LemonSqueezy

Processes payments across multiple currencies and payment methods (credit cards, digital wallets, bank transfers) while assuming merchant-of-record liability, meaning LemonSqueezy handles PCI compliance, payment gateway integration, and regulatory requirements on behalf of the seller. This eliminates the need for developers to integrate directly with Stripe, PayPal, or other processors and manage their own compliance burden.

Manages subscription lifecycle including creation, renewal, cancellation, pause/resume, and plan changes through a state machine architecture that tracks subscription status (active, paused, cancelled, expired) and automatically processes recurring charges on configured intervals. Integrates with payment processing to handle failed renewals, dunning (retry logic), and proration for mid-cycle changes.

Stores customer information (name, email, billing address, tax ID) and maintains customer profiles that persist across transactions and subscriptions. Customer data is accessible via API and can be updated to reflect changes in billing address, tax status, or other attributes.

Automatically generates orders and invoices for each transaction, with invoice data accessible via API and downloadable as PDF. Invoices include itemized charges, tax breakdown, and customer information, and can be customized with company branding.

Automatically calculates and applies sales tax, VAT, and GST based on customer location, product type, and applicable jurisdictional rules. The system maintains a database of tax rates and rules across supported regions and applies them at checkout or invoice generation time, handling tax-exempt customers and B2B scenarios where applicable.

Generates unique, cryptographically-secure license keys for software products and provides server-side validation endpoints to verify key authenticity, expiration, and usage limits. Keys can be tied to subscription status, so license validity automatically expires when a subscription ends or is cancelled.

Provides pre-built, customizable checkout pages that can be embedded as iframes or opened as modal overlays, or accessed via direct URLs. Checkout flows handle product selection, customer information collection, payment processing, and post-purchase actions (license key delivery, webhook triggers) without requiring developers to build custom checkout UI.

Delivers real-time webhook events for payment, subscription, and order state changes with automatic retry logic for failed deliveries. Events are signed with HMAC-SHA256 to allow verification of authenticity, and include detailed payload data about the triggering action (e.g., subscription.created, order.completed, payment.failed).

Enforces a hard rate limit of 300 API calls per minute per account, with rate limit information returned in response headers (X-Ratelimit-Limit, X-Ratelimit-Remaining). Requests exceeding the limit receive HTTP 429 Too Many Requests responses, requiring clients to implement exponential backoff or request queuing.

Provides separate API keys for test and live modes, allowing developers to build and test integrations against a sandbox environment without affecting production transactions. Test mode uses the same API endpoints but processes requests against test data and does not charge real payment methods.

Provides official SDKs for JavaScript (@lmsqueezy/lemonsqueezy.js) and Laravel (@lmsqueezy/laravel) with type definitions, error handling, and convenience methods for common operations. Community SDKs exist for Go, Ruby, Rust, Swift, Python, PHP, Elixir, and Java, enabling integration across diverse tech stacks.

Uses major version prefixes in API endpoints (e.g., /v1) and maintains backwards compatibility by allowing new resources, optional parameters, and response properties to be added without breaking existing integrations. Breaking changes trigger a new major version with a deprecation period for the old version.