Handles webhooks from payment providers (Stripe, PayPal, Razorpay).
This controller receives webhook events from payment providers, verifies their signatures, and processes them through the WebhookProcessor.
Webhook URLs
Configure these URLs in your payment provider dashboards:
- Stripe:
https://yourdomain.com/phoenix_kit/webhooks/billing/stripe - PayPal:
https://yourdomain.com/phoenix_kit/webhooks/billing/paypal - Razorpay:
https://yourdomain.com/phoenix_kit/webhooks/billing/razorpay
Security
All webhooks verify signatures to ensure they come from legitimate sources. Invalid signatures result in 401 Unauthorized responses.
Idempotency
Events are logged in the phoenix_kit_webhook_events table with their
event IDs. Duplicate events are detected and ignored to prevent
double-processing.
Summary
Functions
Handles PayPal webhooks.
PayPal verification requires multiple headers for signature verification.
Handles Razorpay webhooks.
Signature is read from the x-razorpay-signature header.
Handles Stripe webhooks.
Expects the raw body in conn.assigns.raw_body (set by a custom Plug).
Signature is read from the stripe-signature header.