GitXplorerGitXplorer
b

stripe-apps-issue-tracker-app

public
0 stars
0 forks
0 issues

Commits

List of commits on branch main.
Verified
58eb727a086cac0bc58bd2cbf2e2feebb446d57e

Update README.md

bbensontrent committed 2 days ago
Verified
8bba40d1577e5af67d238f3afa2297b90946971e

Update README.md

bbensontrent committed 2 days ago
Unverified
09b066ebc16fec166f9f3fda528eca4cdd8db807

Importing production code

bbensontrent committed 4 days ago
Unverified
da55fad3037dcef5f923e6af5a17043022dacb80

Add best practices for security

bbensontrent committed 5 days ago
Unverified
82942d568675eed1ca7d302f332ef20e0ec31a70

Update readme

bbensontrent committed 5 days ago
Unverified
fbe72000ca6cd6a4abb3255e0b444ebbd930227f

Update readme

bbensontrent committed 5 days ago

README

The README file for this repository.

Example production app for Stripe apps

This project aims to provide an example Stripe App to solve issues not explicitly stated in the Stripe Apps documentation.

In this example, you will

  • Create a private API to handle saving a Stripe user's or company-wide settings
  • Handle Stripe Test Mode vs Live Mode, as well as support for separate settings in Stripes Sandboxes
  • Create a safe way to push to production by implementing development and production environments
  • Understand best security practices.
  • Create an off-Stripe dashboard to handle additional features, billing, and user authentication for your app.

How we anticipate you'll use this tutorial

  • While you're developing your app, we demonstrate how to use free services (database and hosting)
  • We provide instructions on how to upgrade your services to ensure the highest levels of security

Best practices in security

  • While you're developing your app, we don't follow the best security practices. But as you graduate your app to production, this guide will give you the best practices to secure your app. In our opinion, the best security practices require a negative response to this one question: If any API key, route, or .env file were hacked, would this one failure enable a hacker to gain access to secret user data?
  • For example, this guide starts at a 1-factor authentication level, say with an API Key to gain access to critical systems. 2-Factor security means: Having an API key alone would be useless. There's some other 2nd-factor in your authentication, it could be another token, an IP address restriction, or something else inventive.

Best practices for reliablity

  • Ensure if any server is down, your app continues to function