Generate Stripe Coupons via Slack Commands using Node.js and Code on Standard Library

Steve Meyer
Oct 30, 2018 · 7 min read

When you’re running a business, coupons can serve many purposes. You can reward loyal customers, attract new ones, or gauge price sensitivity of different groups. If you use Stripe for payment processing, you may already be aware of using Stripe to generate coupon codes. However, you might not always want to give somebody else Stripe dashboard access (or even login yourself) to generate these coupons — what if we could add coupons painlessly from the chat program we spend all day in, Slack? Thankfully, they also provide the option to create coupons on the fly using their API, which opens up the door to some exciting possibilities.

One such possibility is an integration with Slack. Imagine the following scenario plays out: You’re at a conference, and you meet a potentially high-value customer. Next week, you notice they sign up for your platform, but only for the free tier. You know there are features in your paid plan that will wow them, so you decide to give them a coupon.

With a platform like Standard Library, such an integration is a breeze. This guide will show you how to set up an API on Standard Library that can receive a slash command from Slack, and respond with a coupon code created in Stripe. If you’re not familiar with Standard Library, we’re a serverless platform that enables everyone to build, ship, and integrate scalable APIs in a matter of seconds. With the help of our online text editor, Code on Standard Library, you can do so right from your browser — no installation needed!

Step 1: Create an API

Open up Code on Standard Library. If you follow that link, a template for the coupon bot API will automatically open. Otherwise, you can click on the “Community API Sources” tab and search for “steve/couponbot”.

The functions/__main__.js endpoint will open automatically. It takes three parameters text, channel_id, user_name as well as the magic context parameter. text, channel_id, and user_name are passed in by Slack, and are a subset of the parameters every slash command generates. text is the most important, and its everything that the user types after the slash command. channel_id is what channel the command was invoked in, and user_name is who called the command.

Trending articles:

The context parameter is an object that all Standard Library APIs can receive. It contains details about the API execution; you can view the documentation for all the fields here. In this case, we are interested in the HTTP headers and the raw request body, which get passed into the verifyRequest function. verifyRequest, found under the src directory, ensures that the request made to your API is legitimate. This check is crucial because this API will have the ability to make coupons using Stripe.

Verifying a Request from Slack

verifyRequest makes two checks. The first checks that the request is no more than five minutes old. This check is to prevent replay attacks. In this case, one could theoretically intercept a legitimate slash command and resend it multiple time, creating a bunch of coupons. The second check uses an HMAC to make sure that the request came from Slack.

Simply put, you and Slack share a secret key. When Slack sends a request to your API, they sign the request body with the key and send the signature along with the request. When you receive a request, you take the raw body, sign it yourself with the same key, and check if it matches the signature sent by Slack. This means that your coupon bot API can only be invoked by a party with the secret key, so be careful with it! You can read Slack’s explanation of this method of security here.

After verifying the request, the API parses text for the coupon parameters. It expects them of the form:

id=myCouponCode amountOff=500 duration=1 validFor=1 maxRedemptions=1

id is the coupon code, i.e., what the user types in to receive the discount. id can also be left blank, and a random one will be created. amountOff is the discount amount in cents. duration is how many months the coupon will give the user a discount for and validFor sets the expiration date for the coupon. Again, validFor is also in months, so if you enter 2, the coupon can be redeemed as late as two months from the current date. Finally, maxRedemptions is the number of times a coupon can be used. Beware, you’ll need to add logic on your end to prevent a user from using the same coupon twice if maxRedemptions is greater than one.

With the parameters parsed, a request is made to Stripe to create the coupon; then the details are sent to the Slack channel that the request came from. With the implementation details squared away you should take the time to deploy your API, by hitting the green “Run” button in the bottom-left corner of Code on Standard Library.

The reward for all your hard work so far will be an error message, because you most likely didn’t pass any parameters to the API. That is fine because at the moment we are just interested in the “API Endpoint URL”, which is highlighted above. The URL is the key ingredient when making the slash command, which you’ll do next.

Step 2: Create a Slack App

Head over to the Slack app dashboard, and click “Create New App” in the top-right corner of the screen. You’ll be asked to give your bot a name and development workspace. After a moment, you’ll be redirected to a page labeled “Basic Information”. On the left side of the screen, you’ll see “Slash Commands” under the “Features” category.

Once there, click “Create New Command” and you’ll be prompted to fill out a form —

Don’t Forget to Add :bg!

The most important field is the “Request URL”. This should be the “API Endpoint URL” from earlier, with one addition. You want to append :bg to the original “API Endpoint URL”. Slack has some restrictions about how quickly you need to respond to a slash command, and :bg makes your API respond immediately with a 200 OK, and then continue working in the background.

Once you hit the green “Save” button, you’ll see “OAuth and Permissions” under the “Features” category on the left side of the screen.

Once there, scroll down to “Scopes”. You need the bot to be able to post back the coupon information. Adding “chat:write:bot” permissions will do the trick, so search for that in the “Select Permission Scopes” drop-down. With the new permissions saved, scroll back up to the top of the permissions page and click “Install App to Workspace”. When that finishes you’ll see an “OAuth Access Token”.

That’s one of two environment variables you’ll need from Slack so copy that down. The second is the “Signing Secret” mentioned earlier in verifyRequest. You can find that on the “Basic Information” page under “App Credentials”.

With those two tokens in hand, head back over to Code on Standard Library and click on the env.json file. Copy your two tokens into there respective fields, under the “dev” key. Now, a discerning reader will notice that one environment variable is missing and that they have yet to doing anything with Stripe.

Step 3: Get Your Stripe Token

Navigate to your Stripe Dashboard, specifically the API Keys page.

You’ll see a section called “Standard Keys”. Reveal and copy the secret key and copy that into your env.json file, giving you the complete set.

Click run again to redeploy your API with the environment variables properly configured. You’ll get the same error message as before, which again is fine because what you want to do is try it from Slack. Open the workspace you installed the app to and give it a whirl!

Pro tip: clicking on the blue link will open the coupon in your dashboard

That’s All!

I hope this tutorial has been helpful in showing you how easy it is to get started with Standard Library, Slack and Stripe. For more inspiration as to how you can better use Standard Library, you can check out more guides written by the team here. If you have a neat idea you’d like to share, reach out to me directly by e-mail:, or follow the Standard Library team and me on Twitter.

Steve Meyer is a recent graduate of Oberlin College and Software Engineer at Standard Library. When he’s not programming, you can find him baking bread, or playing Red Dead Redemption II.

AI Powered Chatbots for E-commerce

Thanks to Eileen, Jacob Lee, and Keith Horwood.

Steve Meyer

Written by

AI Powered Chatbots for E-commerce