Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/aluxey/E-Commerce/llms.txt

Use this file to discover all available pages before exploring further.

The backend API is a Node.js Express server that handles Stripe webhooks, payment processing, and email notifications.

Overview

The API server (api/src/server.js) provides:
  • Stripe webhook handling for payment confirmations
  • Payment intent creation for checkout
  • Email notifications via Resend or Nodemailer
  • Image upload with Multer
  • Supabase integration with service role key

Prerequisites

  • Node.js 18+ hosting platform (Railway, Render, Fly.io, or VPS)
  • Environment variables from Stripe and Supabase
  • Domain or public URL for webhooks

Deployment Options

Railway

Easy deployment with automatic HTTPS

Render

Free tier available for testing

Fly.io

Global edge deployment

Environment Variables

1

Configure Required Variables

Set these environment variables in your hosting platform:
.env
# Server
PORT=3000
CLIENT_ORIGIN=https://your-frontend.netlify.app

# Stripe
STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...

# Supabase
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_ROLE_KEY=eyJhbGc...

# Email (Resend)
RESEND_API_KEY=re_...
RESEND_FROM_EMAIL=noreply@yourdomain.com
RESEND_TO_EMAIL=contact@yourdomain.com

# Email (Alternative: Nodemailer)
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USER=your-email@gmail.com
EMAIL_PASS=your-app-password
EMAIL_FROM=noreply@yourdomain.com
Use production keys for STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET. Test keys start with sk_test_.
2

Set CORS Origins

The CLIENT_ORIGIN variable accepts comma-separated URLs:
CLIENT_ORIGIN=https://yourdomain.com,https://preview.yourdomain.com
This allows multiple frontend deployments (production + preview branches).

Deployment Steps

1

Install Railway CLI

npm install -g @railway/cli
railway login
2

Initialize Project

cd api
railway init
Select “Create new project”.
3

Add Environment Variables

railway variables set STRIPE_SECRET_KEY=sk_live_...
railway variables set SUPABASE_SERVICE_ROLE_KEY=eyJhbGc...
# ... add all other variables
4

Deploy

railway up
Railway will:
  1. Build the application
  2. Run npm start (uses node src/server.js)
  3. Provide a public URL

Package Configuration

The api/package.json defines startup scripts:
package.json
{
  "name": "api",
  "version": "0.1.0",
  "type": "module",
  "scripts": {
    "dev": "node --env-file=.env --watch src/server.js",
    "start": "node src/server.js"
  },
  "dependencies": {
    "@supabase/supabase-js": "^2.51.0",
    "cors": "^2.8.5",
    "express": "^4.19.2",
    "multer": "^2.0.2",
    "nodemailer": "^7.0.6",
    "resend": "^6.6.0",
    "stripe": "^16.7.0"
  }
}
ScriptUsage
npm run devDevelopment with hot-reload and .env file
npm startProduction mode (reads env vars from platform)

Configure Stripe Webhook

1

Get Deployment URL

After deployment, note your API URL:
https://your-api.railway.app
2

Create Webhook in Stripe

  1. Go to Stripe Dashboard → Webhooks
  2. Click Add endpoint
  3. Set endpoint URL: https://your-api.railway.app/webhook
  4. Select events:
    • payment_intent.succeeded
    • payment_intent.payment_failed
    • charge.refunded
3

Copy Webhook Secret

After creating the webhook, Stripe provides a signing secret:
whsec_abc123...
Add this to your environment variables as STRIPE_WEBHOOK_SECRET.
4

Test Webhook

Use Stripe CLI to test locally:
stripe listen --forward-to https://your-api.railway.app/webhook
stripe trigger payment_intent.succeeded

Health Check

Verify the API is running: 
curl https://your-api.railway.app/health
Expected response: 
{
  "status": "ok",
  "timestamp": "2026-03-02T23:30:00.000Z"
}

Monitoring and Logs

# View logs
railway logs

# Follow logs in real-time
railway logs --follow

Troubleshooting

Error: Webhook signature verification failedSolutions:
  1. Verify STRIPE_WEBHOOK_SECRET matches the secret from Stripe dashboard
  2. Ensure webhook endpoint URL is correct
  3. Check that raw body is preserved (Express raw body parser)
Error: Access-Control-Allow-Origin header missingSolution: Add frontend URL to CLIENT_ORIGIN:
CLIENT_ORIGIN=https://your-frontend.netlify.app,https://deploy-preview-*.netlify.app
Resend: Verify RESEND_API_KEY and that sending domain is verifiedNodemailer: For Gmail, use an App Password, not your regular password
Error: Invalid API keySolution: Ensure you’re using the service role key, not the anon key. The service role key has full database access.

Production Checklist

  • All environment variables set with production values
  • STRIPE_SECRET_KEY is live mode (starts with sk_live_)
  • STRIPE_WEBHOOK_SECRET configured and tested
  • CLIENT_ORIGIN includes production frontend URL
  • Webhook endpoint registered in Stripe dashboard
  • Email service configured (Resend or Nodemailer)
  • Health check endpoint returns 200
  • Logs show no startup errors
  • Test payment flow end-to-end

Next Steps

Frontend Deployment

Connect the frontend to your deployed API

Database Migrations

Set up and run production database migrations

Build docs developers (and LLMs) love

Get started for freeTalk to us