DEV Community

Cover image for Stripe payment succeeded but user has no access: how to fix it
Ciroandrea
Ciroandrea

Posted on

Stripe payment succeeded but user has no access: how to fix it

#webdev #api #saas #backend

Stripe payment succeeded… but the user has no access?

This is one of the most common issues when integrating Stripe in a SaaS.

The payment succeeds — but the user can’t access the product.

At first, it looks like a bug.

It’s not.

Why this happens

Stripe handles payments.

It does NOT handle your application logic.

So even if a payment is successful, your backend still needs to:

  • update the user state
  • grant access
  • sync everything correctly

If this doesn’t happen, you get a mismatch between payment and access.

The most common mistake: relying on redirects

Many developers grant access after the success page (redirect).

This is unreliable because:

  • users can close the page
  • the request may never reach your backend
  • your system may stay out of sync

Proper Stripe webhook handling (Node.js example) 

app.post('/webhook/stripe', express.raw({ type: 'application/json' }), (req, res) => {
  const sig = req.headers['stripe-signature'];

  let event;

  try {
    event = stripe.webhooks.constructEvent(req.body, sig, endpointSecret);
  } catch (err) {
    console.error('Webhook signature verification failed.', err.message);
    return res.status(400).send(`Webhook Error: ${err.message}`);
  }

  if (event.type === 'checkout.session.completed') {
    const session = event.data.object;

    // Update your database
    // Grant access to the user
    grantAccessToUser(session.customer_email);
  }

  res.status(200).send();
});
Enter fullscreen mode Exit fullscreen mode

The correct approach

  • treat Stripe as the source of truth
  • grant access only after a verified webhook
  • make the flow idempotent

This removes any dependency on the frontend.

Common pitfalls

Even with webhooks, you need to handle:

  • duplicate events
  • delayed events
  • signature verification errors
  • retry logic

A robust system must account for these.

When this becomes a system problem

If you’ve worked with Stripe before, you know this logic tends to grow quickly:

  • subscriptions
  • usage-based billing
  • credits (AI, APIs, etc.)
  • access control

At some point, it stops being a simple integration problem and becomes a system problem.

That’s something I’ve been working on recently.

Originally published here:
https://www.sos-guide.it/pagamento-stripe-riuscito-utente-senza-accesso/

Top comments (0)