Validate Webhook Auth with HTTP / Webhook API on New Custom Webhook Events from Stripe API

Pipedream makes it easy to connect APIs for HTTP / Webhook, Stripe and 2,000+ other apps remarkably fast.

Trigger workflow on

New Custom Webhook Events from the Stripe API

Next, do this

Validate Webhook Auth with the HTTP / Webhook API

No credit card required

▶

Watch us build a workflow

4 min

Watch now ➜

Trusted by 800,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

Getting Started#

This integration creates a workflow with a Stripe trigger and HTTP / Webhook action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

Select this integration
Configure the New Custom Webhook Events trigger
1. Connect your Stripe account
2. Select one or more Events
Configure the Validate Webhook Auth action
1. Connect your HTTP / Webhook account
2. Configure Authorization Value to Authenticate
3. Configure Return Error to Webhook Caller
4. Select a Authorization Type
Deploy the workflow
Send a test event to validate your setup
Turn on the trigger

Details#

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger#

New Custom Webhook Events on Stripe

Description:Emit new event on each webhook event

Version:0.1.1

Key:stripe-custom-webhook-events

View on GitHub

Stripe Overview#

The Stripe API is a powerful tool for managing online payments, subscriptions, and invoices. With Pipedream, you can leverage this API to automate payment processing, monitor transactions, and sync billing data with other services. Pipedream's no-code platform allows for quick integration and creation of serverless workflows that react to Stripe events in real-time. For instance, you might automatically update customer records, send personalized emails after successful payments, or escalate failed transactions to your support team.

Trigger Code#

import constants from "../common/constants.mjs";
import sampleEmit from "./test-event.mjs";
import common from "../common/webhook-base.mjs";

export default {
  ...common,
  key: "stripe-custom-webhook-events",
  name: "New Custom Webhook Events",
  type: "source",
  version: "0.1.1",
  description: "Emit new event on each webhook event",
  props: {
    ...common.props,
    enabledEvents: {
      type: "string[]",
      label: "Events",
      description: "Events to listen for. Select `*` for all events",
      options: constants.WEBHOOK_EVENTS,
      default: [
        "*",
      ],
    },
  },
  methods: {
    ...common.methods,
    getEvents() {
      return this.enabledEvents;
    },
  },
  sampleEmit,
};

Trigger Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.

