What PREM gives you
Multi-Processor Support
Stripe, Lemon Squeezy, and Mercado Pago share a unified adapter interface. Switch processors by changing one environment variable — no code changes required.
Full Subscription Lifecycle
Trials, upgrades, downgrades, pauses, and cancellations are all handled. Subscription status (active, past_due, canceled, trialing) is always in sync via webhooks.
Credit Ledger
Built-in prepaid credit system. Users purchase credits, your app deducts them per action. Every transaction is immutable and auditable. Row-level locks prevent negative balances.
Webhook Security
All incoming webhook payloads are signature-verified before processing. Idempotency keys prevent double-processing. Failed events are queued for automatic retry.
Invoice & Receipt Management
Automatic invoice generation on every payment. Hosted invoice URLs from your processor are stored and surfaced in the billing portal.
Fraud & Abuse Controls
Rate limiting on checkout endpoints. Stripe Radar rules applied by default. Suspicious webhook origins are logged and rejected.
Supported processors
Global coverage. Best-in-class developer experience. Radar fraud protection included.
Merchant of Record — Lemon Squeezy handles VAT and sales tax compliance for digital products.
Dominant processor in Latin America. Supports PIX, Boleto, OXXO, and local card schemes.
Install PREM
# Scaffold PREM module (requires UAPS)
$ npx kiban@latest init --module prem
# Set your processor in .env
PAYMENT_PROCESSOR=stripe
STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
# Validate configuration
$ kiban doctor
✔ Stripe connection verified
✔ Webhook secret valid
# Run migrations + seed plans
$ kiban migrate && kiban seed
✔ PREM running on http://localhost:8001Webhook security model
Every webhook endpoint in PREM verifies the payload signature before touching the database. The verification logic is processor-specific (Stripe usesstripe-signature header, Lemon Squeezy uses HMAC-SHA256, Mercado Pago uses token validation) but the interface is identical — your application code never sees unverified payloads.
Idempotency keys are stored in awebhook_events table. If the same event is received twice (processor retry on 5xx), PREM returns200 OK without re-processing — preventing double subscription creation or double credit grants.
How to integrate
Set your processor
Add PAYMENT_PROCESSOR=stripe (or lemon_squeezy or mercado_pago) to your .env. PREM auto-configures the correct adapter.
Add your processor keys
Paste your API keys and webhook signing secrets. kiban doctor validates connectivity before you run any migrations.
Run migrations
kiban migrate creates plans, customers, subscriptions, credits, and credit_transactions tables with RLS policies.
Seed plans
kiban seed creates basic ($9/mo), pro ($29/mo), and enterprise ($99/mo) plans and syncs them to your processor.
PREM is included in Pro and Enterprise
The Basic plan includes UAPS only. Pro and Enterprise unlock PREM — plus GREM analytics and SAGE support. All plans are perpetual licenses: buy once, own forever.