Stripe at Avo

Stripe is Avo's default payments layer for every client SaaS project that collects revenue. The integration pattern is the same across builds: Stripe Checkout handles the payment session, webhook handlers on the server process fulfillment events, and the Stripe Customer Portal handles plan changes and cancellations.

The webhook setup is where most teams get burned. Avo uses a single webhook endpoint per project, validates the Stripe-Signature header against the webhook secret on every request, and delegates to typed handler functions keyed by event name. The handlers run idempotently. Duplicate delivery from Stripe's at-least-once guarantee does not cause double-charges or double-provisioning.

Subscription state is never inferred from the Stripe API at request time. Avo caches subscription status to the application database on every relevant webhook event and reads from there. This removes Stripe as a dependency from the request path, keeps API latency predictable, and lets the app continue working during brief Stripe outages.

Example workflow: wiring Stripe subscriptions into a new client SaaS build. 1. Create Products and Prices in Stripe for each plan tier (Monthly Free, Pro $49/mo, Team $149/mo). Store the Price ID in the application database, not hardcoded in the codebase. 2. On the /upgrade page, call the Stripe Checkout API server-side to create a session. Redirect the user to session.url. Never handle card details in your own frontend. 3. Create a single /api/webhooks/stripe route. Validate the Stripe-Signature header with stripe.webhooks.constructEvent before reading any event data. 4. Handle customer.subscription.created, customer.subscription.updated, and customer.subscription.deleted. Each handler writes the new subscription status to a subscriptions table in the application database. 5. On every authenticated request, read the plan from your subscriptions table. Never call the Stripe API in the request path. 6. For payment failures (invoice.payment_failed), trigger a Resend email to the customer and mark their account as past_due. Give them a 3-day grace window before restricting access.

Current live usage includes metered billing for API-based products (charge-per-call pricing) and fixed-tier subscriptions for SaaS platforms. The Avo site itself runs on Stripe for plan management.