Skip to main content

1. Create your Gatlio account

Sign up at app.gatlio.io/signup. You’ll connect your Stripe account via OAuth during signup.

2. Get your publishable key

From the Gatlio dashboard, copy your publishable key (pk_live_…). This key is safe to embed in client-side code.

3. Register your Stripe webhook

In your Stripe dashboard, create a webhook endpoint pointing to: 
https://api.gatlio.io/api/webhooks/stripe
Subscribe to these events:
  • invoice.payment_failed
  • invoice.paid
  • setup_intent.succeeded
  • account.updated
  • account.application.deauthorized
Copy the signing secret (whsec_…) and paste it into the Gatlio dashboard under Settings → Stripe.

4. Add the enforcement snippet

Paste this into every authenticated page of your web app, replacing the placeholder values: 
<script
  src="https://api.gatlio.io/v1/enforce.js"
  data-tenant-slug="YOUR_TENANT_SLUG"
  data-publishable-key="pk_live_YOUR_KEY"
  data-customer-id="cus_SUBSCRIBER_STRIPE_ID"
  data-hmac="HMAC_SHA256_OF_CUSTOMER_ID"
></script>
Render this tag server-side. data-customer-id is the signed-in subscriber’s Stripe customer ID. data-hmac is HMAC-SHA256(hmacSecret, stripe_customer_id) — compute it server-side using your HMAC secret from the Gatlio dashboard. Never expose the HMAC secret to the client.
The snippet runs immediately on page load, checks the subscriber’s billing status, and shows the appropriate UI automatically.

5. Verify it works

In your Gatlio dashboard, navigate to Subscribers and find your test subscriber. Use the Force status control to set them to lockout — reload the page in your app and confirm the gate overlay appears.

Mobile apps

If you’re integrating into a mobile app rather than a web app, skip step 4 and follow the relevant SDK guide instead: