Use LetsOrderIt to manage payments, subscriptions, customers, CRM, and access levels for your external app. AccessGate handles login and verified access — your app focuses on the product experience. Draft v1.1 — Euro/global pricing examples.
Build the app anywhere. Run the business on LetsOrderIt.Your app = product experienceAccessGate = login & accessLetsOrderIt = commerce engine
Three use cases: (1) Creator login — manage the connected app. (2) Customer/member access — unlock features by LetsOrderIt plan or subscription. (3) Post-payment fulfillment — issue vouchers, bookings, files, or benefits after verified payment.
No matching topic found. Try searching for token, webhook, connect, payment, or showcase.
Core idea
Build the app anywhere. Run the business on LetsOrderIt.
This integration is not only about connecting a vibe-coded app to a payment webhook. LetsOrderIt becomes the commerce, subscription, customer, order, CRM, and Stripe/payment layer for external apps. AccessGate is the login, access, and permission bridge. Your app is the product experience — dashboard, member area, booking tool, voucher tool, AI tool, or other interface.
Your app handles the product. LetsOrderIt handles the business.
Turn any vibe-coded app into a paid SaaS, membership, booking, voucher, or service product without rebuilding billing, subscriptions, CRM, or access logic.
Documentation uses Euro/global pricing examples (e.g. Standard €9/month, Premium €29/month). Local currencies still work inside LetsOrderIt checkout where configured.
Architecture
How the pieces fit together
The clean model:
Creator creates paid/free access levels in LetsOrderIt
↓
Customer signs up or pays through LetsOrderIt
↓
LetsOrderIt stores customer, order, subscription, plan status, CRM record
↓
AccessGate becomes the login/access bridge
↓
Customer logs into the external app through AccessGate
↓
External app receives verified access level, benefits, and status
↓
External app unlocks Free / Standard / Premium / Enterprise features
App UI, creator/customer dashboards, feature unlocking by verified access level, fulfillment after verified payment, idempotent records.
Customer flow
Sign up or pay on LOIT → log in via AccessGate → app verifies access → unlock plan features.
Important distinction
Creator access vs customer/member access
1. Creator / admin access
For the creator who owns the app setup — hotel owner in SnapBooking, agency in an AI tool, voucher creator in SnapVoucher.
Verifies: who is the creator, which showcase they manage, creator plan, showcase switching.
2. Customer / member access
For the creator's customer, subscriber, member, or buyer — pays Premium through LetsOrderIt, then logs into the connected app.
Verifies: signup/payment status, active subscription, plan level, which features to unlock.
Existing docs cover creator login and payment fulfillment well. Customer/member access based on LetsOrderIt subscription or signup level is the key expansion — see Customer access flow.
Pricing
Two separate pricing layers
Layer A — What the creator pays LetsOrderIt
Controls what the creator can use: Free, Solo, Business, Enterprise/Custom. May limit connected apps, webhooks, AccessGate usage, team access, white-label, etc.
Layer B — What the creator charges their customers
Created inside LetsOrderIt as items — free signup, one-time payments, or subscriptions. The creator sets their own pricing:
Free access = €0
Standard = €9/month or €9.90/month
Premium = €29/month or €29.90/month
Enterprise = custom/manual
LetsOrderIt handles customer signup/payment/subscription; AccessGate tells the external app which level the customer has.
Creator setup
Creator setup flow inside LetsOrderIt
A creator should not need to build billing, subscriptions, Stripe, CRM, or customer access logic inside the external app. LetsOrderIt handles that.
Create a LetsOrderIt account.
Create or select a showcase/business.
Enable the relevant Snap App or external app integration.
Create access/payment items in LetsOrderIt (Free, Standard, Premium, Enterprise/custom).
Configure each item as one-time payment, free signup, or subscription.
Enable Stripe/payment methods where needed.
Connect each LetsOrderIt item to the external app.
Set the integration reference for each item (free, standard, premium, enterprise, etc.).
Set or auto-write the post-payment webhook URL.
Set or auto-write the post-payment redirect URL.
Use AccessGate as the login page for the connected app.
Customers sign up or pay through LetsOrderIt.
Customers log into the connected app through AccessGate.
The connected app unlocks access based on verified subscription/payment level.
