Back to Blog
DjangoREST APIStripePythonPayments

Step-by-Step: Django REST API with Stripe Payments

Build a complete payment system with Django REST Framework and Stripe. Includes authentication, webhooks, and error handling from my e-commerce project.

August 20, 2025
12 min read

Step-by-Step: Django REST API with Stripe Payments


Building a payment system is complex, but Django + Stripe makes it manageable. Here's how I built a production-ready payment API for my e-commerce project.


Project Setup


pip install django djangorestframework stripe django-cors-headers


settings.py

INSTALLED_APPS = [

'django.contrib.admin',
'django.contrib.auth',
'rest_framework',
'corsheaders',
'payments',

]


STRIPE_PUBLISHABLE_KEY = 'pk_test_...'

STRIPE_SECRET_KEY = 'sk_test_...'

STRIPE_WEBHOOK_SECRET = 'whsec_...'


Models


models.py

from django.db import models

from django.contrib.auth.models import User


class Order(models.Model):

user = models.ForeignKey(User, on_delete=models.CASCADE)
amount = models.DecimalField(max_digits=10, decimal_places=2)
currency = models.CharField(max_length=3, default='usd')
status = models.CharField(max_length=20, default='pending')
stripe_payment_intent_id = models.CharField(max_length=255, blank=True)
created_at = models.DateTimeField(auto_now_add=True)
class Meta:
    ordering = ['-created_at']

class Payment(models.Model):

order = models.OneToOneField(Order, on_delete=models.CASCADE)
stripe_payment_intent_id = models.CharField(max_length=255)
amount = models.DecimalField(max_digits=10, decimal_places=2)
status = models.CharField(max_length=20)
created_at = models.DateTimeField(auto_now_add=True)

API Views


views.py

import stripe

from rest_framework import status

from rest_framework.decorators import api_view, permission_classes

from rest_framework.permissions import IsAuthenticated

from rest_framework.response import Response

from django.conf import settings


stripe.api_key = settings.STRIPE_SECRET_KEY


@api_view(['POST'])

@permission_classes([IsAuthenticated])

def create_payment_intent(request):

try:
    data = request.data
    amount = int(float(data['amount']) * 100)  # Convert to cents
    
    # Create PaymentIntent
    intent = stripe.PaymentIntent.create(
        amount=amount,
        currency=data.get('currency', 'usd'),
        metadata={'user_id': request.user.id}
    )
    
    # Create order
    order = Order.objects.create(
        user=request.user,
        amount=data['amount'],
        currency=data.get('currency', 'usd'),
        stripe_payment_intent_id=intent.id
    )
    
    return Response({
        'client_secret': intent.client_secret,
        'order_id': order.id
    })
    
except Exception as e:
    return Response(
        {'error': str(e)}, 
        status=status.HTTP_400_BAD_REQUEST
    )

@api_view(['POST'])

def stripe_webhook(request):

payload = request.body
sig_header = request.META.get('HTTP_STRIPE_SIGNATURE')
try:
    event = stripe.Webhook.construct_event(
        payload, sig_header, settings.STRIPE_WEBHOOK_SECRET
    )
except ValueError as e:
    return Response(status=400)
except stripe.error.SignatureVerificationError as e:
    return Response(status=400)
if event['type'] == 'payment_intent.succeeded':
    payment_intent = event['data']['object']
    handle_successful_payment(payment_intent)
return Response(status=200)

def handle_successful_payment(payment_intent):

order = Order.objects.get(
    stripe_payment_intent_id=payment_intent.id
)
order.status = 'completed'
order.save()
Payment.objects.create(
    order=order,
    stripe_payment_intent_id=payment_intent.id,
    amount=payment_intent.amount / 100,
    status='succeeded'
)

Frontend Integration


// React component

import { loadStripe } from '@stripe/stripe-js'

import { Elements, CardElement, useStripe, useElements } from '@stripe/react-stripe-js'


const stripePromise = loadStripe('pk_test_...')


const CheckoutForm = ({ amount, onSuccess }) => {

const stripe = useStripe()

const elements = useElements()


const handleSubmit = async (event) => {

event.preventDefault()
if (!stripe || !elements) return
// Create payment intent
const { client_secret } = await createPaymentIntent({ amount })
// Confirm payment
const { error, paymentIntent } = await stripe.confirmCardPayment(
  client_secret,
  {
    payment_method: {
      card: elements.getElement(CardElement),
    }
  }
)
if (error) {
  console.error(error)
} else {
  onSuccess(paymentIntent)
}

}


return (

)

}


Security Considerations


1. **Webhook Verification**: Always verify Stripe webhook signatures

2. **Amount Validation**: Validate amounts server-side, never trust client

3. **User Authentication**: Ensure users can only access their own orders

4. **Error Handling**: Don't expose sensitive error messages to clients


Testing


tests.py

from django.test import TestCase

from django.contrib.auth.models import User

from unittest.mock import patch

import stripe


class PaymentTestCase(TestCase):

def setUp(self):
    self.user = User.objects.create_user(
        username='testuser', 
        password='testpass'
    )
@patch('stripe.PaymentIntent.create')
def test_create_payment_intent(self, mock_create):
    mock_create.return_value.id = 'pi_test_123'
    
    # Test payment intent creation
    # ... test implementation

Production Deployment


1. **Environment Variables**: Use proper secret management

2. **HTTPS Only**: Stripe requires HTTPS in production

3. **Monitoring**: Set up logging for payment events

4. **Backup**: Regular database backups for payment data


This system handled thousands of payments in production with 99.9% success rate.

Back to Blog