#Leo17

hi! not really no since a backend server is required since creating a subscription mainly involved making API calls using your secret key

depends really what your overall use case is but for example embedding a PaymentLink in your page/script might be a better option https://stripe.com/docs/payments/payment-links

So, I have a payment link, and I'm just trying to figure out how to use Stripe's webhooks to confirm payment was actually made to determine eligibility

Is there sample code on how to verify payment status aftter they use the payment link? That can then be captured as a T/F and then access can be granted or not?

you'd use the checkout.session.completed event (https://stripe.com/docs/payments/checkout/fulfill-orders) listening from your backend server

the status is complete if are handling the checkout.session.completed event since that indicates the customer visited the hosted page and paid and completed it

Oh, my dev had a question about that, do you need to have a backend server to handle webhooks or can it just be called via JavaScript and handled directly between the App & Stripe vs. using something like Firebase?

not sure what you mean since I would call Firebase a backend.

but yes you need a server that runs somewhere with a public URL, that you can run aribtary code on

Yeah, do we need to use Firebase?

So you can't just use JavaScript & Stripe?

no, you can use anything you like or that works for your overall application, like Firebase or Heroku or a private VPS or so on

where would you keep your secret API key if there was only frontend code(which is all exposed to the customer in their browser)?

Oh, interesting

So I was reading some blogs about this and some YT videos and this guy posted his sample code using Stripe: https://script.google.com/home/projects/1jqR2OrwbN-1PcHKUE2_Yl3DwEGMFondg4UGehlhlf4WxuNq5pQrxwTji/edit

Is he using a backend then?

It's from this series: https://sites.google.com/view/totallyunscripted/themes/monetization

not sure, maybe his code is insecure? We don't officially support Google Apps Script or make our own guides or have knowledge on integrating that way

So, to be clear

oh what's that

what's*

I don't know much about Apps Script but maybe this code is visibile to anyone using the script, and they can just take your key from there and make API requests to refund all charges on your account etc? I could be wrong, I don't want to cast aspersions, like I said, we don't know about Apps Script

it's some of the code from the person you linked

So basically, what I'm trying to do is create a Google Editor Add-on and determine access eligibility after they use the Payment Link which I assume is associated to an email address.

Given your experience with other customers, what do you think is the easiest/low-code way to do this?

PaymentLinks

and a backend server hosting your own code

and within the backend server, you would listen for webhooks?

it's up to you and your developer really how you do that part, since you probably need your backend for other things(like calling other APIs or enabling access to some service or connecting to a shipping provider for whatever it is the customer is actually paying for)

yes

Ah