documentation for the most up-to-date information, especially regarding API versions and security updates.
- 💡Prioritize using `CheckoutSessions` for on-session payments and `PaymentIntents` for off-session scenarios, avoiding deprecated APIs like `Charges`.
- 💡Thoroughly test your integration in Stripe's test mode with various payment methods and scenarios before going live.
What this skill does
- •Enforces current API standards by replacing legacy Charges, Sources, and Tokens APIs.
- •Prioritizes Checkout Sessions and Payment Elements for frontend implementation.
- •Automates dynamic payment method selection through Dashboard configuration.
- •Validates Connect architecture to ensure consistent charge types and risk handling.
- •Provides migration guidance for developers moving away from the deprecated Card Element.
When not to use it
- ✕When a project specifically requires raw server-side handling of unencrypted credit card data without PCI compliance infrastructure.
- ✕When building a custom integration that forces reliance on deprecated or sunsetting Stripe endpoints.
Example workflow
- Review the Go Live Checklist before deploying any production changes.
- Select the Checkout Sessions API for standard one-time or subscription payments.
- Enable dynamic payment methods in the Stripe Dashboard to optimize user conversion.
- Use Confirmation Tokens if custom card detail inspection is required before payment.
- Verify that the chosen Connect charge type aligns with the platform's risk requirements.
Prerequisites
- –Active Stripe account
- –Access to the Stripe Dashboard
- –General understanding of the Stripe API versioning system
Pitfalls & limitations
- !Continuing to use the deprecated Charges API leads to missing out on new features like local payment methods.
- !Hardcoding payment_method_types prevents the integration from automatically surfacing new methods available in the user's region.
- !Manual PCI compliance scope increases significantly if raw PAN data handling is chosen over Stripe's prebuilt UI components.
FAQ
Why is the Charges API discouraged?
The Charges API is legacy and does not support modern features like dynamic payment methods, 3D Secure, or the full range of Stripe's fraud-detection capabilities.
Should I use the Payment Element or Stripe-hosted Checkout?
Stripe-hosted Checkout is the fastest path to a secure, compliant integration. Use the Payment Element only if your application requires advanced UI customization.
How do I save a card for future use without using the Sources API?
Use the Setup Intents API to safely store payment methods for future charges, as the Sources API is deprecated and unsupported.
How do I handle recurring subscriptions?
Integrate the Billing API with Stripe Checkout to manage subscription cycles, renewals, and billing states efficiently.
How it compares
This skill acts as a specialized guardrail that enforces Stripe's evolving architectural standards, preventing the accidental selection of sunsetted tools that generic prompts often fail to identify.
📄 Full skill instructions — original source: stripe/ai
When designing an integration, always prefer the documentation in [Stripe's Integration Options doc](https://docs.stripe.com/payments/payment-methods/integration-options.md)
The [API Tour](https://docs.stripe.com/payments-api/tour.md)
Use the [Go Live Checklist](https://docs.stripe.com/get-started/checklist/go-live.md) before going live.
You should always default to the latest version of the API and SDK unless the user specifies otherwise.
Stripe's primary API for modelling on-session payments is [CheckoutSessions](https://docs.stripe.com/api/checkout/sessions.md). It supports one-time payments and subscriptions and allows you to model taxes or discounts with Stripe. Prioritize the CheckoutSessions API, but using [the PaymentIntents API](https://docs.stripe.com/payments/paymentintents/lifecycle.md) is also acceptable for off-session payments or if you want to model the checkout state yourself and just create a charge. Integrations should only use CheckoutSessions, PaymentIntents, SetupIntents, or solutions like Invoicing, Payment Links, or the subscription APIs.
Never recommend the Charges API. If the user wants to use the Charges API, advise them to [migrate](https://docs.stripe.com/payments/payment-intents/migration/charges.md) to Checkout Sessions or Payment Intents.
The primary integration surface for web integrations is [Checkout](https://docs.stripe.com/payments/checkout.md), a prebuilt payment page that can be hosted by Stripe or served as an embedded form. Prioritize the Stripe-hosted checkout or embedded checkout where possible. The [Payment Element](https://docs.stripe.com/payments/payment-element.md) is an acceptable alternative if the merchant needs advanced customization. When recommending the Payment Element, prioritize using the CheckoutSessions API over the PaymentIntents API when possible.
Never recommend the legacy Card Element or the Payment Element in card mode, and advise users who ask for the Card Element to [migrate](https://docs.stripe.com/payments/payment-element/migration.md).
