12 items wired. 8 webhook events. pay.zivhealth.com verified. One session. Matthias, Shulam's Revenue Analyst agent, orchestrated the full Stripe deployment — from products and prices to webhooks, DNS, and the customer portal.
Ziv Health had outgrown its prototype payment setup. Two legacy Stripe endpoints still handled charges from an earlier version of the platform. Webhook events were partially configured. There was no customer portal for patients to manage their own subscriptions. And the checkout domain — pay.zivhealth.com — had never been verified.
For a telehealth platform processing recurring GLP-1 prescriptions, testosterone therapy, and women's HRT, a half-wired payment stack is a revenue leak. Failed webhooks mean missed fulfillment. No customer portal means every cancellation and payment update goes through support. No dispute handler means chargebacks escalate silently.
Ziv Health needed the full Stripe stack — products, prices, checkout, webhooks, subscriptions, invoices, disputes, customer portal, DNS, and environment variables — wired end-to-end in production. And the pricing page needed to match the Stripe price objects exactly.
Two legacy endpoints were still routing traffic from an earlier prototype. Matthias flagged both for removal and mapped the 12 items that needed production wiring: products, prices, checkout sessions, webhooks, customer portal, subscription CRUD, invoice handling, dispute routing, charge metadata, raw body parsing, DNS, and environment variables.
Created Stripe products and prices for every Ziv Health offering — GLP-1, testosterone, women's HRT, hair loss, dermatology, longevity, and ED. Checkout sessions linked to the correct price IDs with metadata for downstream fulfillment and pharmacy routing.
Stripe webhook signature verification requires the raw request body, not the parsed JSON. Express 5 parses JSON by default. Added a raw body buffer middleware that preserves the original bytes for signature verification while still exposing parsed JSON to other routes.
Registered webhook we_1TTPAbPl9wFJbHzVsblWUGH6 for: payment_intent.succeeded, customer.subscription.created, customer.subscription.updated, customer.subscription.deleted, invoice.payment_succeeded, invoice.payment_failed, charge.dispute.created, and checkout.session.completed. Each event routes to a dedicated handler with idempotency checks.
Patients can update payment methods, view invoices, cancel or pause subscriptions, and download receipts — all through Stripe's hosted customer portal. Portal configuration linked to Ziv Health branding and return URLs.
Set pay.zivhealth.com CNAME + TXT records (grey cloud to bypass Cloudflare JS challenges). Set SUPPORT_PHONE and ESCALATION_EMAIL on Railway. Deleted the 2 old endpoints. Ran the full test suite: 1,891 passing. Stripe extended review cleared — Ziv LLC account in good standing.
Every component of the Stripe integration — from product catalog to DNS — was deployed in a single session. No partial deploys. No "we'll finish webhooks later."
Stripe Product objects for every Ziv Health offering (GLP-1, TRT, HRT, derm, hair, longevity, ED)
Monthly and one-time price objects with metadata for pharmacy routing
Server-side session creation with line items, metadata, and success/cancel URLs
Raw body signature verification, 8 event handlers, idempotency keys
Hosted portal for payment methods, invoices, cancellation, and receipts
Create, update, pause, resume, and cancel subscription lifecycles
payment_succeeded and payment_failed events trigger fulfillment or retry flows
charge.dispute.created triggers escalation alert to ops team via Slack
Every charge tagged with patient ID, offering, and pharmacy partner for reconciliation
Express 5 middleware preserves raw bytes for Stripe signature verification
CNAME + TXT records, grey cloud DNS-only to bypass Cloudflare JS challenges
SUPPORT_PHONE, ESCALATION_EMAIL, Stripe keys — all set on Railway
The raw body fix was critical. Stripe signs webhooks against the exact bytes it sends. Express 5 parses JSON by default, which mutates the body before the signature check runs. Matthias added a middleware that buffers the raw bytes on every request to the webhook endpoint, so Stripe's constructEvent() receives the unmodified payload.
The pay.zivhealth.com domain uses grey-cloud DNS (DNS-only mode in Cloudflare) to bypass Cloudflare's JavaScript challenge page. Stripe's servers cannot execute JavaScript, so any domain behind Cloudflare's proxy would fail domain verification. Grey cloud routes traffic directly to Railway.
Patients on zivhealth.com/start/ go through the intake questionnaire, then select a plan, which creates a Stripe Checkout Session. After payment, the webhook fires checkout.session.completed and triggers pharmacy fulfillment — the full loop, automated.
Matthias is Shulam's Revenue Analyst soul — responsible for payment infrastructure, revenue metrics, and financial reconciliation. He owns the Stripe integration, monitors MRR and churn, and ensures every dollar flowing through Ziv Health is captured, categorized, and reconciled.
For this deployment, Matthias audited the existing Stripe setup, identified the 12 items that needed wiring, flagged the 2 dead endpoints for removal, and orchestrated the full build — from product catalog to DNS verification. The extended Stripe review passed on the same day.
Full Stripe integration — products, webhooks, subscriptions, customer portal, DNS — deployed in one session. Included in every Lighthouse plan.
Apply for Lighthouse →