First, download the plugin .jar and place it in your Spigot server's plugin directory. Run the server once to prepare configuration files for your server.
Upon first run, the server will fail to load. This is expected.
config.yml from the SpigotShop directory as this is the
one we will be working with to set up the server initially.
Default configuration will look a little something like this:
#SpigotShop Configuration stripe: publishable_key: "" secret_key: "" listen_port: 9926 success_url: "" cancel_url: "" api_only: false
Make sure to set
listen_port to something you have the ability to port forward,
and can be accessed from the internet. I chose 9926 as default because it is a port
not a lot of services would use.
Continue on to view how to obtain your keys from Stripe's dashboard.
Do not share your Stripe Secret Key or Webhook Secret with anyone. Ensure that plugins on your server are to be trusted as it is possible to retrieve these from SpigotShop's configuration through another plugin.
This tutorial assumes you have created a Stripe account. If you have not, click here.
First, open your Stripe Dashboard to begin, as we will need to access in order to retrieve your keys. You must have a role in your dashboard that allows you to view your API keys.
To test functionality without using actual credit card information, you can use your test webhooks and keys. Toggle the "Viewing test data" switch in your dashboard to view these keys. This will help you test any Radar rules you have in place. Use Stripe Test Cards in place of real card info when using test keys.
Getting Publishable and Secret Keys
Click on Developers to open the Developers panel, and then click API keys to open the API Keys menu.
Listed below will be your Publishable key and your Secret key. Click "Reveal key" to show your Secret key. You may need to re-enter your password for this to work.
The Secret key can make all changes to your acount, and therefore it is imperative it is kept secret. If you believe your Secret key has been compromised, you can re-roll your key by clicking on roll key.
Creating a Restricted key
If you wish to keep your applications separate for security reasons, you may create and use a restricted key in place of your Secret key.
From API Keys menu, click "Create restricted key" to be brought to the Restricted key menu.
This key must have write permissions on the following resources:
- Checkout Sessions
- Webhook Endpoints
Press Create key and reveal the key the same way as above.
There are a few more parameters we must fill out before we run the server. These are
are web links to the pages Stripe should send the customer to when they either finish paying or their PaymentIntent is cancelled.
These can be any webpage, but I recommend they are simple aesthetic pages explaining that their payment was successful or cancelled, respectively, and they can return to game.
Now that we have gotten our keys, paste them into your config file where specified. After this, specify your URLs and the config should look something like this.
#SpigotShop Configuration stripe: publishable_key: "pk_test_aabbcc" secret_key: "sk_test_xxyyzz" listen_port: 9926 success_url: "www.example.com/success" cancel_url: "www.example.com/cancel" api_only: false
Running the server now, you will notice a new file created:
payment.html. This file must stay unedited for default functioning.
This redirects the user to Stripe to complete payment. This file is checksum-validated at startup and console will alert you if
something is not as it should be in this file.
payment.html will not function as required if you are using live keys and are on an HTTPS server. stripe.js requires SSL to
function in live to be PCI-compliant. Please make sure your server is SSL-enabled before switching to live mode.
As well as creating this file, the server will also create required webhook in your Stripe account. The server is now fully set up and ready to accept payments! View Shop Layout to view how to configure the shop.