Developer checklist
Recommended integration checklist
Create a creator gate — request creator access, then create a CREATOR-type gate with your app URL as the destination.
Wire creator login — send creators to https://accessgate.loit.site/g/{gate-id}?return_url=....
Store session — set an HttpOnly cookie with the token and gate id; re-verify on each protected request.
Add payment webhook — expose POST /api/loit/payment-confirmed.
Verify before fulfilling — call AccessGate POST /api/verify-payment.
Connect LOIT items — call POST /api/connect-loit-item from your creator UI.
Creator auth
Creator login through AccessGate
Redirect creators to your gate login page with a return URL back to your app.
These proxy to LetsOrderIt NestJS /api/accessgate/*.
Route
Purpose
/api/verify-token
Validate ag_access JWT
/api/switch-showcase
Re-issue token for another showcase
/api/verify-payment
Confirm LOIT order/subscription is paid
/api/connect-loit-item
Push form settings onto a LOIT item
/api/launch-from-token
My Apps token exchange between gates
Multi-showcase
Switching LetsOrderIt businesses
POST https://accessgate.loit.site/api/switch-showcase
{ "token": "{ag_access JWT}", "business_id": "{showcase UUID}" }
Public creator gates allow switching; invite-only gates fix the showcase per login.
Subscription engine
Use LetsOrderIt as your app's subscription engine
LetsOrderIt can manage your external app's customer plans, subscriptions, payment levels, customer records, Stripe payments, and access status. Your app should not duplicate billing logic — ask AccessGate whether the current customer has active access and which plan or benefits are available.
Creators define Free, Standard, Premium, Enterprise, or custom plans as LetsOrderIt items. Map verified access to features:
free → basic access
standard → normal tools
premium → advanced tools
enterprise → custom/unlimited/admin access
Customer access
Customer / member access flow
Customer signs up or pays through a LetsOrderIt item or subscription.
LetsOrderIt stores customer, order/subscription, item, plan, and CRM record.
Customer logs into the connected app through AccessGate (gate linked to subscription item).
App calls AccessGate to verify current access on each login.
AccessGate returns access level, plan, and benefits.
App unlocks features based on verified access — not browser URL params alone.
Re-check on login so cancelled or expired subscriptions do not keep paid access.
Access contract
Recommended customer access API contract
Your app should ask: does this logged-in customer have access, and at what level?
Recommended routes (implement in your app, verify via AccessGate/LetsOrderIt):
GET /api/me/access
POST /api/verify-customer-access
GET /api/customer-subscriptions (via LetsOrderIt API where applicable)
In plain English: the creator pastes a LetsOrderIt item URL into your app. The app writes redirect URL, webhook URL, and integration_ref back to the item — no manual Form Settings copy/paste.
Form Settings control what happens after submit or payment. Open any item in LetsOrderIt admin → Form settings:
Action on submit — normally page for connected apps
Redirect URL — customer goes to your app after checkout (UX only, not payment proof)
Post-payment webhook URL — signals your app to verify and fulfill
Integration reference — which plan, template, service, or feature this item represents
Example: Premium Plan item with integration_ref = premium. Webhook → your app. Redirect → activation page. After verified payment, unlock Premium features.
Important: Redirect URL alone does not prove payment. Always verify via webhook + AccessGate payment verify.
Payment webhook
Post-payment webhook from LOIT
LOIT POSTs after successful payment with user-agent: LetsOrderIt-PostPaymentWebhook/1.0. Treat the webhook as a notification only — there is no shared webhook secret.
If the same webhook arrives again, return success but do not issue duplicate benefits.
Planning
App planning checklist
For every connected app, define:
What does the creator sell?
Which LetsOrderIt item represents the sale or access level?
Is it free signup, one-time payment, or subscription?
What is the integration_ref?
Which webhook endpoint receives payment events?
Which app route shows the fulfilled result?
Which plan/features should be unlocked?
What happens if the subscription expires?
AI tools
Copy-paste prompt for Cursor, Lovable, Bolt, or Claude
Give this brief to your AI coding tool or developer. It includes architecture, routes, security rules, and fulfillment expectations from the LetsOrderIt + AccessGate blueprint.
Build this app using LetsOrderIt as the commerce, subscription, customer, order, CRM, and Stripe/payment layer. Do not build a separate billing/subscription system inside the app unless explicitly needed.
