Partner Requirements and Best Practices
To be in good standing as a Stripe Partner, you should meet all of Stripe’s technical and business requirements for your integration type. Beyond these requirements, Stripe recommends certain best practices. This topic covers:
Integration-specific benchmarks
Select the type of integration you are building to see Stripe’s corresponding requirements and recommendations.
Your platform integration should meet these requirements:
Requirements
- Require HTTPS
- Specify a Stripe API version for all requests
- Use a Stripe API version that is less than 18 months old
- Use Stripe Connect to access Stripe accounts and data
- Set up a Stripe webhook endpoint
- Meet annual PCI validation requirements
- Adhere to Stripe brand and trademark guidelines
- Use Checkout or Elements to tokenize payment information
- Collect ZIP code, CVC, name, and email when tokenizing cards
Stripe also recommends that you adhere to the following guidelines:
Recommended best practices
- Use webhook signatures
- Create a Stripe-specific page to explain your integration (see examples from DocuSign and SAGE)
- Familiarize yourself with the Restricted Businesses list when provisioning Stripe accounts
- Support geographically relevant payment methods
- Collect billing and shipping addresses
- Use idempotency keys
- Use the Payment Request button
- Publish a Stripe FAQ on your website (see an example from WooCommerce)
Your extension integration should meet these requirements:
Requirements
- Require HTTPS
- Specify a Stripe API version for all requests
- Use a Stripe API version that is less than 18 months old
- Use Stripe Connect to access Stripe accounts and data
- Set up a Stripe webhook endpoint
- Meet annual PCI validation requirements
- Adhere to Stripe brand and trademark guidelines
Stripe also recommends that you adhere to the following guidelines:
Recommended best practices
- Use webhook signatures
- Create a Stripe-specific page to explain your integration (see examples from DocuSign and SAGE)
If you’ve built a plugin for popular ecommerce platforms like WordPress, WooCommerce, or PrestaShop, your integration should meet these requirements:
Requirements
- Ensure that any web payment page provided by your plugin is served over HTTPS
- Specify a Stripe API version for all requests
- Use a Stripe API version that is less than 18 months old
- Set up a Stripe webhook endpoint
- Meet annual PCI validation requirements
- Use Checkout or Elements to tokenize payment information
- Collect ZIP code, CVC, name, and email when tokenizing cards
- Use setAppInfo to identify your Partner integration
- Adhere to Stripe brand and trademark guidelines
Stripe also recommends that you adhere to the following guidelines:
Recommended best practices
- Use webhook signatures
- Support geographically relevant payment methods
- Collect billing and shipping addresses
- Use idempotency keys
- Use the Payment Request button
- Create a Stripe-specific page to explain your integration (see examples from DocuSign and SAGE)
- Publish a Stripe FAQ on your website (see an example from WooCommerce)
Related resources
Stripe also offers the following resources and recommendations for developers of all types of Stripe integrations: