Overview
Pwnbook uses Stripe for subscription billing. Billing is entirely optional — if you don’t configure Stripe, all features are available without restriction. When billing is enabled, organizations are placed on plans (Starter, Business, Enterprise) that control their access to specific features and seat limits.Enabling billing
To enable billing, you need a Stripe account and a secret key:- Create or log in to your Stripe account.
- Obtain your Secret Key from Developers → API Keys. Use the live key for production, test key for testing.
- Add the key to your Pwnbook environment:
- Restart the backend service:
STRIPE_SECRET_KEY is set, billing features are activated and visible in the admin panel.
Configuring subscription plans
Pwnbook maps Stripe products and prices to internal plan tiers. To configure this:- In Stripe, create products for each plan (Starter, Business, Enterprise).
- Add a price to each product (monthly and/or annual).
- In the Pwnbook admin panel, go to Billing → Plan Configuration.
- Map each Stripe price ID to the corresponding Pwnbook plan tier.
- Set the feature limits for each plan (seats, engagements, etc.).
- Save.
Plan tiers
| Plan | Description |
|---|---|
| Starter | For small teams. Basic feature set, limited seats. |
| Business | Growing teams. Includes custom roles, SSO, API access, and priority support. |
| Enterprise | Large organizations. Custom pricing, dedicated support, SLA, and self-hosting options. |
Setting up Stripe webhooks
Stripe uses webhooks to notify Pwnbook of billing events (payment succeeded, subscription cancelled, etc.). Without webhooks configured, subscription status changes won’t be reflected in Pwnbook.Get your webhook endpoint URL
Your Pwnbook webhook endpoint is:Replace
your-pwnbook-domain.com with your actual domain.Create the webhook in Stripe
- In the Stripe dashboard, go to Developers → Webhooks.
- Click Add endpoint.
- Enter your webhook endpoint URL.
- Select the events to listen to (see Webhook events below).
- Click Add endpoint.
Webhook events
Configure Stripe to send the following events to your webhook endpoint:| Event | Description |
|---|---|
customer.subscription.created | A new subscription was activated |
customer.subscription.updated | Subscription plan or status changed |
customer.subscription.deleted | Subscription was cancelled |
invoice.payment_succeeded | A payment was successfully processed |
invoice.payment_failed | A payment attempt failed |
customer.created | A new Stripe customer was created |
Managing organization subscriptions
From the admin panel’s Billing section, you can view and manage subscriptions for individual organizations:- Go to Server Admin → Billing → Organizations.
- Find the organization and click on it.
- View current plan, billing cycle, next payment date, and payment method.
Upgrading or downgrading a plan
To change an organization’s plan:- Open the organization in the Billing admin.
- Click Change Plan.
- Select the new plan.
- Confirm the change.
Cancelling a subscription
To cancel an organization’s subscription:- Open the organization in the Billing admin.
- Click Cancel Subscription.
- Choose immediate cancellation or cancel at period end.
- Confirm.
Testing billing
Before going live, test your billing configuration using Stripe test mode:- Use a Stripe test secret key (
sk_test_...) in your environment. - Use Stripe test cards for payments.
- Trigger webhook events using the Stripe CLI:
stripe trigger customer.subscription.created.