Settings
Settings in the main sidebar covers your workspace as a whole: account info and payment integrations.
Funnel settings vs workspace settings
Do not confuse the two:
- Workspace Settings: account, payment processor keys, AppsFlyer S2S, app API security, and Managed Access email.
- Per-funnel settings: logo, colors, navigation, footer, SEO, analytics, webhooks, legal pages, custom domain, AppsFlyer OneLink, success delivery, and Universal/App Links. Full guide: Funnel settings.
Account
Shows the email address you are signed in with and a Sign out button.
Workspace
Displays your workspace name. Team management and billing features will appear here in a future update.
Payment Integration
Connect a payment processor so payments from your funnels go directly to you. web2app supports Stripe and Paddle.
Which keys are required?
You can build, edit, and publish funnels without payment keys. Keys are only needed when visitors should pay through Stripe or Paddle at the Checkout step.
For Stripe checkout, you need all three Stripe fields below: Secret Key, Publishable Key, and Webhook Signing Secret. The first two start checkout; the webhook keeps Subscribers in sync after payment.
If you do not need payments yet, leave payment fields empty and come back when you are ready to go live.
How keys are stored
Server-side secrets (Stripe Secret Key, webhook signing secrets, Paddle API key, AppsFlyer Dev Key, app access key, Resend/SendGrid keys) are encrypted before storage.
Public browser keys (Stripe Publishable Key, Paddle Client-side Token) are stored as-is — they are designed to be used in the visitor's browser and are not encrypted.
On a self-managed installation, whoever operates the servers also configures the encryption key used for server-side secrets — that key is kept outside the same database as your funnel data.
Choosing a processor
Use the Active payment processor toggle to switch between Stripe and Paddle. Only the selected processor is used for new checkouts. You can fill in both processors and switch between them later; inactive keys are saved and never cleared.
Stripe fields
| Field | Role | Where to find it |
|---|---|---|
Secret Key (sk_live_...) | Server only — creates PaymentIntents and subscriptions | Stripe Dashboard -> Developers -> API keys |
Publishable Key (pk_live_...) | Browser — loads Stripe Elements on Checkout (public, not encrypted) | Stripe Dashboard -> Developers -> API keys |
Webhook Signing Secret (whsec_...) | Server only — verifies Stripe events and updates Subscribers | Stripe Dashboard -> Developers -> Webhooks -> your endpoint -> Signing secret |
The Webhook endpoint URL shown below the fields is unique to your workspace. Copy it into Stripe when creating the webhook endpoint. For a full walkthrough see Payments - Stripe setup.
For security, use a restricted Stripe key where possible. The Stripe payments guide lists the minimum permissions web2app needs and which resources should stay disabled.
Express checkout methods (Apple Pay, Google Pay, Link, and others) are turned on in your Stripe Dashboard, not in web2app.
Paddle fields
| Field | Role | Where to find it |
|---|---|---|
| API Key | Server only — creates Paddle transactions (encrypted) | Paddle Dashboard -> Developer Tools -> Authentication -> API keys |
| Client-side Token | Browser — loads Paddle checkout frame (public, not encrypted) | Paddle Dashboard -> Developer Tools -> Authentication -> Client-side tokens |
| Webhook Secret Key | Server only — verifies Paddle events and updates Subscribers | Paddle Dashboard -> Developer Tools -> Notifications -> your notification -> Secret key |
The Webhook endpoint URL shown below the fields is unique to your workspace. Copy it into Paddle when creating the notification. For a full walkthrough see Payments - Paddle setup.
For security, create a dedicated Paddle API key for web2app. The Paddle payments guide lists the minimum permissions; today web2app only needs transaction creation for checkout.
AppsFlyer and app access fields
| Field | Purpose |
|---|---|
| AppsFlyer Dev Key | Used server-side for AppsFlyer S2S purchase, renewal, cancellation, and refund events. |
| AppsFlyer App ID | iOS App ID (id123...) or Android package name used by AppsFlyer S2S. |
| App Access API Key | Optional secret your app (or backend) sends when calling app access HTTPS endpoints; see App integration. |
OneLink URLs are configured per funnel under Funnel settings -> Web-to-App Access. See App integration.
Managed Access email
This optional transport sends a simple transactional access email after Stripe or Paddle confirms a purchase. It only applies to funnels using Managed Access. If email is Off, send customer emails from your own backend or automation tool after receiving signed owner webhook events such as purchase.completed.
| Provider | Behavior |
|---|---|
| Off | web2app does not send customer access email. |
| Resend | web2app sends the access link/code using your encrypted Resend API key. |
| SendGrid | web2app sends the access link/code using your encrypted SendGrid API key. |
The From email must use a sender domain verified inside Resend or SendGrid. web2app does not verify or own that domain; the provider checks it when sending. After saving the provider settings, use Send test email to send a provider/domain test to your account email.