Home > OS >  Is this enough to secure stripe webhook endpoint?
Is this enough to secure stripe webhook endpoint?

Time:04-20

I am trying to get notifications form stripe about the events occured. This is the webhook endpoint which I used. The URL must be publicly accessed. When consider security, is this enough or should I use any other approach?

    [HttpPost("WebHook/{id}")]
    public async Task<IActionResult> WebHook(int id)
    {
        var json = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
        Event stripeEvent;
        try
        {
            //Get webhook secret 
            string webHookSecret = XXXX;

            //Construct stripe Event
            stripeEvent = EventUtility.ConstructEvent(
                json,
                Request.Headers["Stripe-Signature"], 
                webHookSecret
            );
        }
        catch (Exception ex)
        {
            LoggingUtil.LogError(ex, ex.Message);
            return BadRequest();
        }
  }

CodePudding user response:

The webhook signature verification alone is not enough, if only because Stripe uses message authentication with a shared secret rather than asymmetric cryptography digital signatures. If you don't have the paranoid intention of building a bulletproof server, you can start with Stripe's security recommendations. Trivial IP address filtering can make your URL not so "publicly accessible".

Page link:https//www.codepudding.com/os/378839.html

Prev:Using @MainActor in a Task which is calling async function declared as @MainActor
Next:How to retrieve tags inside certain tag for XML using GetElementsByTagName/SelectNode/SelectSingleNo
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding