How to Add Stripe to a Next.js Site (2026 Step-by-Step)

By the end of this guide your Next.js site will: (1) let users click a 'Subscribe' button and complete checkout on Stripe, (2) receive webhook events when subscriptions are created/updated/canceled, (3) persist subscription state in your database, and (4) give users a 'Manage billing' link that opens Stripe's hosted customer portal.

The stack: Next.js App Router, `@stripe/stripe-js` on the client, `stripe` on the server, and your existing database (Postgres via Prisma is the most common). Total setup time is 30–60 minutes for someone who's done it before, 2–3 hours for someone doing it for the first time.

In the Stripe dashboard, go to Products → Add product. Create one product per offering (e.g. 'Pro plan'). For each product, add one or more prices (e.g. monthly $49, yearly $470). Stripe gives each price a unique ID like `price_1Q2x3yABCD`. Copy these IDs — you'll need them in your environment variables.

Use Stripe's test mode (toggle in the dashboard) until you're ready to go live. Test mode prices have IDs prefixed `price_` like live ones; switching modes uses different keys and different IDs. Don't mix them in the same .env file.

Your `.env.local` (and Vercel env config) needs five values: `STRIPE_SECRET_KEY` (sk_test_... or sk_live_...), `STRIPE_WEBHOOK_SECRET` (whsec_..., from the Webhooks section of the dashboard after you create the webhook in step 4), `NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY` (pk_test_... or pk_live_...), the price IDs for each plan (e.g. `STRIPE_PRO_MONTHLY_PRICE_ID`), and `NEXT_PUBLIC_APP_URL` for the return URLs.

Production keys live in your hosting provider's environment variables (Vercel project settings), not in your repo. Never commit `STRIPE_SECRET_KEY` to git.

Create `app/api/billing/checkout/route.ts`. The handler accepts a POST with the plan + interval, looks up the price ID, creates a Stripe Checkout session, and returns the session URL. The client then `window.location.href`s to that URL.

Stripe Checkout creates the customer record for you on first payment. Pass `customer_email` if you have it from your auth system; otherwise leave it out and Stripe asks the user during checkout. For subscriptions, set `mode: 'subscription'` and pass `line_items: [{ price: priceId, quantity: 1 }]`.

Critical: pass `success_url` and `cancel_url` pointing back to your site (e.g. `${APP_URL}/dashboard?checkout=success`). Append `session_id={CHECKOUT_SESSION_ID}` so the success page can verify the payment server-side.

In the Stripe dashboard, go to Developers → Webhooks → Add endpoint. Set the URL to `${APP_URL}/api/billing/webhook` (use Stripe's CLI for local testing). Subscribe to events: `checkout.session.completed`, `customer.subscription.created`, `customer.subscription.updated`, `customer.subscription.deleted`, `invoice.payment_failed`. Stripe gives you a signing secret (`whsec_...`) — store it in `STRIPE_WEBHOOK_SECRET`.

Your `app/api/billing/webhook/route.ts` handler MUST verify the signature using `stripe.webhooks.constructEvent(rawBody, signature, secret)`. Without signature verification, attackers can forge subscription events. Use `req.text()` to get the raw body — DO NOT use `req.json()`, which corrupts the signature.

On `checkout.session.completed` or `customer.subscription.created/updated`, upsert a Subscription row in your database keyed on the user. On `customer.subscription.deleted`, set status to canceled. On `invoice.payment_failed`, set status to past_due and email the user.

Stripe's hosted customer portal handles everything users want to do after subscribing: update card, change plan, view invoices, cancel. You don't have to build any of this yourself.

Create `app/api/billing/portal/route.ts`. The handler looks up the user's `stripe_customer_id` from your database, calls `stripe.billingPortal.sessions.create({ customer: customerId, return_url: ... })`, and returns the session URL. Your dashboard's 'Manage billing' button POSTs to this endpoint then redirects to the URL.

Before flipping to live mode: complete Stripe's account verification (business details, bank account), test the full flow in test mode with multiple cards (Stripe has special test card numbers for declined payments, 3DS challenges, etc.), and confirm webhook events arrive correctly (check the dashboard's webhook log).

When you switch to live keys, you'll need to: (1) replace test price IDs with live ones (different IDs!), (2) create a new live-mode webhook with a new signing secret, (3) update all Stripe env vars in production. Stripe deliberately separates test and live mode to prevent accidents.

Webhooks fail silently if you use `req.json()` instead of `req.text()` — signature verification needs the raw body bytes, and `.json()` reformats them.

If your webhook handler is slow (>5s), Stripe retries — leading to duplicate processing. Acknowledge fast (return 200), then process asynchronously, or be idempotent.

Test the cancel-at-period-end flow: many bugs hide there. Use Stripe Test Clocks to simulate the time advancing past `current_period_end` without waiting a month.

Subscription quantity defaults to 1; for per-seat pricing you need to pass `quantity` and update it on team-size changes.