stripe-signature: Verification of Stripe webhook signatures

[ library, mit, web ] [ Propose Tags ] [ Report a vulnerability ]

When Stripe sends an event to your webhook, it includes an HTTP header named “Stripe-Signature”. You should use this to verify the authenticity of the request to ensure that you are not acting upon forged events originating from some source other than Stripe.


[Skip to Readme]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 1.0.0.0, 1.0.0.1, 1.0.0.2, 1.0.0.4, 1.0.0.6, 1.0.0.8, 1.0.0.10, 1.0.0.12, 1.0.0.14, 1.0.0.15, 1.0.0.16
Change log changelog.md
Dependencies base (>=4.16 && <4.19), base16-bytestring (>=1.0.2 && <1.1), bytestring (>=0.11 && <0.12), cryptohash-sha256 (>=0.11.102 && <0.12), stripe-concepts (>=1.0.3 && <1.1), text (>=1.2.5 && <1.3 || >=2.0 && <2.1) [details]
License MIT
Copyright 2019-2021 Mission Valley Software LLC
Author Chris Martin
Maintainer Chris Martin, Julie Moronuki
Category Web
Home page https://github.com/typeclasses/stripe
Bug tracker https://github.com/typeclasses/stripe/issues
Uploaded by chris_martin at 2023-06-27T00:07:57Z
Distributions LTSHaskell:1.0.0.16, NixOS:1.0.0.16
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 2738 total (29 in the last 30 days)
Rating 2.0 (votes: 1) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2023-06-27 [all 1 reports]

Readme for stripe-signature-1.0.0.16

[back to package description]

When Stripe sends an event to your webhook, it includes an HTTP header named Stripe-Signature. You should use this to verify the authenticity of the request to ensure that you are not acting upon forged events originating from some source other than Stripe.