Payment verification

Metrivo records payments only through signed provider webhook routes or a server-side API key that has the payments:write scope.

Implemented payment routes

/api/integrations/stripe/webhook/[integrationId]
/api/integrations/razorpay/webhook/[integrationId]
/api/integrations/dodo/webhook/[integrationId]
/api/payments/manual for custom providers and back-office payment events.

Why founders can trust this connection model

Read-only provider setup: Stripe, Razorpay, and Dodo connect through inbound signed webhooks. Metrivo does not need charge-capable provider API keys for this setup flow.
Encrypted secret storage: webhook signing secrets are encrypted before storage and are not rendered back to the browser after save.
Scoped manual writes: the Manual Payment API only accepts server-side keys with the payments:write scope, and every request is checked against the owning workspace and website.
No fake connected state: a provider is not marked active just because a secret was pasted. Status changes only after a valid signed webhook or authenticated payment request is verified.

Verification signals

Provider configuration exists in the integration tables.
A payment event is received and stored for the website.
Attribution runs after ingestion and records confidence evidence when a match is possible.
Unmatched payments stay visible as unattributed revenue instead of being forced into a source.

The practical outcome is simple: Metrivo can verify that a payment happened and attribute it, but it is not designed to create charges, move balances, or silently mark a provider healthy without server-side proof.