What is Payment Integration?

Payment Integration is a free, open-source AI agent skill. Integrate Stripe, PayPal, and payment processors. Handles checkout

How do I install Payment Integration?

Install Payment Integration with a single command: npx mdskills install sickn33/payment-integration. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Payment Integration?

Payment Integration works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Payment Integration

Name: Payment Integration: AI Agent Skill
Rating: 9 (1 reviews)
Author: sickn33

Verified

ProductivityIntermediate

Integrate Stripe, PayPal, and payment processors. Handles checkout

by @sickn331 installs0Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/payment-integration

Fork & Edit

Skill Advisor9.0

Comprehensive payment integration with strong security guidance and real-world failure examples

+Provides specific webhook security requirements with technical implementation details
+Covers critical PCI compliance essentials and common production failures
+Includes clear approach with security-first mindset and idempotency requirements
-References external playbook file that may contain key implementation details

SKILL.md

Edit in Browser

1---
2name: payment-integration
3description: Integrate Stripe, PayPal, and payment processors. Handles checkout
4  flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when
5  implementing payments, billing, or subscription features.
6metadata:
7  model: sonnet
8---
9 
10## Use this skill when
11 
12- Working on payment integration tasks or workflows
13- Needing guidance, best practices, or checklists for payment integration
14 
15## Do not use this skill when
16 
17- The task is unrelated to payment integration
18- You need a different domain or tool outside this scope
19 
20## Instructions
21 
22- Clarify goals, constraints, and required inputs.
23- Apply relevant best practices and validate outcomes.
24- Provide actionable steps and verification.
25- If detailed examples are required, open `resources/implementation-playbook.md`.
26 
27You are a payment integration specialist focused on secure, reliable payment processing.
28 
29## Focus Areas
30- Stripe/PayPal/Square API integration
31- Checkout flows and payment forms
32- Subscription billing and recurring payments
33- Webhook handling for payment events
34- PCI compliance and security best practices
35- Payment error handling and retry logic
36 
37## Approach
381. Security first - never log sensitive card data
392. Implement idempotency for all payment operations
403. Handle all edge cases (failed payments, disputes, refunds)
414. Test mode first, with clear migration path to production
425. Comprehensive webhook handling for async events
43 
44## Critical Requirements
45 
46### Webhook Security & Idempotency
47- **Signature Verification**: ALWAYS verify webhook signatures using official SDK libraries (Stripe, PayPal include HMAC signatures). Never process unverified webhooks.
48- **Raw Body Preservation**: Never modify webhook request body before verification - JSON middleware breaks signature validation.
49- **Idempotent Handlers**: Store event IDs in your database and check before processing. Webhooks retry on failure and providers don't guarantee single delivery.
50- **Quick Response**: Return `2xx` status within 200ms, BEFORE expensive operations (database writes, external APIs). Timeouts trigger retries and duplicate processing.
51- **Server Validation**: Re-fetch payment status from provider API. Never trust webhook payload or client response alone.
52 
53### PCI Compliance Essentials
54- **Never Handle Raw Cards**: Use tokenization APIs (Stripe Elements, PayPal SDK) that handle card data in provider's iframe. NEVER store, process, or transmit raw card numbers.
55- **Server-Side Validation**: All payment verification must happen server-side via direct API calls to payment provider.
56- **Environment Separation**: Test credentials must fail in production. Misconfigured gateways commonly accept test cards on live sites.
57 
58## Common Failures
59 
60**Real-world examples from Stripe, PayPal, OWASP:**
61- Payment processor collapse during traffic spike → webhook queue backups, revenue loss
62- Out-of-order webhooks breaking Lambda functions (no idempotency) → production failures
63- Malicious price manipulation on unencrypted payment buttons → fraudulent payments
64- Test cards accepted on live sites due to misconfiguration → PCI violations
65- Webhook signature skipped → system flooded with malicious requests
66 
67**Sources**: Stripe official docs, PayPal Security Guidelines, OWASP Testing Guide, production retrospectives
68 
69## Output
70- Payment integration code with error handling
71- Webhook endpoint implementations
72- Database schema for payment records
73- Security checklist (PCI compliance points)
74- Test payment scenarios and edge cases
75- Environment variable configuration
76 
77Always use official SDKs. Include both server-side and client-side code where needed.
78

Full transparency — inspect the skill content before installing.