
Learn to securely implement Stripe payments in a project-based Angular app using NodeJS and Firestore, covering one-time and recurring payments, authentication, and Firestore security rules.
Set up your Stripe in practice development environment by installing the latest Node and npm. Switch to the one-dash-start branch and install Angular frontend and Node/Express backend dependencies with Firestore.
Set up and connect a Firestore NoSQL database within a Firebase project, populate collections and documents, and secure data with authentication, authorization, and Firestore security rules for paying users.
Demonstrates setting up Firebase authentication in a Firestore-backed Angular app, enabling Google or email sign-in, and laying the groundwork for Stripe checkout to protect paid content.
Discover how stripe enables secure online payments by using one-time stripe tokens to process purchases via stripe checkout, while never storing card details on your site.
Explore how to add one-time and recurring payments with stripe checkout, including initializing a checkout session, redirecting customers to the stripe page, and handling web hooks for order fulfillment.
Initialize the Stripe checkout flow by calling your server when the buy course button is clicked, sending the course id and user identity to start checkout.
Create an Angular checkout service that posts the course id to /api/checkout to start a Stripe checkout session and configure the Angular CLI proxy.
Build an Express Node backend for Stripe payments using TypeScript, manage multiple environments with dotenv, load env variables before server initialization, and run with a compiled dist entry.
Create an express app, define a route, and return a 200 status with API is up and running. Then build and run the server at localhost:9000 for stripe checkout readiness.
Set up the skeleton of a rest checkout endpoint with Express, handling post requests at /api/checkout, parsing json body, and implementing a create checkout session with try-catch and error handling.
learn to run your local node backend in hot reload mode using npm run server with tsc watch for automatic recompiling and restarts, and switch to debug mode.
Debug a node backend express checkout server by running npm run debug, building with the TypeScript compiler, and using Chrome DevTools to inspect stripe-related variables and set breakpoints.
Discover how to initialize a Stripe checkout session with the stripe-node npm package, create a customer, and configure the success and cancel URLs for a one-time purchase.
Set up a Stripe test account to obtain your publishable and secret keys, enable test mode, and securely configure them via environment variables for the Stripe node package.
Learn how to create a Stripe checkout session in Node using the Stripe API, configuring the session with a key from an environment variable, and handling one-time and recurring purchases.
An Angular frontend route handles stripe checkout, builds a callback URL from protocol, host, and port, and posts it to configure a session with success and failure URLs.
Trigger a Stripe API call to create a one-time checkout session with line items, including product name and price, then verify the Stripe dashboard shows the session and payment intent.
Create a Stripe checkout session in the backend and pass its ID and the Stripe public key to the frontend to redirect the user to the Stripe checkout page.
Set up a Firebase service account to securely access Firestore from a Node.js backend, configure environment variables for service account key and project ID, and guard credentials with gitignore.
Set up a secure Firestore connection from a node backend using environment variables for project id and service account path, and implement get doc data function to supply Stripe checkout.
Learn how to design Stripe fulfilment with webhooks by linking checkout sessions to customers using a client reference identifier and provisioning courses when checkout.session.completed notifies your backend.
Create a Firestore purchase sessions collection to link Stripe checkout with each purchase using a client reference ID. Use webhooks to move from ongoing to completed and grant course access.
Secure the backend with Firebase authentication by validating the Json web token on the stripe checkout endpoint and using the id token to identify the user for course access.
Subscribe to the AngularFire id token observable to obtain the firebase jwt and attach it as an authorization header in the checkout http post to the backend.
Implement an Express get user middleware to extract and validate the Firebase JWT from the authorization header, attach user identity, and preserve middleware chain order before creating the checkout session.
Initialize the Firebase admin package to validate json web tokens with the verify id token api. Attach the extracted uid to the request via the get user middleware.
Verify the user id at the start of the create checkout session, returning 403 forbidden if unauthenticated, and save the user id in the purchase session for Stripe checkout.
Build a secure Stripe webhook endpoint using the Stripe Node backend SDK to handle checkout session completed events, validate signatures with a webhook secret, grant course access, and acknowledge receipt.
Learn how to build a Stripe webhook service, validate the request signature, and use express raw middleware to pass the body as a string to Stripe's constructEvent for verification.
learn how to test Stripe webhooks on a development machine using the Stripe CLI, forward events to localhost, and validate signatures for checkout session completions.
Implement a Stripe checkout session completed webhook to grant course ownership by updating the database and enabling user access, using async/await and atomic Firestore transactions on purchase session data.
Finish implementing the Stripe webhook to handle checkout session completed events by updating the purchase session to completed and adding the course to the user's courses via a batched write.
Track an ongoing Stripe purchase by reading the ongoing session id from the url, monitor purchase sessions in firestore via webhook and websocket, and redirect on completion or show failure.
Implement a Stripe payment waiting page that uses Firestore and a websocket to wait for a purchase to complete via webhook, then update the UI and redirect to the catalog.
Group multiple purchases under a single Stripe customer by saving the Stripe customer ID in the users collection and reusing it for subsequent payments via the checkout session webhook.
Discover how Firestore security rules protect data by validating user identity and permissions for read and write operations.
Write and deploy Firestore security rules to deny access to the courses collection, then make it read-only for everyone while denying writes, and plan separate rules for subcollections like lessons.
Restrict access to lessons data to paying users by writing Firestore security rules that check course ownership via exists on users/{uid}/coursesOwned/{courseId}.