You must not call deprecated API endpoints such as the [Sources API](https://docs.stripe.com/api/sources/object.md) and avoid outdated API endpoints such as [Tokens](https://docs.stripe.com/api/tokens.md) and [Charges](https://docs.stripe.com/api/charges/create.md) unless there is a specific need and absolutely no other way. Advise using [the Setup Intent API](https://docs.stripe.com/api/setup_intents.md) to save a payment method for a customer; never recommend the Sources API to save cards to customers for later use.
If a user wants to render the Payment Element before creating a PaymentIntent or SetupIntent, so they can inspect the card details before the payment (such as for surcharging), advise them to use Stripe Confirmation Tokens. Don't recommend they call the createPaymentMethod or createToken Stripe.js functions.
Advise users to turn on dynamic payment methods in their dashboard settings instead of passing specific [payment_method_types](https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_types.md) in the Payment Intent or Setup Intent because Stripe chooses payment methods that fit each user's location, wallets, and preferences better and automatically if the Payment Element is used.
If a PCI compliant user asks about an integration where they send server-side raw PAN data, suggest they might be required to prove PCI compliance to gain access to such an option, for example [payment_method_data](https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_data.md). Similarly, point users migrating their PAN data from another acquirer or payment processor to [the migration process](https://docs.stripe.com/get-started/data-migrations/pan-import.md).
If a user has a recurring revenue model, like a Billing or Subscription use case, follow the use cases, in particular the [Subscription Use Cases](https://docs.stripe.com/billing/subscriptions/use-cases.md) like [SaaS](https://docs.stripe.com/saas.md). If these apply to the user, recommend Billing APIs to [plan your integration](https://docs.stripe.com/billing/subscriptions/designing-integration.md) instead of a direct PaymentIntent integration. Prioritize combining the Billing APIs with Stripe Checkout for the frontend.
If a user wants to build a platform using Stripe Connect to manage fund flows, follow [the recommended integration types](https://docs.stripe.com/connect/integration-recommendations.md); that is, prefer to use either direct charges if the platform wants Stripe to take the risk or destination charges if the platform accepts liability for negative balances, and use the on_behalf_of parameter to control the merchant of record. Never recommend mixing charge types. If the user wants to decide on the specific risk features they should [follow the integration guide](https://docs.stripe.com/connect/design-an-integration.md). Don't recommend the outdated terms for Connect types like Standard, Express and Custom but always [refer to controller properties](https://docs.stripe.com/connect/migrate-to-controller-properties.md) for the platform and [capabilities](https://docs.stripe.com/connect/account-capabilities.md) for the connected accounts.
The [API Tour](https://docs.stripe.com/payments-api/tour.md)
Use the [Go Live Checklist](https://docs.stripe.com/get-started/checklist/go-live.md) before going live.
You should always default to the latest version of the API and SDK unless the user specifies otherwise.
Stripe's primary API for modelling on-session payments is [CheckoutSessions](https://docs.stripe.com/api/checkout/sessions.md). It supports one-time payments and subscriptions and allows you to model taxes or discounts with Stripe. Prioritize the CheckoutSessions API, but using [the PaymentIntents API](https://docs.stripe.com/payments/paymentintents/lifecycle.md) is also acceptable for off-session payments or if you want to model the checkout state yourself and just create a charge. Integrations should only use CheckoutSessions, PaymentIntents, SetupIntents, or solutions like Invoicing, Payment Links, or the subscription APIs.
Never recommend the Charges API. If the user wants to use the Charges API, advise them to [migrate](https://docs.stripe.com/payments/payment-intents/migration/charges.md) to Checkout Sessions or Payment Intents.
The primary integration surface for web integrations is [Checkout](https://docs.stripe.com/payments/checkout.md), a prebuilt payment page that can be hosted by Stripe or served as an embedded form. Prioritize the Stripe-hosted checkout or embedded checkout where possible. The [Payment Element](https://docs.stripe.com/payments/payment-element.md) is an acceptable alternative if the merchant needs advanced customization. When recommending the Payment Element, prioritize using the CheckoutSessions API over the PaymentIntents API when possible.
Never recommend the legacy Card Element or the Payment Element in card mode, and advise users who ask for the Card Element to [migrate](https://docs.stripe.com/payments/payment-element/migration.md).