Label	Prop	Type	Description
Stripe	`stripe`	`app`	This component uses the Stripe app.
N/A	`http`	`$.interface.http`	This component uses `$.interface.http` to generate a unique URL when the component is first instantiated. Each request to the URL will trigger the `run()` method of the component.
N/A	`db`	`$.service.db`	This component uses `$.service.db` to maintain state between executions.
Events	`enabledEvents`	`string[]`	Select a value from the drop down menu:`*account.application.authorizedaccount.application.deauthorizedaccount.external_account.createdaccount.external_account.deletedaccount.external_account.updatedaccount.updatedapplication_fee.createdapplication_fee.refund.updatedapplication_fee.refundedbalance.availablecapability.updatedcharge.capturedcharge.dispute.closedcharge.dispute.createdcharge.dispute.funds_reinstatedcharge.dispute.funds_withdrawncharge.dispute.updatedcharge.expiredcharge.failedcharge.pendingcharge.refund.updatedcharge.refundedcharge.succeededcharge.updatedcheckout.session.async_payment_failedcheckout.session.async_payment_succeededcheckout.session.completedcoupon.createdcoupon.deletedcoupon.updatedcredit_note.createdcredit_note.updatedcredit_note.voidedcustomer.createdcustomer.deletedcustomer.discount.createdcustomer.discount.deletedcustomer.discount.updatedcustomer.source.createdcustomer.source.deletedcustomer.source.expiringcustomer.source.updatedcustomer.subscription.createdcustomer.subscription.deletedcustomer.subscription.pending_update_appliedcustomer.subscription.pending_update_expiredcustomer.subscription.trial_will_endcustomer.subscription.updatedcustomer.tax_id.createdcustomer.tax_id.deletedcustomer.tax_id.updatedcustomer.updatedfile.createdinvoice.createdinvoice.deletedinvoice.finalizedinvoice.marked_uncollectibleinvoice.paidinvoice.payment_action_requiredinvoice.payment_failedinvoice.payment_succeededinvoice.sentinvoice.upcominginvoice.updatedinvoice.voidedinvoiceitem.createdinvoiceitem.deletedinvoiceitem.updatedissuing_authorization.createdissuing_authorization.requestissuing_authorization.updatedissuing_card.createdissuing_card.updatedissuing_cardholder.createdissuing_cardholder.updatedissuing_dispute.createdissuing_dispute.funds_reinstatedissuing_dispute.updatedissuing_transaction.createdissuing_transaction.updatedmandate.updatedorder.createdorder.payment_failedorder.payment_succeededorder.updatedorder_return.createdpayment_intent.amount_capturable_updatedpayment_intent.canceledpayment_intent.createdpayment_intent.payment_failedpayment_intent.processingpayment_intent.succeededpayment_method.attachedpayment_method.card_automatically_updatedpayment_method.detachedpayment_method.updatedpayout.canceledpayout.createdpayout.failedpayout.paidpayout.updatedperson.createdperson.deletedperson.updatedplan.createdplan.deletedplan.updatedprice.createdprice.deletedprice.updatedproduct.createdproduct.deletedproduct.updatedradar.early_fraud_warning.createdradar.early_fraud_warning.updatedrecipient.createdrecipient.deletedrecipient.updatedreporting.report_run.failedreporting.report_run.succeededreporting.report_type.updatedreview.closedreview.openedsetup_intent.canceledsetup_intent.createdsetup_intent.setup_failedsetup_intent.succeededsigma.scheduled_query_run.createdsku.createdsku.deletedsku.updatedsource.canceledsource.chargeablesource.failedsource.mandate_notificationsource.refund_attributes_requiredsource.transaction.createdsource.transaction.updatedsubscription_schedule.abortedsubscription_schedule.canceledsubscription_schedule.completedsubscription_schedule.createdsubscription_schedule.expiringsubscription_schedule.releasedsubscription_schedule.updatedtax_rate.createdtax_rate.updatedtopup.canceledtopup.createdtopup.failedtopup.reversedtopup.succeededtransfer.createdtransfer.failedtransfer.paidtransfer.reversedtransfer.updated`

Trigger Authentication#

Stripe uses API keys for authentication. When you connect your Stripe account, Pipedream securely stores the keys so you can easily authenticate to Stripe APIs in both code and no-code steps.

Stripe uses API keys to authenticate requests (more info in their docs here).

To connect Pipedream to your Stripe account,

Create a Stripe API key
Click "Create Restricted Key"
Enter the Restricted API key below.

To help ensure proper security, we recommend you create a Restricted key with scopes relevant to the specific operations you will use in Pipedream.

About Stripe#

Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes.

Action#

Validate Webhook Auth on HTTP / Webhook

Description:Require authorization for incoming HTTP webhook requests. Make sure to configure the HTTP trigger to "Return a custom response from your workflow".

Version:0.0.3

Key:http-validate-webhook-auth

View on GitHub

HTTP / Webhook Overview#

Build, test, and send HTTP requests without code using your Pipedream workflows. The HTTP / Webhook action is a tool to build HTTP requests with a Postman-like graphical interface.

Point and click HTTP requests

Define the target URL, HTTP verb, headers, query parameters, and payload body without writing custom code.

$A screenshot of Pipedream's HTTP Request Configuration interface with a GET request type selected. The request URL is set to 'https://api.openai.com/v1/models'. The 'Auth' tab is highlighted, indicating that authentication is required for this request. In the headers section, there are two headers configured: 'User-Agent' is set to 'pipedream/1', and 'Authorization' is set to 'Bearer {{openai_api_key}}', showing how the OpenAI account's API key is dynamically inserted into the headers to handle authentication automatically.$

Here's an example workflow that uses the HTTP / Webhook action to send an authenticated API request to OpenAI.

Focus on integrating, not authenticating

This action can also use your connected accounts with third-party APIs. Selecting an integrated app will automatically update the request’s headers to authenticate with the app properly, and even inject your token dynamically.

Pipedream integrates with thousands of APIs, but if you can’t find a Pipedream integration simply use Environment Variables in your request headers to authenticate with.

Compatible with no code actions or Node.js and Python

The HTTP/Webhook action exports HTTP response data for use in subsequent workflow steps, enabling easy data transformation, further API calls, database storage, and more.

Response data is available for both coded (Node.js, Python) and no-code steps within your workflow.

