Set up Stripe with Claude Code or Codex CLI

A real walkthrough: agent creates the product, sets the price, wires the webhook, captures the secret key into .env. You step in for the 2FA. Total wall-clock ~5 minutes.

Why this needs Chromeflow specifically: Stripe's dashboard is behind your authenticated session and routinely prompts for 2FA on changes. Playwright, Browser Use, and Puppeteer would all need to re-login from scratch every run and fail at the 2FA prompt. Chromeflow runs in your real Chrome where you're already signed in, so the agent's first tool call is the actual work.

The prompt

Set up a Stripe product called "Pro Plan" at $29/month, point the
webhook at https://myapp.com/api/stripe, capture event types
checkout.session.completed and customer.subscription.updated, and
put the secret key in .env

What the agent does

1. Open the products page

open_page("https://dashboard.stripe.com/products")

Uses your existing Stripe session. No login screen, no MFA prompt — you're already in.

2. Add the product

click_element("Add product", until_text_contains="Product details")
fill_form([
  {label: "Name", value: "Pro Plan"},
  {label: "Description", value: "Monthly subscription tier"},
  {label: "Amount", value: "29"}
])

The until_* clause makes click_element verify the click actually opened the product-details form before continuing — no silent failure.

3. ⚠ Human handoff — 2FA

Stripe occasionally challenges for 2FA on critical changes. The agent calls highlight_region on the 6-digit code input and wait_for_click. You type the code, click, and the workflow continues. The agent never sees your 2FA codes.

4. Navigate to webhooks

open_page("https://dashboard.stripe.com/webhooks")
click_element("Add endpoint")
fill_form([
  {label: "Endpoint URL", value: "https://myapp.com/api/stripe"},
  {label: "Description", value: "Main webhook for SaaS app"}
])
click_element("Select events")
click_element("checkout.session.completed")
click_element("customer.subscription.updated")
click_element("Add events")
click_element("Add endpoint", until_text_contains="Signing secret")

5. Capture the secret key

open_page("https://dashboard.stripe.com/apikeys")
click_element("Reveal test key", until_text_contains="sk_test_")
const result = find_text("sk_test_", max=1)
write_to_env("STRIPE_SECRET_KEY", result.matchedText, "/Users/you/myapp/.env")

The reveal is reverted automatically after a few seconds for security — Chromeflow grabs the value during the visible window. write_to_env handles the file lock + appends-or-updates safely.

6. Capture the webhook signing secret

open_page("https://dashboard.stripe.com/webhooks")
click_element("...myapp.com/api/stripe")
click_element("Click to reveal", until_text_contains="whsec_")
const sig = find_text("whsec_", max=1)
write_to_env("STRIPE_WEBHOOK_SECRET", sig.matchedText, "/Users/you/myapp/.env")

What you get

.env updated: STRIPE_SECRET_KEY=sk_test_... and STRIPE_WEBHOOK_SECRET=whsec_... ready for your code to read.
Product live in Stripe with the right name, price, and tax setting.
Webhook endpoint registered pointing at your URL with the two event types subscribed.
Your active engagement: ~30 seconds for the 2FA prompt. The rest happens while you're reading docs or writing code.

Why this is hard without Chromeflow

Playwright/Browser Use/Puppeteer would each launch a fresh Chrome with no Stripe cookie. The agent's first hurdle: a login page. Even if you script the email + password (and stick those in env vars somewhere), Stripe's 2FA challenge kills the flow. With Chromeflow, the session is already there — the only human interaction is the 2FA code, which is the part you should be doing anyway.

← Back to all use cases