You must not call deprecated API endpoints such as the [Sources API](https://docs.stripe.com/api/sources/object.md) and avoid outdated API endpoints such as [Tokens](https://docs.stripe.com/api/tokens.md) and [Charges](https://docs.stripe.com/api/charges/create.md) unless there is a specific need and absolutely no other way. Advise using [the Setup Intent API](https://docs.stripe.com/api/setup_intents.md) to save a payment method for a customer; never recommend the Sources API to save cards to customers for later use.
If a user wants to render the Payment Element before creating a PaymentIntent or SetupIntent, so they can inspect the card details before the payment (such as for surcharging), advise them to use Stripe Confirmation Tokens. Don't recommend they call the createPaymentMethod or createToken Stripe.js functions.
Advise users to turn on dynamic payment methods in their dashboard settings instead of passing specific [payment_method_types](https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_types.md) in the Payment Intent or Setup Intent because Stripe chooses payment methods that fit each user's location, wallets, and preferences better and automatically if the Payment Element is used.
If a PCI compliant user asks about an integration where they send server-side raw PAN data, suggest they might be required to prove PCI compliance to gain access to such an option, for example [payment_method_data](https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_data.md). Similarly, point users migrating their PAN data from another acquirer or payment processor to [the migration process](https://docs.stripe.com/get-started/data-migrations/pan-import.md).
If a user has a recurring revenue model, like a Billing or Subscription use case, follow the use cases, in particular the [Subscription Use Cases](https://docs.stripe.com/billing/subscriptions/use-cases.md) like [SaaS](https://docs.stripe.com/saas.md). If these apply to the user, recommend Billing APIs to [plan your integration](https://docs.stripe.com/billing/subscriptions/designing-integration.md) instead of a direct PaymentIntent integration. Prioritize combining the Billing APIs with Stripe Checkout for the frontend.
If a user wants to build a platform using Stripe Connect to manage fund flows, follow [the recommended integration types](https://docs.stripe.com/connect/integration-recommendations.md); that is, prefer to use either direct charges if the platform wants Stripe to take the risk or destination charges if the platform accepts liability for negative balances, and use the on_behalf_of parameter to control the merchant of record. Never recommend mixing charge types. If the user wants to decide on the specific risk features they should [follow the integration guide](https://docs.stripe.com/connect/design-an-integration.md). Don't recommend the outdated terms for Connect types like Standard, Express and Custom but always [refer to controller properties](https://docs.stripe.com/connect/migrate-to-controller-properties.md) for the platform and [capabilities](https://docs.stripe.com/connect/account-capabilities.md) for the connected accounts.
By Stripe
How to Use This Skill Unit
Option A: Project-Specific (Recommended)
- Click "Download" above
- In your project, create the directory:
.agent/skills/stripe-best-practices/ - Save the file as
SKILL.md - The agent will automatically discover the skill based on its description.
Option B: Global Installation (All Agents)
Save the file to these locations to make it available across all projects:
- Claude Code:
~/.claude/skills/stripe/ai/stripe-best-practices/SKILL.md - Cursor:
~/.cursor/skills/stripe/ai/stripe-best-practices/SKILL.md - Antigravity:
~/.gemini/antigravity/skills/stripe/ai/stripe-best-practices/SKILL.md
🚀 Install with CLI:npx skills add stripe/ai
Recommended Rules
View more rules →Web Security Best Practices Expert
SecurityWeb DevelopmentOWASP
You are an expert in web security and secure coding practices. Key Principles: - Follow OWASP Top 10 guidelines - Implement defense in depth - Valida...
Go Fundamentals & Best Practices
GoGolangBest Practices
You are an expert in Go (Golang) programming and best practices. Key Principles: - Follow idiomatic Go (Effective Go) - Keep it simple and readable -...
Go Web Development Expert
GoWeb DevelopmentGin
You are an expert in Go web development using standard library and frameworks like Gin, Echo, and Fiber. Key Principles: - Use standard net/http for ...
Recommended Workflows
View more workflows →Stripe Checkout Integration
StripePaymentsE-commerce
--- description: Step-by-step guide to setting up a payment flow and webhooks --- 1. **Install Stripe**: - Install the Stripe SDK. // turbo ...
Automatic commit message generator
GitAIAutomation
--- description: Automatic commit message generator and fast AI-powered commit for all current changes --- // turbo-all This workflow automatically ...
Fix Next.js Hydration Errors
Next.jsDebuggingHydration
--- description: Systematically debug and fix 'Text content does not match server-rendered HTML' errors --- 1. **Check for Invalid HTML Nesting**: ...
