Improve webhook validation

Created on 23 August 2022, over 2 years ago
Updated 6 September 2024, 4 months ago

Problem/Motivation

The current webhook validation is lacking in a couple of ways:

      // Verify the event by fetching it from Stripe.
      return Event::retrieve($event_json->id);

The above does not pass in the current API key, which can lead to false negative.

The module should also provide a way of leveraging stiripe's own webhook verification library, per https://stripe.com/docs/webhooks/signatures.

Proposed resolution

Pass the API key into Event::retrieve($event_json->id), and provide a way to leverage Stripe's provide webhook verification library.

πŸ“Œ Task
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States mrweiner

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024