Reputation: 4317
How to verify stripe webhook signatures without endpoint secret?
I'm building a "multiplatform" solution where each user could have it's "shop" and receive the founds directly on their stripe accounts.
So each user when creates it's shop provides public and secret stripe key which are stored on the server and used when some payments are made.
The problem comes when i have to use the webhooks where i have to verify the user webhook endpoint secret, i can't ask the users to provide and store the WH endpoint key...
(I use the webhook to send the order in preparation once the payment charge is succeeded)
So i was wondering if there was a way to manually verify the webhook signature without using the endpoint secret, i saw that here is possible manually verify signature but anyway i have to use the endpoint’s signing secret as key..
Upvotes: 1
Views: 1226
Answers (1)
Reputation: 6520
It's not possible to verify Stripe webhook event payloads without a webhook signing secret.
However, it sounds like your use case fits Connect quite well, and a Connect webhook endpoint may work for your needs.
Connect webhooks will receive events from all connected accounts, and will avoid the need to manage individual webhook endpoints and secrets for each account.
Upvotes: 3
Related Questions
- Webhook signature verification failed with express stripe
- How to check Stripe webhook signatures in firebase functions
- How to verify Stripe's webhook signature?
- how to get stripe-signature in your stripe webhook header
- Stripe webhook signature is not present
- How do I generate a signed Stripe rest webhook request locally?
- Create stripe webhooks using API
- Validating Stripe Webhook Signatures in Classic ASP
- Programmatically register stripe webhooks
- Why Stripe's webhooks do not need verify signature?