Policies

Stripe Webhook Auth Policy

The Stripe Webhook policy secures your incoming webhooks by validating that the request was sent by Stripe.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{
  "name": "my-stripe-webhook-verification-inbound-policy",
  "policyType": "stripe-webhook-verification-inbound",
  "handler": {
    "export": "StripeWebhookVerificationInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "tolerance": 300
    }
  }
}

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

  • signingSecret <string> (Required) -
    The signing secret for the webhook.
  • tolerance <number> -
    The allowed clock skew in seconds between the time the webhook signature was crated and the current time.
    Defaults to 300.

Using the Policy

Read more about how policies work

Previous
Request Size Limit
Next
Quota