Documentation ¶
Overview ¶
Example ¶
package main import ( "fmt" "io/ioutil" "log" "net/http" "github.com/stripe/stripe-go/v72/webhook" ) func main() { http.HandleFunc("/webhook", func(w http.ResponseWriter, req *http.Request) { // Protects against a malicious client streaming us an endless request // body const MaxBodyBytes = int64(65536) req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes) body, err := ioutil.ReadAll(req.Body) if err != nil { w.WriteHeader(http.StatusBadRequest) return } // Pass the request body & Stripe-Signature header to ConstructEvent, along with the webhook signing key event, err := webhook.ConstructEvent(body, req.Header.Get("Stripe-Signature"), "whsec_DaLRHCRs35vEXqOE8uTEAXGLGUOnyaFf") if err != nil { w.WriteHeader(http.StatusBadRequest) // Return a 400 error on a bad signature fmt.Fprintf(w, "%v", err) return } fmt.Fprintf(w, "Received signed event: %v", event) }) log.Fatal(http.ListenAndServe(":8080", nil)) }
Output:
Index ¶
- Constants
- Variables
- func ComputeSignature(t time.Time, payload []byte, secret string) []byte
- func ConstructEvent(payload []byte, header string, secret string) (stripe.Event, error)
- func ConstructEventIgnoringTolerance(payload []byte, header string, secret string) (stripe.Event, error)
- func ConstructEventWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) (stripe.Event, error)
- func ValidatePayload(payload []byte, header string, secret string) error
- func ValidatePayloadIgnoringTolerance(payload []byte, header string, secret string) error
- func ValidatePayloadWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) error
Examples ¶
Constants ¶
const ( // DefaultTolerance indicates that signatures older than this will be rejected by ConstructEvent. DefaultTolerance time.Duration = 300 * time.Second )
Variables ¶
var ( ErrInvalidHeader = errors.New("webhook has invalid Stripe-Signature header") ErrNoValidSignature = errors.New("webhook had no valid signature") ErrNotSigned = errors.New("webhook has no Stripe-Signature header") ErrTooOld = errors.New("timestamp wasn't within tolerance") )
This block represents the list of errors that could be raised when using the webhook package.
Functions ¶
func ComputeSignature ¶
ComputeSignature computes a webhook signature using Stripe's v1 signing method.
See https://stripe.com/docs/webhooks#signatures for more information.
func ConstructEvent ¶
ConstructEvent initializes an Event object from a JSON webhook payload, validating the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than DefaultTolerance.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
func ConstructEventIgnoringTolerance ¶
func ConstructEventIgnoringTolerance(payload []byte, header string, secret string) (stripe.Event, error)
ConstructEventIgnoringTolerance initializes an Event object from a JSON webhook payload, validating the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable or if the signature doesn't match. Does not check the signature's timestamp.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
func ConstructEventWithTolerance ¶
func ConstructEventWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) (stripe.Event, error)
ConstructEventWithTolerance initializes an Event object from a JSON webhook payload, validating the signature in the Stripe-Signature header using the specified signing secret and tolerance window. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than the specified tolerance.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
func ValidatePayload ¶
ValidatePayload validates the payload against the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than DefaultTolerance.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
func ValidatePayloadIgnoringTolerance ¶
ValidatePayloadIgnoringTolerance validates the payload against the Stripe-Signature header header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable or if the signature doesn't match. Does not check the signature's timestamp.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
func ValidatePayloadWithTolerance ¶
func ValidatePayloadWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) error
ValidatePayloadWithTolerance validates the payload against the Stripe-Signature header using the specified signing secret and tolerance window. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than the specified tolerance.
NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks
Types ¶
This section is empty.