Download the PHP package monkeyscloud/monkeyslegion-stripe without Composer

MonkeysLegion Stripe Integration

First-class Stripe integration package for the MonkeysLegion PHP framework, providing PSR-compliant HTTP clients and service container integration.

📋 What You'll Learn

This documentation covers everything you need to integrate Stripe payments into your MonkeysLegion application:

• 🚀 Quick Start: Get up and running in minutes with automated setup
• 🔧 Configuration: Environment variables, key management, and security setup
• 🔑 Key Management: Interactive CLI tools for managing Stripe API keys and webhook secrets
• 📋 Service Registration: Dependency injection setup with MonkeysLegion DI container
• 💳 Payment Operations: Complete API for payment intents, checkout sessions, subscriptions, and products
• 🔄 Test/Live Mode: Seamless switching between test and production environments
• 🪝 Webhook Handling: Secure webhook processing with signature verification and idempotency
• 📊 Logging: PSR-3 compatible logging with Monolog integration
• 🛡️ Security: Payload validation, size limits, and secure key storage

Documentation

All usage, configuration, and API references can be found in the official Monkeys Legion Stripe package documentation.

🚀 Quick Start

Features

• PSR-Compliant: Built with PSR standards for maximum compatibility
• Service Container Integration: Automatic dependency injection
• Configuration Management: Environment-based configuration with merging support
• HTTP Client Abstraction: PSR-18 HTTP client implementation
• Key Management: Built-in tools for managing Stripe API keys and webhook secrets
• Webhook Testing: Comprehensive webhook signature validation testing
• Environment Awareness: Supports .env.<stage> files for dev, prod, and test environments

Requirements

• PHP 8.4 or higher
• MonkeysLegion Core ^1.0
• MonkeysLegion DI ^1.0 (composer require monkeyscloud/monkeyslegion-di)
• Stripe PHP SDK ^17.3

Environment Awareness

The package supports environment-specific configurations using .env.<stage> files. By default, the dev environment is used. You can specify the environment using the --stage flag.

Example

The .env.<stage> file will be used based on the specified stage.

Installation

Install the package via Composer:

Configuration

Publish Configuration File

Publish the configuration file to your project:

Environment Variables

Configure your Stripe settings using the following environment variables:

Note: The key-helper utility validates only the essential Stripe keys. Additional configuration variables can be added manually to your .env files as needed.

Configuration Structure

The configuration file supports the following options:

Key Management

The package includes a comprehensive key management utility for generating, validating, and managing Stripe API keys and webhook secrets. All operations are performed through the command line interface.

Key-Helper Features

• Environment-Aware: Works with .env.dev, .env.prod, .env.test files
• Secure Key Generation: Uses cryptographically secure random bytes
• Format Validation: Validates Stripe key formats and structures
• Interactive Setup: Guided setup for all essential Stripe keys
• Key Rotation: Safe rotation of existing keys with backup
• Webhook Testing: Live webhook secret validation with Stripe SDK
• Batch Operations: Validate all keys at once or individually

Command Reference

Environment-Specific Key Management

The --stage flag allows you to manage keys for specific environments (dev, prod, test).

Example

The .env.<stage> file will be updated or validated based on the specified stage.

Default behavior without stage flag: Uses .env.dev file

Generate New Keys

Generate Default Secret Key

Generate Specific Key Types

Rotate Keys

Rotate Security Keys

Environment-Specific Rotation

Set Keys

Set Individual Keys

Interactive Setup Mode

Validate Keys

Validate All Keys

Validate Specific Keys

Validate Keys for a Specific Environment

Advanced Key Management

Show Current Key Values

List All Configuration Keys

Webhook Secret Testing

Key Validation Features

The key-helper validates different types of keys with specific format requirements:

Supported Validation Types

• Stripe Secret Keys: sk_test_* or sk_live_* format, minimum 20 characters
• Stripe Publishable Keys: pk_test_* or pk_live_* format, minimum 20 characters
• Webhook Secrets: whsec_* format, minimum 7 characters
• Generated Keys: 64-character hexadecimal strings for app keys
• Placeholder Validation: Accepts partial keys ending with ... for development

Error Handling

Environment File Management

The key-helper safely manages environment files with these features:

File Safety

• Atomic Operations: All file operations are atomic to prevent corruption
• Backup on Rotation: Old keys are displayed before replacement
• Comment Preservation: Comments in .env files are preserved during updates
• Directory Creation: Automatically creates directories if they don't exist

Multi-Environment Support

• Stage-Specific Files: Supports .env.dev, .env.prod, .env.test
• Environment Isolation: Each environment has separate key management
• Consistent Interface: Same commands work across all environments

Key Generation Security

• Cryptographically Secure: Uses PHP's random_bytes() for key generation
• Appropriate Formats: Generates keys in correct Stripe format (sktest, pktest, whsec_)
• Configurable Length: Supports different key lengths for different purposes

Service Registration

Registration

(In Your app.php)

register the service provider by: Install DI package via Composer:

bash

Set your webhook secret from Stripe Dashboard

php vendor/bin/key-helper set STRIPE_WEBHOOK_SECRET whsec_your_secret_here

Verify it's configured correctly

php vendor/bin/key-helper webhook:test env

Set your environment in .env file

APP_ENV=dev # Uses InMemoryStore APP_ENV=test # Uses SQLiteStore
APP_ENV=prod # Uses MySQLStore (requires database configuration) sql CREATE TABLE idempotency_store ( id INT AUTO_INCREMENT PRIMARY KEY, event_id VARCHAR(255) UNIQUE NOT NULL, processed_at DATETIME NOT NULL, expiry DATETIME NULL, data JSON NULL, INDEX idx_event_id (event_id), INDEX idx_expiry (expiry) ); env

Webhook processing configuration

STRIPE_TIMEOUT=60 # Timeout for webhook processing (seconds) STRIPE_WEBHOOK_RETRIES=3 # Maximum retry attempts (production only) STRIPE_WEBHOOK_TOLERANCE=20 # Signature timestamp tolerance (seconds) STRIPE_WEBHOOK_DEFAULT_TTL=172800 # Event storage TTL (48 hours in seconds) env

Configure webhook payload size limit

STRIPE_MAX_PAYLOAD_SIZE=131072 # 128KB (default) STRIPE_MAX_PAYLOAD_SIZE=262144 # 256KB (custom)

The payload validation includes:
- Size limit checking
- JSON format validation  
- Empty payload detection
- Detailed error logging for debugging