Introduction
A paid Chrome extension, gated by Whop.
This is a starter for a paid Chrome extension. The extension is a thin client, a Next.js app is the trusted backend, and Whop owns login, checkout, billing, and access.
The extension never decides access on its own. It holds a Whop OAuth token and sends it to the server, and the server re-checks the user's membership with Whop before returning anything paid.
How it fits together
- Extension — a Manifest V3 popup and background service worker. It runs Whop OAuth, stores the token, and calls the backend.
- Next.js app — the API the extension calls, plus the checkout page. It verifies access with Whop on every gated request.
- Whop — the system of record for users, payments, subscriptions, and access.
What's inside
- Whop OAuth login from the extension, with PKCE and no client secret
- Server-side access checks, re-verified on every request
- Embedded Whop checkout with a hosted fallback
- A billing-portal link and signature-verified webhooks
- Mock mode, so the whole flow runs before you add Whop credentials
Next
Run it locally with Getting started, then see how the pieces divide up in Architecture.