Example #1
0
// VerifyEventWithStripe verifies the event received via webhook with Stripe
// using the ID to confirm webhook is legit - extra security step
// Note: If the stripe webhook is not Livemode then this bypasses the call to Stripe
// and uses the event we have from the original webhook.
// Without that bypass, a testmode hook would always fail this callback
func VerifyEventWithStripe(hook *stripe.Event) (*stripe.Event, error) {
	if !hook.Live {
		return hook, nil
	}
	stripe.Key = "" // your private stripe api key goes here
	return event.Get(hook.ID)
}
Example #2
0
// Webhook handles events from stripe
func Webhook(u *url.URL, h http.Header, req *stripe.Event) (int, http.Header, interface{}, error) {
	// if we dont support the handler, just return success so they dont try again.
	handler, err := payment.GetHandler(req.Type)
	if err != nil {
		return response.NewDefaultOK()
	}

	// get the event from stripe api again since they dont provide a way to
	// authenticate incoming requests
	event, err := event.Get(req.ID, nil)
	if err != nil {
		return response.NewBadRequest(err)
	}

	if err := handler(event.Data.Raw); err != nil {
		return response.NewBadRequest(err)
	}

	return response.NewDefaultOK()
}