Deploy a Payments Backend
Instamobile payment apps require a backend that you own. The backend creates payment requests, talks to Stripe or PayPal/Braintree with secret credentials, and returns safe client-side values to the React Native app.
The existing URL for this guide mentions Heroku, so this page keeps a Heroku deployment example. Heroku is one valid Node.js host, but it is not the only option. You can also host the same backend on Firebase Functions, Cloud Run, Render, Fly.io, AWS, or your own Node.js infrastructure.
Quick Answer
Deploy the payments server to a secure HTTPS backend, configure payment secrets as backend environment variables, then point the mobile app payment config to that backend URL.
What Must Run on the Backend
The backend should own:
- Stripe secret key usage;
- PaymentIntent creation;
- customer and ephemeral key creation if your flow uses PaymentSheet;
- PayPal or Braintree private credentials if included;
- webhook verification;
- order finalization;
- refunds and admin-only payment operations;
- server-side logging and monitoring.
The mobile app should only receive values that are safe for the client, such as a publishable key and a PaymentIntent client secret returned by your backend.
Required Environment Variables
Exact names depend on your downloaded payments server, but production deployments usually need values like:
STRIPE_SECRET_KEY=sk_test_or_live_key
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret
PAYPAL_CLIENT_ID=your_paypal_client_id
PAYPAL_CLIENT_SECRET=your_paypal_client_secret
BRAINTREE_MERCHANT_ID=your_braintree_merchant_id
BRAINTREE_PUBLIC_KEY=your_braintree_public_key
BRAINTREE_PRIVATE_KEY=your_braintree_private_key
NODE_ENV=production
Do not commit .env files with real secrets.
Deploy to Heroku
Use this option if you want to host the Node.js payments server on Heroku.
Official Heroku references:
1. Prepare the Server
Download the payments server package included with your product, then open it locally:
cd instamobile-payments-server
corepack yarn install --immutable
Add local test secrets to .env for development only. Configure production secrets in your hosting provider, not in Git.
2. Create the Heroku App
heroku login
heroku create your-payments-server-name
3. Add Config Vars
Set every payment secret as a Heroku config var:
heroku config:set STRIPE_SECRET_KEY=sk_test_your_key
heroku config:set STRIPE_WEBHOOK_SECRET=whsec_your_secret
heroku config:set NODE_ENV=production
Add PayPal or Braintree variables only if your app uses those providers.
4. Deploy
Initialize Git from the payments server root if needed:
git init
git add .
git commit -m "Initial payments server deploy"
git push heroku main
If your local branch is not named main, push your current branch to Heroku's main branch:
git push heroku HEAD:main
5. Verify the Backend URL
Open the generated Heroku URL in a browser or call your backend health endpoint. Then copy the HTTPS base URL into the mobile app payment config.
Production Checklist
Before accepting live payments:
- backend is hosted over HTTPS;
- Stripe secret key is configured only on the backend;
- app uses only a publishable key;
- webhooks are verified with
STRIPE_WEBHOOK_SECRET; - test mode checkout passes on iOS and Android;
- live mode checkout is tested with a small internal release;
- order creation and payment confirmation cannot be spoofed from the client;
- payment failures are logged and shown clearly to the user.