OptionalclientInjected client for tests; defaults to lazily importing the stripe SDK.
Explicit, never inferred from key prefixes.
OptionalmaxAutomatic network-level retries inside the Stripe SDK (idempotency keys make them safe). Default 2. Only applies when the SDK is loaded lazily — an injected client keeps its own configuration.
OptionalnowInjected clock (ms since epoch) for webhook tolerance tests.
OptionalpaymentiDEAL/SEPA/ACH/Bacs are per-account dashboard enablements, and wallet availability varies too — override instead of trusting the defaults when the account differs.
OptionalrequestAbort a hung Stripe request after this many milliseconds (the SDK's
timeout client option). Left unset, the SDK's own default of 80000
(80s) applies. Only applies when the SDK is loaded lazily — an injected
client keeps its own configuration.
OptionalverifyZero-amount verification on Stripe uses a SetupIntent, which attaches a saved PaymentMethod — colliding with the no-vaulting constraint. The default strategy detaches the PaymentMethod immediately (guaranteed, even on failure paths). Set "disabled" to switch the capability off instead.
One secret, or several during rotation (Stripe keeps the old endpoint secret valid for a grace window — list both and rotation needs no cutover).
OptionalwebhookWebhook timestamp tolerance in seconds (replay protection). Default 300.
Explicit Stripe API version (e.g. "2024-06-20"). Required: the account default changes silently between accounts — never rely on it.