Use AccessGate as the login and access bridge between LetsOrderIt and this app.
The app must support two types of access:
1. Creator/Admin access
The creator logs in through AccessGate to manage the app, connect LetsOrderIt items, and configure what each item/subscription unlocks.
2. Customer/Member access
The customer signs up or pays through LetsOrderIt, then logs into this app through AccessGate. The app must unlock features based on the verified LetsOrderIt plan, item, subscription, integration_ref, and access status.
Core architecture:
- LetsOrderIt handles showcases, items, checkout, subscriptions, orders, customer records, CRM, Stripe payments, form settings, and webhooks.
- AccessGate handles login, token verification, access verification, showcase/business context, and proxy calls to LetsOrderIt.
- This app handles the product experience, UI, feature unlocking, and fulfillment after verified payment/access.
Required routes:
/creator — Creator/admin dashboard after AccessGate login.
/customer or /app — Customer/member area after AccessGate login.
/api/auth/accessgate/callback — Receives AccessGate token, verifies server-side, stores HttpOnly session cookie, strips token from URL.
/api/me — Returns the current logged-in user/session.
/api/me/access — Returns verified access level, plan, status, business/showcase, integration_ref, benefits, subscription/order info.
/api/loit/payment-confirmed — Receives LetsOrderIt post-payment webhook.
/api/loit/verify-payment — Server-side verification before fulfillment.
/activate — Post-payment redirect page. UX only — never proof of payment alone.
/connect-loit-item — Creator action to connect a LetsOrderIt item/payment URL to this app.
Golden security rule:
Redirect is only UX.
Webhook is only a signal.
Verification is the proof.
Fulfillment happens only after verified payment or verified active access.
Do not unlock, issue, book, deliver, or activate anything only because the user reached a redirect URL.
Do not trust browser-provided plan names, item ids, subscription ids, or integration_ref values.
Do not trust the webhook alone — there is no shared webhook secret.
Always verify server-side through AccessGate/LetsOrderIt before fulfilling.
Expected AccessGate creator login flow:
1. Redirect creator to: https://accessgate.loit.site/g/{gate-id}?return_url=https://your-app.example/creator
2. AccessGate redirects back with: ?token={ag_access JWT}
3. Verify the token server-side with AccessGate GET /api/verify-token
4. Store a secure HttpOnly session cookie
5. Remove the token from the visible URL
Expected customer/member access flow:
1. Customer signs up or pays through a LetsOrderIt item/subscription.
2. LetsOrderIt stores the customer, order/subscription, item, plan, and CRM record.
3. Customer logs into the connected app through AccessGate.
4. The app calls AccessGate to verify current access.
5. AccessGate returns current access level and benefits.
6. The app unlocks features based on verified access.
7. Re-check access on login so cancelled/expired subscriptions do not keep paid access.
Map access levels to app features, for example:
free -> basic access
standard -> normal tools
premium -> advanced tools
enterprise -> custom/unlimited/admin access
Expected post-payment webhook flow:
1. LetsOrderIt sends webhook to /api/loit/payment-confirmed
2. Store the raw event for debugging
3. Extract payment_source, order_id, item_id, subscription_id, customer_email, integration_ref
4. Call AccessGate POST https://accessgate.loit.site/api/verify-payment
5. Fulfill only if valid: true
6. Store an idempotency record so the same order/subscription cannot be fulfilled twice
Example payment verification:
POST https://accessgate.loit.site/api/verify-payment
{ "payment_source": "loit_subscription", "order_id": "12345", "item_id": "item_123" }
Idempotency keys (check before fulfilling):
- serial (if already issued)
- order_no + item_id
- order_id + item_id
- subscription_id + integration_ref
- customer_email + business_id + integration_ref (free signup)
Creator setup: create Free / Standard / Premium / Enterprise items in LetsOrderIt (https://app.letsorderit.com) with integration_ref values (free, standard, premium, enterprise). Use integration_ref and verified access status to decide what to unlock.
SnapVoucher
SnapVoucher — paid vouchers and QR tickets
Full integration: creator auth, connect LOIT item, post-payment webhook, multi-showcase.
Gate: snapvoucher-creator-access
Webhook: POST /api/loit/payment-confirmed
Connect: writes template slug as integration_ref
Fulfillment: issues QR voucher after verified payment