Shipping to:
Icy

Payment Setup

Configure Stripe and PayPal so customers can pay at checkout. All keys are stored securely as environment variables β€” they never appear in code or logs.

Stripe
Configured

Credit & debit card payments (Visa, Mastercard, Amex)

PayPal
Configured

PayPal account and PayPal-powered card payments

1

Set up Stripe

Step 1 β€” Get your Stripe API keys

  1. Go to dashboard.stripe.com/apikeys
  2. Copy your Publishable key (starts with pk_live_ or pk_test_)
  3. Copy your Secret key (starts with sk_live_ or sk_test_)

Step 2 β€” Add keys to Secrets panel

Open Settings β†’ Secrets in the Management UI (top-right panel) and update these two variables:

← your secret key
← your publishable key

Step 3 β€” (Optional) Set up Stripe Webhooks

Webhooks let Stripe notify your server when a payment succeeds, even if the customer closes the browser.

  1. Go to Stripe Webhooks
  2. Add endpoint URL: https://your-domain.manus.space/api/stripe/webhook
  3. Select events: payment_intent.succeeded and payment_intent.payment_failed
  4. Copy the Signing secret and add it as

Test mode tip

Use test keys (sk_test_ / pk_test_) during development. Test card number: 4242 4242 4242 4242, any future expiry, any CVC.

2

Set up PayPal

Step 1 β€” Create a PayPal REST app

  1. Go to developer.paypal.com/dashboard/applications
  2. Click Create App β†’ choose Merchant type
  3. Copy the Client ID and Secret from the app detail page

Step 2 β€” Add keys to Secrets panel

Open Settings β†’ Secrets and update these three variables:

← your Client ID
← your Client Secret
← same as PAYPAL_CLIENT_ID (needed by browser)

Sandbox vs. Live

PayPal Developer apps default to Sandbox mode. Switch to Live in the PayPal Developer Dashboard once you're ready to accept real payments. The server automatically uses the sandbox API URL in development and the live URL in production.

3

After updating secrets

Once you save new values in the Secrets panel, the server will automatically pick them up on the next request β€” no redeploy needed in development.

For a published site, click Publish in the Management UI header after updating secrets to push the new environment to production.

Then click the Refresh button at the top of this page to verify the status badges turn green.

All API keys are stored as encrypted environment variables and are never exposed in client-side code or version control. The VITE_ prefixed keys are the only ones sent to the browser, and they are the publishable/client-ID keys that are safe to expose. Secret keys (STRIPE_SECRET_KEY, PAYPAL_CLIENT_SECRET) are server-only.