diff --git a/app.js b/app.js
index 13acaaa..aed88c8 100644
--- a/app.js
+++ b/app.js
@@ -3,7 +3,7 @@ require('express-async-errors');
 const path = require('path');
 const express = require('express');
 const app = express();
-
+const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
 const morgan = require('morgan');
 const cookieParser = require('cookie-parser'); //to get access to the cookie received from the browser
 const fileUpload = require('express-fileupload');
diff --git a/controllers/orderController.js b/controllers/orderController.js
index 5db97f1..69c9160 100644
--- a/controllers/orderController.js
+++ b/controllers/orderController.js
@@ -194,6 +194,28 @@ const getCurrentUserOrders = async (req, res) => {
   res.status(StatusCodes.OK).json({ orders, count: orders.length });
 };
 
+const payOrder=  async (req, res) => {
+  const { amount, currency, description, token } = req.body;
+   checkPermissions(req.user, order.user); 
+
+   try {
+    const charge = await stripe.charges.create({
+      amount,
+      currency,
+      description,
+      source: token,
+    });
+
+    // Handle successful payment
+    res.json({ success: true, charge });
+  } catch (error) {
+    // Handle payment failure
+    res.json({ success: false, error: error.message });
+  }
+ 
+};
+
+
 const updatePaymentStatus = async (req, res) => {
   const { id: orderId } = req.params;
   const { paymentIntentId } = req.body;
@@ -215,4 +237,5 @@ module.exports = {
   getCurrentUserOrders,
   createOrder,
   updatePaymentStatus ,
+  payOrder,
 };
diff --git a/package-lock.json b/package-lock.json
index e12c672..758d105 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -27,6 +27,7 @@
         "jsonwebtoken": "^8.5.1",
         "mongoose": "^6.0.8",
         "morgan": "^1.10.0",
+        "stripe": "^12.12.0",
         "validator": "^13.6.0",
         "xss-clean": "^0.1.1"
       },
@@ -2667,6 +2668,18 @@
         "node": ">=10.0.0"
       }
     },
+    "node_modules/stripe": {
+      "version": "12.12.0",
+      "resolved": "https://registry.npmjs.org/stripe/-/stripe-12.12.0.tgz",
+      "integrity": "sha512-aM9xfyDryiaf/qSWMtJaTMrlc/he3qyx3aVHMqOZqUiMdgTV6lt7tLpFrU0pG+QURm1LAP9GYZ+EcA17446YoQ==",
+      "dependencies": {
+        "@types/node": ">=8.1.0",
+        "qs": "^6.11.0"
+      },
+      "engines": {
+        "node": ">=12.*"
+      }
+    },
     "node_modules/strnum": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz",
diff --git a/package.json b/package.json
index 7f1c871..30b5a4b 100644
--- a/package.json
+++ b/package.json
@@ -28,6 +28,7 @@
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^6.0.8",
     "morgan": "^1.10.0",
+    "stripe": "^12.12.0",
     "validator": "^13.6.0",
     "xss-clean": "^0.1.1"
   },
diff --git a/routes/orderRoutes.js b/routes/orderRoutes.js
index ffcc5a6..a7491a5 100644
--- a/routes/orderRoutes.js
+++ b/routes/orderRoutes.js
@@ -10,7 +10,8 @@ const {
   getSingleOrder,
   getCurrentUserOrders,
   createOrder,
-  updatePaymentStatus ,
+  updatePaymentStatus, 
+  payOrder,
 } = require('../controllers/orderController');
 
 router
@@ -27,5 +28,5 @@ router
 
   router
   .route('/:id/pay')
-  .patch(authenticateUser,  updatePaymentStatus );
+  .patch(authenticateUser, payOrder, updatePaymentStatus );
 module.exports = router;