Stripe is well-documented. It's also misconfigured at launch by almost every solo founder, usually in one of 10 specific ways. Here are the tests.
## The 10 tests
1. Real card, production mode, end-to-end. Not a test key. Use your own card, charge $1, refund it. If the full loop doesn't complete, you don't ship. 2. Receipt email actually delivered. Check spam. 15% of launches I reviewed had receipts going to spam due to missing SPF/DKIM. 3. Webhook endpoint live and logged. Stripe dashboard shows "delivered" for every event. Your logs show the event was processed. 4. Subscription cancel flow. Cancel your test subscription. Does your app actually revoke access? 5. Failed payment handling. Use Stripe test cards (4000 0000 0000 0341 for decline-on-renewal). Does your dunning email send? 6. Tax collected correctly. If you use Stripe Tax, verify a EU customer is charged VAT. If you're under a reverse-charge threshold, verify the invoice shows it. 7. Refund flow. Issue a full refund. Does access revoke? Does the customer get an email? 8. Invoice PDF accessible. Customer should be able to download invoice from the portal or via email link. Required in most EU countries. 9. Metered billing edge cases (if applicable). What happens when a user crosses their plan limit mid-cycle? What about timezone boundaries? 10. Failed-card retry schedule. Stripe's Smart Retries can be configured. Most solos leave it at default, which is fine — but verify it's on.
## The mistakes I keep seeing
- Webhook signatures not verified. If your endpoint accepts any POST, you have a vulnerability. - Customer email not linked to your user record. When Stripe sends a webhook, you can't find the right user. - Test mode and live mode mixed. Keys pointed at the wrong environment. Always prefix env vars with STRIPE_TEST_ and STRIPE_LIVE_. - No idempotency keys on charge creation. Double-charges on network flakes. - Currency mismatch. Pricing page shows $ but Stripe account is set up in EUR.
## What you don't need at launch
Skip if possible: Stripe Connect (complex, enable when you onboard creators), Payment Links (good for v0 but less flexible than Checkout), tax compliance in 40 countries (start with your target market).
## The launch gate
Before you press publish on your landing page, you should have: 1 real charge completed, 1 refund processed, 1 subscription cancel flow tested, 1 webhook event verified end-to-end in logs. That's the gate. Anything less and you're shipping untested payments code — which is the fastest way to kill trust on day 1.