Split webhook payload validation logic into separate ValidatePayload* functions #656
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… functions ConstructEvent and related functions now use the new validatePayload functionality. This allows consumers of the library to not have to Unmarshal the json payload in order to validate it. This way a library user can choose to only validate a signature of a message and pass it to downstream systems as trusted without being concerned with the actual structure of the events yet. This is useful because the Event structure is tied to the user's Stripe-account-wide API version which must be upgraded in an all-or-nothing fashion. With this commit a library user may choose to write the webhook event validation portion of their code in a way that will not be broken by forwards or backwards- incompatible event structure changes
|
Thanks! |
|
Released as 40.1.0. |
nadaismail-stripe
pushed a commit
that referenced
this pull request
Oct 18, 2024
* More docs todo * Refactor order amendment logic * Some price exception improvements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ConstructEvent and related functions now use the new validatePayload functionality.
This allows consumers of the library to not have to Unmarshal the json
payload in order to validate it. This way a library user can choose to only
validate a signature of a message and pass it to downstream systems as
trusted without being concerned with the actual structure of the events
yet. This is useful because the Event structure is tied to the user's
Stripe-account-wide API version which must be upgraded in an all-or-nothing
fashion. With this commit a library user may choose to write the webhook
event validation portion of their code in a way that will not be broken by
forwards or backwards- incompatible event structure changes