View Source Stripe.Webhook (stripity_stripe v3.2.0)

Creates a Stripe Event from webhook's payload if signature is valid.

Summary

Functions

Verify webhook payload and return a Stripe event.

Functions

Link to this function

construct_event(payload, signature_header, secret, tolerance \\ 300)

View Source
@spec construct_event(String.t(), String.t(), String.t(), integer()) ::
  {:ok, Stripe.Event.t()} | {:error, any()}

Verify webhook payload and return a Stripe event.

payload is the raw, unparsed content body sent by Stripe, which can be retrieved with Plug.Conn.read_body/2. Note that Plug.Parsers will read and discard the body, so you must implement a custom body reader if the plug is located earlier in the pipeline.

signature is the value of Stripe-Signature header, which can be fetched with Plug.Conn.get_req_header/2.

secret is your webhook endpoint's secret from the Stripe Dashboard.

tolerance is the allowed deviation in seconds from the current system time to the timestamp found in signature. Defaults to 300 seconds (5 minutes).

Stripe API reference: https://stripe.com/docs/webhooks/signatures#verify-manually

Example

case Stripe.Webhook.construct_event(payload, signature, secret) do
  {:ok, %Stripe.Event{} = event} ->
    # Return 200 to Stripe and handle event

  {:error, reason} ->
    # Reject webhook by responding with non-2XX
end