Webhook signature verification for Stripe webhooks.
Stripe signs webhook events using HMAC-SHA256. This namespace provides functions to verify signatures and construct verified event objects.
Usage:
(require '[stream.clojure.stripe.webhook :as webhook])
;; In your HTTP handler
(let [payload (slurp (:body request))
sig-header (get-in request [:headers "stripe-signature"])
result (webhook/construct-event payload sig-header "whsec_xxx")]
(if (webhook/verification-error? result)
{:status 400 :body "Invalid signature"}
(process-event result)))
Webhook signature verification for Stripe webhooks.
Stripe signs webhook events using HMAC-SHA256. This namespace provides
functions to verify signatures and construct verified event objects.
Usage:
```clojure
(require '[stream.clojure.stripe.webhook :as webhook])
;; In your HTTP handler
(let [payload (slurp (:body request))
sig-header (get-in request [:headers "stripe-signature"])
result (webhook/construct-event payload sig-header "whsec_xxx")]
(if (webhook/verification-error? result)
{:status 400 :body "Invalid signature"}
(process-event result)))
```Default timestamp tolerance in seconds (5 minutes).
Default timestamp tolerance in seconds (5 minutes).
(construct-event payload sig-header secret)(construct-event payload sig-header secret opts)Verify webhook signature and parse the event payload.
Arguments:
Returns:
Example:
(let [result (construct-event payload sig-header "whsec_xxx")]
(if (verification-error? result)
(handle-error result)
(case (:type result)
"customer.created" (handle-customer-created result)
"invoice.paid" (handle-invoice-paid result)
nil)))
Verify webhook signature and parse the event payload.
Arguments:
- payload: Raw request body as string
- sig-header: Value of Stripe-Signature header
- secret: Webhook signing secret
- opts: Optional verification options (see verify-header)
Returns:
- Parsed event map on success (with :id, :type, :data, etc.)
- {:error/code ... :error/message ...} on failure
Example:
```clojure
(let [result (construct-event payload sig-header "whsec_xxx")]
(if (verification-error? result)
(handle-error result)
(case (:type result)
"customer.created" (handle-customer-created result)
"invoice.paid" (handle-invoice-paid result)
nil)))
```(generate-test-header payload secret)(generate-test-header payload
secret
{:keys [timestamp scheme] :or {scheme "v1"}})Generate a Stripe-Signature header for testing.
Arguments:
Returns: Stripe-Signature header string
Generate a Stripe-Signature header for testing. Arguments: - payload: Event payload string - secret: Webhook signing secret - opts: Optional map with: - :timestamp - Unix timestamp (default: current time) - :scheme - Signature scheme (default: "v1") Returns: Stripe-Signature header string
(verification-error code message)Create a verification error map.
Create a verification error map.
(verification-error? result)Check if result is a verification error.
Check if result is a verification error.
(verify-header payload sig-header secret)(verify-header payload
sig-header
secret
{:keys [tolerance timestamp]
:or {tolerance *default-tolerance*}})Verify a Stripe webhook signature.
Arguments:
Returns:
Verify a Stripe webhook signature.
Arguments:
- payload: Raw request body as string (must be exact bytes received)
- sig-header: Value of Stripe-Signature header
- secret: Webhook signing secret (starts with whsec_)
- opts: Optional map with:
- :tolerance - Max age in seconds (default: 300)
- :timestamp - Current timestamp for testing (default: System/currentTimeMillis / 1000)
Returns:
- {:timestamp <unix-timestamp>} on success
- {:error/code :invalid-header :error/message "..."} on failurecljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |