cboxdk / laravel-billing-stripe
Cbox Billing — Stripe payment-gateway adapter: a PaymentGateway implementation backed by Stripe, for cboxdk/laravel-billing.
Requires
- php: ^8.4
- cboxdk/laravel-billing: >=0.4 <1.0
- illuminate/contracts: ^13.0
- illuminate/database: ^13.0
- illuminate/support: ^13.0
- stripe/stripe-php: ^20.3
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.18
- orchestra/testbench: ^11.0
- pestphp/pest: ^4.0
README
cboxdk/laravel-billing-stripe — a Stripe payment-gateway adapter for
cboxdk/laravel-billing. It
implements billing's PaymentGateway contract backed by Stripe; install it and set
a key to route billing's payments through Stripe.
Install
composer require cboxdk/laravel-billing-stripe
// .env STRIPE_SECRET=sk_live_...
With a key set, the provider binds Cbox\Billing\Payment\Contracts\PaymentGateway
to the Stripe gateway. Without one, billing keeps its default (manual) gateway.
Design
- SDK isolated behind a seam.
StripePaymentGatewaydepends on a smallStripeIntentCreatorinterface; the realStripeApiIntentCreatorwraps the Stripe SDK, and aFakeStripeIntentCreatordrives the tests — so the gateway's status-mapping and error handling are fully unit-tested without the network. - Never throws. A Stripe API failure becomes a failed
PaymentResult; Stripe statuses map tosucceeded/pending/requires_action/failed. - Idempotent webhooks on the shared seam.
StripeApiWebhookVerifierimplements billing's canonicalCbox\Billing\Payment\Contracts\WebhookVerifier: it proves the Stripe signature via the SDK (deny-by-default) and normalises the delivery onto the engine's sharedWebhookEvent.StripeWebhookHandlerthen hands that event to the engine's ownWebhookIngest, which applies the paid effect to the invoice exactly once per reference — collapsing gateway re-deliveries and crash-retries. The adapter only overrides the shared dedup/settle stores with durable database implementations; it owns no webhook contracts of its own. Charges carry a scoped external idempotency key so a crash-and-retry never double-charges. SetSTRIPE_WEBHOOK_SECRETto enable it. See docs/core-concepts/webhooks.md.
The SDK wrapper implements Stripe's documented API shape — verify against the live Stripe API (and provision real keys) before relying on it in production.
Running the live integration tests
The default suite proves the gateway against an in-memory Stripe fake. A separate
integration suite (tests/Integration/StripeLiveTest.php) drives the real Stripe
SDK path end-to-end against Stripe test mode. It is gated on a dedicated
STRIPE_TEST_SECRET (never STRIPE_SECRET, so it can't collide with a production key):
without it the suite skips cleanly, so it is excluded from the default run and from CI.
STRIPE_TEST_SECRET=sk_test_... vendor/bin/pest --group=integration
It hits Stripe test mode only — using Stripe's canned test methods (pm_card_visa) and
tiny test-currency amounts, never real card data — and creates then removes throwaway test
objects (customer, setup/payment intents, refund) as it exercises the full stored-customer
and payment-method lifecycle. Nothing is written to the repo and no key is committed.
Requirements
PHP ^8.4; Laravel ^12 || ^13; stripe/stripe-php ^20.3; cboxdk/laravel-billing.
License
MIT.