Resources
Troubleshooting
Billing Issues

Billing Issues

This page covers the most common billing and onboarding problems and how to resolve them.

API key not received after checkout

After completing Stripe checkout, your API key is issued via the checkout.session.completed webhook. If you did not receive it:

Check your email

The API key is sent to the email address you used at checkout. Check your spam/junk folder, as automated emails may be filtered.

Log in to the dashboard

API keys are always visible at app.nat-testing.io (opens in a new tab) under Settings → API Keys, even if the email was not delivered.

Verify the webhook completed

If neither the email nor the dashboard shows a key, the Stripe webhook may not have been delivered. Contact support at support@nat-testing.io with your Stripe checkout session ID (visible in your Stripe receipt email) and we will provision your key manually.

Webhook delivery can take up to 60 seconds after checkout completion. If the dashboard shows no key after 2 minutes, proceed to the support step above.

402 Quota exceeded errors

A 402 Payment Required response with error code QUOTA_EXCEEDED means you have consumed all scans in your current billing period.

{
  "error": "QUOTA_EXCEEDED",
  "message": "Monthly scan quota exhausted. Quota resets on 2025-02-01.",
  "quota_reset_date": "2025-02-01T00:00:00Z"
}

Resolution options:

  1. Wait for reset — quota resets automatically on the quota_reset_date. No action is required.
  2. Upgrade your plan — log in to the dashboard (opens in a new tab) and go to Settings → Billing, or use the Billing API to create a checkout session for a higher plan.
  3. Pause non-critical scans — reduce automated CI/CD scans until quota_reset_date to stay within your current plan limit.

Check your current usage at any time:

curl https://api.nat-testing.io/api/v1/usage \
  -H "X-API-Key: $NAT_API_KEY"

403 Feature not available on your plan

A 403 Forbidden response on a scan endpoint means you are attempting to use a feature not included in your current plan (e.g., security scanning, visual regression, or accessibility testing on the Free plan).

{
  "error": "PLAN_FEATURE_RESTRICTED",
  "message": "Security scanning requires a Pro or Team plan.",
  "upgrade_url": "https://nat-testing.io/pricing"
}

Resolution: Upgrade to the Pro or Team plan. See Billing & Plans for a feature comparison.

Stripe webhook failures

If you are self-hosting NAT and Stripe events are not being processed:

1. Verify environment variables

Ensure these variables are set correctly in your server environment:

VariableDescription
STRIPE_SECRET_KEYYour Stripe secret key (sk_live_... or sk_test_...)
STRIPE_WEBHOOK_SECRETSigning secret from your Stripe webhook endpoint configuration
STRIPE_PRICE_ID_PROStripe Price ID for the Pro plan
STRIPE_PRICE_ID_TEAMStripe Price ID for the Team plan

2. Check the webhook URL

The webhook URL must be reachable from Stripe's servers. For local development, use the Stripe CLI (opens in a new tab) to forward webhooks:

stripe listen --forward-to localhost:8080/api/v1/billing/webhook

3. Validate the signing secret

Copy the signing secret (whsec_...) from your Stripe dashboard under Developers → Webhooks and set it as STRIPE_WEBHOOK_SECRET. Using the wrong secret causes all webhook deliveries to fail signature validation and be rejected with 400 Bad Request.

4. Review webhook logs

In the Stripe dashboard under Developers → Webhooks, click your endpoint to see delivery attempts, response codes, and error details.

⚠️

Never expose your STRIPE_WEBHOOK_SECRET in client-side code or public repositories.

How to rotate your API key

If your API key has been compromised or you want to issue a new one:

  1. Log in at app.nat-testing.io (opens in a new tab)
  2. Go to Settings → API Keys
  3. Click Rotate Key
  4. Confirm the rotation — your old key is immediately revoked
⚠️

Rotating your key immediately invalidates the old one. Update all integrations, CI/CD pipelines, and environment variables before rotating.

Still having trouble?

Contact support at support@nat-testing.io with:

  • Your account email address
  • The Stripe receipt or checkout session ID (if related to checkout)
  • The error response body (if an API error)
  • A description of what you expected vs. what happened

See also:

Was this helpful?
Auth IssuesConnection Errors