Action Code#

import http from "../../http.app.mjs";

export default {
  name: "Validate Webhook Auth",
  version: "0.0.3",
  key: "http-validate-webhook-auth",
  description: "Require authorization for incoming HTTP webhook requests. Make sure to configure the HTTP trigger to \"Return a custom response from your workflow\".",
  type: "action",
  props: {
    http,
    authInput: {
      type: "string",
      label: "Authorization Value to Authenticate",
      description: "Select the location of the authorization value to check. For example, if you're looking for a Bearer token on the inbound webhook request, set this to `{{steps.trigger.event.body.headers.authorization}}`.",
      default: "{{steps.trigger.event.headers.authorization}}",
    },
    customResponse: {
      type: "boolean",
      label: "Return Error to Webhook Caller",
      description: "If `True`, returns a `401: Invalid credentials` error in the case of invalid authorization. **Make sure to configure the HTTP trigger to \"Return a custom response from your workflow\"**. If `False`, does not return a custom response in the case of invalid auth.",
      default: true,
    },
    authType: {
      type: "string",
      label: "Authorization Type",
      description: "Select the Authorization Type for the incoming webhook.",
      reloadProps: true,
      options: [
        {
          label: "Basic Auth",
          value: "basic",
        },
        {
          label: "Bearer Auth",
          value: "bearer",
        },
        {
          label: "Key-Based Auth",
          value: "key",
        },
      ],
    },
  },
  async additionalProps() {
    const props = {};
    switch (this.authType) {
    case "basic":
      props.basicAuthUsername = {
        type: "string",
        label: "Username",
        description: "Enter your username or reference an environment variable. For example, `{{process.env.username}}`.",
      };
      props.basicAuthPassword = {
        type: "string",
        label: "Password",
        description: "Enter your password or reference an environment variable. For example, `{{process.env.password}}`.",
        secret: true,
      };
      break;
    case "bearer":
      props.bearer = {
        type: "string",
        label: "Bearer Token",
        description: "Enter your Bearer Token  or reference an environment variable. For example, `{{process.env.token}}`. **Make sure to include any prepended values**, like `Bearer` for example.",
      };
      break;
    case "key":
      props.key = {
        type: "string",
        label: "API Key",
        description: "Enter your API Key or reference an environment variable. For example, `{{process.env.api_key}}`.",
        secret: true,
      };
      break;
    default:
    }
    return props;
  },
  async run({ $ }) {
    const authType = this.authType;
    const authInput = this.authInput;
    let basicString = "";
    if (authType === "basic") {
      const un = this.basicAuthUsername;
      const pw = this.basicAuthPassword;
      const str = `${un}:${pw}`;
      const buff = Buffer.from(str, "utf-8");
      basicString = `Basic ${buff.toString("base64")}`;
    }
    const authValue = this.bearer ?? this.key ?? basicString;
    if (authInput !== authValue) {
      if (this.customResponse) {
        await $.respond({
          status: 401,
          headers: {},
          body: "Invalid credentials",
        });
      }
      return $.flow.exit("Invalid credentials");
    }
    $.export("$summary", "HTTP request successfully authenticated");
  },
};

Action Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

Label	Prop	Type	Description
HTTP / Webhook	`http`	`app`	This component uses the HTTP / Webhook app.
Authorization Value to Authenticate	`authInput`	`string`	Select the location of the authorization value to check. For example, if you're looking for a Bearer token on the inbound webhook request, set this to `{{steps.trigger.event.body.headers.authorization}}`.
Return Error to Webhook Caller	`customResponse`	`boolean`	If `True`, returns a `401: Invalid credentials` error in the case of invalid authorization. Make sure to configure the HTTP trigger to "Return a custom response from your workflow". If `False`, does not return a custom response in the case of invalid auth.
Authorization Type	`authType`	`string`	Select a value from the drop down menu:`{ "label": "Basic Auth", "value": "basic" }{ "label": "Bearer Auth", "value": "bearer" }{ "label": "Key-Based Auth", "value": "key" }`

Action Authentication#

The HTTP / Webhook API does not require authentication.

About HTTP / Webhook#

Get a unique URL where you can send HTTP or webhook requests

More Ways to Connect HTTP / Webhook + Stripe#

Other Popular Integrations#

Custom Request with HTTP / Webhook API on Custom Webhook Events from Stripe API

Stripe + HTTP / Webhook