Stripe Webhook Auth - Zuplo Docs

The Stripe Webhook policy secures your incoming webhooks by validating that the request was sent by Stripe.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{
  "name": "my-stripe-webhook-verification-inbound-policy",
  "policyType": "stripe-webhook-verification-inbound",
  "handler": {
    "export": "StripeWebhookVerificationInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "tolerance": 300
    }
  }
}

Policy Configuration

name <string> - The name of your policy instance. This is used as a reference in your routes.
policyType <string> - The identifier of the policy. This is used by the Zuplo UI. Value should be stripe-webhook-verification-inbound.
handler.export <string> - The name of the exported type. Value should be StripeWebhookVerificationInboundPolicy.
handler.module <string> - The module containing the policy. Value should be $import(@zuplo/runtime).
handler.options <object> - The options for this policy. See Policy Options below.

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

signingSecret <string> (Required) -
The signing secret for the webhook.
tolerance <number> -
The allowed clock skew in seconds between the time the webhook signature was crated and the current time.
Defaults to 300.

Stripe Webhook Auth Policy

Configuration

Policy Configuration

Policy Options

Using the Policy