Define firestore security rules to make the purchase sessions collection read-only for clients and restrict users to reading only their own sessions via the user ID, while service accounts write.
Implement and test Firestore security rules for the users collection and its courses owned subcollection. Enforce read access to a user's own data and prevent modification, using isUserWithID for validation.
Learn to implement Stripe recurring subscriptions by creating a monthly pricing plan in the Stripe dashboard and integrating it into your app, with test mode setup before production.
Adapts the Angular service layer to support subscriptions by creating a start subscription checkout session, wiring pricing plan IDs, and redirecting to stripe checkout for recurring charges.
Adapt the Node Express backend to support Stripe subscriptions by using pricing plan IDs instead of course IDs, saving the purchase session and configuring a recurring checkout.
Extend your Stripe webhook to support recurring subscriptions by detecting pricing plan IDs, fulfilling purchases, and updating the user with pricing plan and Stripe customer ID to grant course access.
Adapt Firestore security rules to support recurring subscriptions by allowing lesson reads for subscribers, identified via a pricing plan ID on the user document, and deploy the updated rules.
Test recurring subscriptions by triggering a Stripe checkout for a monthly plan and verifying the webhook updates. Grant the user access to all courses after the completed purchase.
Deploy the node backend to Google App Engine for Node and the Angular frontend to Firebase hosting for production payments. Initialize Google Cloud SDK and link the Stripe course project.
Deploy the node backend to Google App Engine and the frontend to Firebase hosting across two domains, enabling cross-origin requests with the cors middleware and deploying with gcloud app deploy.
Activate Stripe in production and switch to live mode. Add live publishable and secret keys to your server, configure the production webhook secret, then deploy with gcloud app deploy.
Deploy the Angular frontend to production by configuring environment variables and a production base URL to the Node backend, then build with --prod and deploy to Firebase hosting.
Test a production workflow by performing a real payment with a card, switching the Stripe product to live mode, validating checkout, webhooks, and database updates, and ensuring access control.
This Course in a Nutshell
This course is a complete guide on how to implement Stripe Payments in your web application! It's ideal for anyone thinking about monetizing a side project or developing a new web-based product, or for anyone curious about how payments work on the web in general.
The goal of this course is to teach you everything that you need to know to create your own online eCommerce store or subscription membership website. At the end of the course, you will know how to take real credit card payments from customers in production!
This course is also a great way to learn a lot of practical aspects of web security, as we are going to be discussing extensively all security aspects of our payment solution that we will be implementing from scratch, without assuming any prior Stripe or web payments experience.
Like all other courses at the Angular University, this course is project-based and is designed to be both watchable on its own but it can also be used as a practical exercise if you choose to code along as we go.
Course Overview
In this course, we are going to take a small single-page Angular application (no prior Angular experience needed), and we are going to add to it the ability to perform one-time credit card charges and signing up for recurring subscriptions.
Our application is connected to a No SQL Firestore database, which allows us to query the data directly from the client without a server needed in between. We are going to cover in detail how all the security aspects of Firestore work as we design and build our Payment solution.
For processing credit card payments, we are going to be using Stripe. You probably heard of Stripe by now, as it's one of the most well-known startups in the world. You can think of it as an improved, more developer-friendly version of Paypal.
We are going to explain in detail how Stripe credit card payments work, but most of all how to integrate Stripe securely in our application. Using Stripe by itself will not ensure you a secure payment solution, our payment solution still needs to be carefully designed bringing together aspects like User authentication and general web security design best practices.
For user authentication, our application will be using Firebase Authentication, and for data authorization, we are going to be using Firestore Security Rules, all of which is going to be explained in detail throughout the course.
The main focus of our course is going to be the Stripe payment platform. We are going to be developing an Express backend that enables our payment solution, and we are going to learn everything that it takes to deploy our solution in production using Firebase Hosting and Google App Engine for Node.
Table of Contents
This course covers the following topics:
Introduction to the Stripe Payments platform
Understanding how Stripe security works
Introduction to Stripe Checkout, understanding its advantages
Introduction to the Firestore NoSQL database
Introduction to user authentication with Firebase Authentication
Creation of a Stripe test account for development
Introduction to the Stripe CLI for local Stripe development purposes
Guided walkthrough to the Stripe Developer dashboard
Security design - protecting data from non-paying users
Step-by-Step implementation of one-time charges using Express and the Stripe API
Protecting our express backend using JSON Web Tokens and Stripe Middleware
Implementing order fulfillment with Stripe Webhooks
Handling Payment completion and failure on the frontend
Introduction to Stripe subscriptions
Step-by-Step implementation of recurring subscriptions using Express and the Stripe API
Production deployment with Firebase Hosting and Google App Engine for Node
A step-by-Step guide to accepting real payments in production with Stripe
What Will You Learn In this Course?
After taking this course, you will feel comfortable designing and implementing a Stripe-based payment solution for your application. Not only will you know the Stripe platform and the essential parts of its API, but you will know how to integrate Stripe securely your application, by designing a complete end-to-end secure payment solution.
You will know how to take real payments from customers in a production environment, enabling you, for example, to monetize a side project or build your own paid product. You will be able take on development roles that involve Stripe payments and have a very good understanding of how payments work on the web in general, from a practical perspective.
Have a look at the course free lessons below, and please enjoy the course!