What you need
| Field | What it does |
|---|---|
| Publishable key (pk_…) | Public key that opens Checkout in the browser. Not secret. |
| Secret key (sk_…) | Lets us create the Checkout session so the charge runs through your account. Secret. |
| Webhook signing secret (whsec_…) | Confirms a webhook truly came from Stripe. Secret. |
| Success URL / Cancel URL | Where the buyer lands after paying or backing out. |
Stripe keeps separate keys for Test mode and Live (pk_test_ / sk_test_ versus pk_live_ / sk_live_), each with its own webhook signing secret. Coin Moebius holds both in Live and Test tabs, so you can verify on test keys and add live keys later without re-entering everything.
Why we ask for each field
Publishable key
Identifies your account when checkout opens in the buyer’s browser. Public by design.
Secret key
The private half that authorizes creating the charge, so the payment runs through your account.
Webhook signing secret
Proves an incoming webhook is genuinely from Stripe, so nobody can forge a "paid" event. It is a separate value from the secret key.
Success and Cancel URL
Plain settings: where the buyer lands after paying or backing out. Not secret.
Set up
- Start in Coin Moebius: copy your webhook URL
Open your project in the Coin Moebius dashboard. Your Project ID sits right under the project name; click the copy icon next to it. Your Stripe webhook URL is that ID dropped into the address below. Keep it handy, you will paste it into Stripe in a moment.
https://api.coinmoebius.com/webhook/stripe/<your project id>Coin Moebius → your project → Project ID We set the webhook up first on purpose. Stripe only reveals the webhook signing secret after the webhook exists, and creating that webhook needs this URL (with your project ID). So the order is: build the webhook, copy its secret, then grab your API keys.
- In Stripe, open Webhooks
Sign in at dashboard.stripe.com. Quickest route: type "webhooks" into the search bar at the top and choose Webhooks under Workbench. (You can also reach it from the gear → Developers → Webhooks.)
Stripe → search "webhooks" → Webhooks - Add a destination
On the Webhooks screen, click Add destination. That opens Stripe’s "Create an event destination" wizard, a sequence of three short screens.
Stripe → Webhooks → Add destination - Select the events to send
Leave the event scope on Your account. In the Events search box, find and check the events Coin Moebius listens for, then click Continue. At a minimum, add checkout.session.completed.
- One-time payments: checkout.session.completed, charge.refunded, charge.dispute.created.
- Subscriptions (only if you sell them): customer.subscription.created, customer.subscription.updated, customer.subscription.deleted, invoice.payment_succeeded, invoice.payment_failed.
Stripe → Create an event destination → Select events Extra events are harmless, we ignore anything we do not use.
- Choose "Webhook endpoint"
For the destination type, choose Webhook endpoint (not Amazon EventBridge or Azure Event Grid), then click Continue.
Stripe → Choose destination type → Webhook endpoint - Paste your Coin Moebius webhook URL
Give the destination a name you will recognize, like "Coin Moebius Webhook." In the Endpoint URL field, paste the webhook URL from step 1 (your address with your project ID). Then click Create destination.
https://api.coinmoebius.com/webhook/stripe/<your project id>Stripe → Configure destination → Endpoint URL - Copy the signing secret (whsec_…)
Stripe creates the destination and opens its details page. On the right, under Signing secret, click the reveal (eye) icon and copy the whsec_… value. Set it aside with your webhook URL.
Stripe → your destination → Signing secret This is the value you could not get until now, it only exists once the webhook is created. That is why the webhook came first.
- Now find your API keys
With the webhook done, collect your two keys. In Stripe, click the gear (Settings) at the top right, open Developers under Personal settings, then click Manage API keys.
1. Stripe → gear (Settings), top right 2. Settings → Developers 3. Developers → Manage API keys - Copy the Publishable key and Secret key
Under Standard keys, copy the Publishable key (pk_…) and the Secret key (sk_…). A secret key is shown in full only when first created, so if yours is hidden, roll a new one and copy it right away. Ignore the Restricted keys section.
Stripe → Developers → API keys → Standard keys Live keys start with pk_live_ / sk_live_; test-mode keys start with pk_test_ / sk_test_. Copy whichever set matches the mode you are setting up.
- Back in Coin Moebius: Add provider → Stripe
In your project, open the Providers tab and click Add provider. Choose Connect a service, then pick Stripe (type "Stripe" in the search box if you do not see it).
Coin Moebius → Providers → Add provider - Paste your keys and secret, then Save
In the Connect Stripe form, set your Success URL and Cancel URL (where buyers land after paying or backing out). On the Live tab, paste your Publishable key, Secret key, and the Webhook signing secret you copied earlier, then click Save. Verifying on test keys first? Paste them on the Test tab instead, then add live keys later from Edit.
Coin Moebius → Add provider → Stripe - You are connected
Stripe now appears on your Providers tab with the date it connected. The card shows the same webhook URL you pasted into Stripe (handy if you ever need to re-enter it), plus Edit and Disconnect.
Coin Moebius → Providers → Stripe (connected) - Test before you go live
To verify without moving real money, switch Stripe to Test mode (or a sandbox) from the account menu at the top left, and connect using your test keys and a test-mode webhook. Test cards never charge a real card: use any future expiration, any CVC, any postal code.
Result Card Succeeds 4242 4242 4242 4242 Needs authentication 4000 0025 0000 3155 Declined 4000 0000 0000 9995 Stripe → account menu → Switch to sandbox / Test mode
After you connect
Run one test payment before going live:
- With the provider connected using your test keys, every payment is a test payment.
- Create a product and place the buy button on a page (a local HTML file works) pointed at your project.
- Check out with a test card from above.
- Open the Transactions tab. When the new row status reaches succeeded, your keys and webhook are both working end to end.
Then edit the provider, swap in your live keys, and you are taking real payments.
Troubleshooting
Start with Verify. In the dashboard, click Verify on the provider. It checks your keys against Stripe and returns a specific message if something is off.
Verify says the key format is wrong.
Secret keys start with sk_test_ or sk_live_ (restricted keys start with rk_). The webhook signing secret starts with whsec_. Re-copy the right value into the right field.
Verify says Stripe rejected the key.
Re-copy the secret key from Developers → API keys, and make sure you are not pairing a test key with a live webhook secret or the reverse.
Payment completes but the order stays pending.
The webhook is not arriving. Confirm the endpoint URL matches exactly, that you selected checkout.session.completed, and that a test payment is hitting your test-mode endpoint (test and live are separate endpoints).
Signature verification fails.
Each Stripe endpoint has its own signing secret. Copy the whsec_ from this endpoint settings, not another endpoint.
Confirm it end to end.
Stripe has no simulate button. In the Stripe Dashboard, resend a recent event to your endpoint, or create a test PaymentIntent, then watch the order update.
Good to know
Rotating keys. Roll the secret key or webhook secret anytime, then paste the new value. Secret fields stay blank on edit so you can drop in a rotated key.
Activation. Live keys work only once your account is activated for payments. Test keys work immediately.
Questions? Join our Discord