/Integrations
v1.2Lemon Squeezy
Validate Lemon Squeezy API auth, store access, and webhook handshake integrity.
Integration
Lemon Squeezy
Confirms store access and signed webhook handshakes.
Lemon Squeezy launch failures often look like silent revenue loss: the API key works, but webhooks never authenticate or the HMAC check fails because the route reads a parsed body instead of raw bytes. PreFlight verifies store API access and posts a signed synthetic webhook before you depend on subscription events.
Requirements
- Lemon Squeezy API key with access to your store
- Store ID from Lemon Squeezy → Settings
- Webhook URL—the public route your app handles
- Webhook signing secret from Lemon Squeezy webhook settings
What PreFlight checks
| Probe | What it proves |
|---|---|
| Store API auth | The API key can reach the configured store. |
| Webhook handshake | A signed synthetic webhook is delivered to your endpoint. |
| Signature validation | The endpoint accepts the HMAC and rejects tampered payloads. |
| Endpoint reachability | The webhook URL is public and responds to POST requests. |
Failure guidance
| Symptom | Fix |
|---|---|
| API key rejected | Regenerate the API key in Lemon Squeezy and confirm store ID matches. |
| Signature failure | Verify the route reads the raw request body and validates x-signature with the saved secret. |
| Endpoint unreachable | Confirm the URL is deployed, uses HTTPS, and is not blocked by auth middleware. |
| Wrong store | Paste the Store ID from the same Lemon Squeezy store your production app uses. |
Dashboard setup
- Open Integrations → Lemon Squeezy in your PreFlight project.
- Paste the API key, Store ID, webhook URL, and signing secret.
- In Lemon Squeezy, confirm the webhook URL and secret match what you saved in PreFlight.
- Run Pre-Flight Check and confirm both API auth and webhook handshake pass.
