Payment Gateways 💳

Accept payments with Stripe Checkout, handle webhooks for reliable payment confirmation, and process refunds and disputes.

What You'll Learn in This Lesson

• Understand the Stripe Checkout payment flow
• Create checkout sessions with line items
• Handle webhooks with signature verification
• Process refunds and chargeback disputes
• Implement idempotent webhook processing

Note: PHP runs on a server. Our examples simulate PHP logic using JavaScript. To run real PHP, install PHP.

🎯 Real-World Analogy: Stripe Checkout is like a checkout counter at a store. Your app creates the receipt (checkout session) and sends the customer to the cashier (Stripe's hosted page). The cashier handles card details securely. After payment, the cashier sends you a confirmation slip (webhook) — don't rely on the customer walking back to tell you they paid!

Stripe Checkout Integration

Stripe Checkout handles the entire payment UI — card forms, validation, 3D Secure, Apple Pay, and Google Pay. Your PHP backend creates a session with line items and redirect URLs, then sends the customer to Stripe. You never touch card numbers, keeping you PCI compliant.

Try It: Stripe Checkout

Create checkout sessions, verify webhooks, and process payments

Try it Yourself »

JavaScript

// Stripe Payment Integration in PHP
console.log("=== Stripe Checkout Flow ===");
console.log();
console.log("  1. Customer clicks 'Pay' → Your PHP backend creates a Checkout Session");
console.log("  2. Customer is redirected to Stripe's hosted payment page");
console.log("  3. Customer enters card details (on Stripe's secure page)");
console.log("  4. Stripe processes payment → redirects to your success/cancel URL");
console.log("  5. Stripe sends a webhook to confirm payment (async, reliable)
...

Webhooks & Refunds

Never rely on the success URL redirect alone — customers close browsers, networks fail. Webhooks are server-to-server notifications that Stripe sends to your endpoint. Always verify the webhook signature, process events idempotently (handle duplicates gracefully), and return a 200 response quickly.

Try It: Webhook Handler

Process webhooks idempotently, handle refunds and disputes

Try it Yourself »

JavaScript

// Webhook Handling & Refund Processing
console.log("=== Why Webhooks Matter ===");
console.log();
console.log("  Without webhooks:");
console.log("  ❌ You don't know if payment actually succeeded");
console.log("  ❌ Customer closes browser before redirect → lost sale");
console.log("  ❌ Network issues prevent success URL redirect");
console.log();
console.log("  With webhooks:");
console.log("  ✅ Stripe sends server-to-server notification");
console.log("  ✅ Reliable even if customer disconnect
...

⚠️ Common Mistakes

⚠️

Not verifying webhook signatures — Anyone can POST to your webhook URL. Always verify the Stripe-Signature header to ensure it's really from Stripe.

⚠️

Fulfilling on success redirect only — The redirect can fail. Use checkout.session.completed webhook as the authoritative payment confirmation.

💡

Pro Tip: Use Stripe CLI for local webhook testing: stripe listen --forward-to localhost:8000/webhook — it forwards real-time events to your dev server.

📋 Quick Reference — Payments

Concept	Description
Checkout Session	Server-created payment page with line items
Webhook	Server-to-server payment confirmation
Idempotency	Process each event exactly once
Signature Verification	Prove webhook is genuinely from Stripe
PCI Compliance	Stripe handles card data so you don't have to

🎉 Lesson Complete!

You can now accept payments securely! Next, learn to build e-commerce logic with carts, orders, and invoices.