Task 9 has been completed. The application now supports Enterprise tier subscriptions with API key generation.
- Added
STRIPE_ENTERPRISE_PRICE_IDenvironment variable - Updated checkout session creation to support Pro and Enterprise tiers
- Enhanced webhook handler to process Enterprise subscriptions
- Added subscription cancellation handling
- Created
/api/generate-keyendpoint for Enterprise users - Created
/api/revoke-keyendpoint to revoke API keys - Added UI in index.html for API key management
- Keys are cryptographically secure (64 characters with
cvocr_prefix)
- Go to your Stripe Dashboard: https://dashboard.stripe.com/
- Navigate to Products → Add Product
- Create a new product:
- Name: California Vision OCR - Enterprise Plan
- Description: 1000 documents/month, 500 AI analyses, 100 pages max, 50MB files, API access
- Pricing: $99.00 USD / month (recurring)
- Billing period: Monthly
- After creating, copy the Price ID (starts with
price_) - Add it to your
.envfile:STRIPE_ENTERPRISE_PRICE_ID="price_YOUR_ENTERPRISE_PRICE_ID_HERE"
Add the new environment variable to your Vercel deployment:
vercel env add STRIPE_ENTERPRISE_PRICE_IDOr add it through the Vercel dashboard under Settings → Environment Variables.
-
Test Checkout Flow:
- Visit your app as a free user
- Click "Enterprise - $99/month" button
- Complete test checkout (use Stripe test card: 4242 4242 4242 4242)
-
Test Webhook:
- Ensure webhook receives
checkout.session.completedevent - Verify user tier is updated to
enterprisein database - Check that metadata includes
tier: enterprise
- Ensure webhook receives
-
Test API Key Generation:
- Log in as an Enterprise user
- Click "Generate API Key" button
- Verify key is displayed and stored in database
- Test "Revoke API Key" functionality
GET /create-checkout-session/subscription/enterprise- Enterprise checkoutGET /create-checkout-session/subscription/pro- Pro checkout (explicit)POST /api/generate-key- Generate API key (Enterprise only)POST /api/revoke-key- Revoke API key (Enterprise only)
The existing User model already has the required fields:
api_key(String, 64 chars, unique, nullable)api_key_created(DateTime, nullable)tier(String, supports 'free', 'pro', 'enterprise')
- Shows 3-column plan comparison (Free, Pro, Enterprise)
- Two upgrade buttons: "Pro - $10/month" and "Enterprise - $99/month"
- Shows Pro badge
- No API key section (Pro doesn't have API access)
- Shows Enterprise badge with building icon
- API Key Management section with:
- Generate API Key button (if no key exists)
- Active key status (if key exists)
- Revoke API Key button (if key exists)
- Copy to clipboard functionality
-
API Key Generation:
- Uses
secrets.token_urlsafe(48)for cryptographic security - Prefixed with
cvocr_for easy identification - Stored in database (consider hashing in production)
- Only shown once to user
- Uses
-
Access Control:
- API key endpoints require Enterprise tier
- Returns 403 Forbidden for non-Enterprise users
- Login required for all endpoints
-
Webhook Security:
- Signature verification using
STRIPE_WEBHOOK_SECRET - Validates event type before processing
- Handles subscription cancellations
- Signature verification using
After completing this setup:
- Test the complete flow end-to-end
- Consider implementing tasks 10-11 for API endpoints and cost tracking
- Update README-2.md with Enterprise tier documentation (Task 12)
Issue: Checkout redirects but tier doesn't update
- Solution: Check webhook is configured and receiving events
- Verify
STRIPE_WEBHOOK_SECRETis correct - Check Vercel logs for webhook errors
Issue: API key generation fails
- Solution: Verify user tier is exactly 'enterprise' (lowercase)
- Check database connection
- Ensure
api_keycolumn exists in users table
Issue: Enterprise price not found
- Solution: Verify
STRIPE_ENTERPRISE_PRICE_IDis set correctly - Check the price ID exists in your Stripe account
- Ensure you're using the correct Stripe account (test vs live)