Skip to main content

Stripe webhooks

Run the app locally, then forward Stripe events:
Use matching Stripe test secrets in .env.local.

Auth

WorkOS sign-in flows require the local callback URL to match the WorkOS application settings. Keep local, staging, and production WorkOS credentials separate. For OIDC deployments, including Keycloak-compatible realm issuers, verify browser callback wiring and token claims before production use.

Storage

R2 and S3-compatible storage flows use server-mediated upload and download routes. Test:
  • Presign URL creation.
  • Upload completion.
  • Owner-scoped content access.
  • File deletion.

Observability

PostHog and Sentry are optional locally. Use separate projects or DSNs per environment. Do not send local secrets, access tokens, or customer data in logs.