Stripe Payments: Before You Start
This section applies only to Instamobile apps that include checkout, marketplace, ordering, booking payment, or e-commerce flows.
Use these pages if you purchased one of these app families:
- Shopify or Shopertino app
- WooCommerce app
- E-Commerce with Firebase Backend
- Uber Eats Clone
- Restaurant App
- Any custom app that includes Stripe checkout
Skip this section if your app does not accept payments.
Quick Answer
The mobile app should only contain Stripe publishable configuration. Payment creation, secret keys, webhook handling, refunds, and order finalization must run on a secure backend that you own.
What You Need
Before testing real checkout, prepare:
- a Stripe account;
- your Stripe publishable key for the mobile app;
- your Stripe secret key stored only on the backend;
- a hosted payments backend URL;
- Apple Pay merchant configuration if you accept Apple Pay;
- Google Pay configuration if you accept Google Pay;
- a privacy policy and store payment disclosures.
Security Rules
- Do not put
sk_test_,sk_live_, webhook signing secrets, PayPal secrets, or Braintree private keys in the mobile app. - Do not commit real payment secrets to Git.
- Do not use demo Stripe accounts or demo backend URLs in production.
- Use test mode while developing and live mode only after the full release checklist passes.
- Restrict and rotate keys from the Stripe Dashboard when needed.