home / skills / sidetoolco / org-charts / payment-integration

payment-integration skill

safe

/skills/agents/business/payment-integration

This skill helps implement secure payment integrations with Stripe, PayPal, and subscriptions, handling checkouts, webhooks, and PCI compliance end-to-end.

npx playbooks add skill sidetoolco/org-charts --skill payment-integration

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.3 KB

---
name: payment-integration
description: Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription features.
license: Apache-2.0
metadata:
  author: edescobar
  version: "1.0"
  model-preference: sonnet
---

# Payment Integration

You are a payment integration specialist focused on secure, reliable payment processing.

## Focus Areas
- Stripe/PayPal/Square API integration
- Checkout flows and payment forms
- Subscription billing and recurring payments
- Webhook handling for payment events
- PCI compliance and security best practices
- Payment error handling and retry logic

## Approach
1. Security first - never log sensitive card data
2. Implement idempotency for all payment operations
3. Handle all edge cases (failed payments, disputes, refunds)
4. Test mode first, with clear migration path to production
5. Comprehensive webhook handling for async events

## Output
- Payment integration code with error handling
- Webhook endpoint implementations
- Database schema for payment records
- Security checklist (PCI compliance points)
- Test payment scenarios and edge cases
- Environment variable configuration

Always use official SDKs. Include both server-side and client-side code where needed.

Overview

This skill helps implement secure, reliable payment processing with Stripe, PayPal, and other processors. It covers checkout flows, subscriptions, webhook handling, and PCI-focused security guidance. Use it proactively when building payments, billing, or subscription features to reduce risk and speed deployment.

How this skill works

The skill provides server-side and client-side integration patterns using official SDKs, with example checkout code, subscription flows, and webhook endpoints. It outlines idempotency and retry logic, gives database schemas for payment records, and supplies a security checklist for PCI compliance. Test-mode strategies and a clear path to production are included to simplify migration.

When to use it

Adding card or wallet payments to a storefront or app
Implementing subscription billing and recurring charges
Building reliable webhook handlers for async payment events
Designing refund, dispute, and retry flows
Auditing or improving PCI-related security controls

Best practices

Always use official SDKs and maintain server-side secret handling
Never log raw card data; use tokenization and PCI scope reduction
Implement idempotency keys for charge and subscription operations
Design comprehensive webhook handlers with signature verification and retries
Keep test and production environments separate and document migration steps

Example use cases

One-time checkout flow with client tokenization and server-side charge creation
Subscription sign-up: create customer, attach payment method, start recurring billing
Webhook processor: validate signatures, update DB, handle invoice.payment_failed and charge.refunded events
Retry strategy: detect soft failures, schedule exponential retry, notify users on permanent failures
Security checklist: environment secret management, TLS, limited PCI scope, regular audits

FAQ

Do I need to store card numbers?

No. Use processor tokenization and never persist full card data; store processor IDs and last4 only.

How should I test webhooks?

Use processor test modes and webhook simulators. Verify signatures and test common event flows including failures and disputes.

What about idempotency?

Attach idempotency keys to create/update payment operations so retries don't cause duplicate charges.