Primary browser checkout path: the backend creates the PaymentIntent, Stripe-hosted fields confirm the payment, and PayBridge records the result into the shared payment record.
What this flow covers
The backend creates the PaymentIntent and records the payment; Stripe.js only handles secure in-browser confirmation.
Use a fresh demo order ID for each new payment attempt to avoid replaying an already completed PaymentIntent.
Webhook verification also requires PAYBRIDGE_STRIPE_WEBHOOK_SECRET.
Configuration and control points
Use Stripe test mode for local runs and public demos.
Keep the publishable key in the browser and the secret key only in server-side configuration.
Return-page verification and webhook processing should converge on the same payment record.