Skip to content

Fix #535: Webhook signature verification for Stripe, Razorpay & LemonSqueezy#818

Open
clbotdev wants to merge 1 commit into
mainfrom
issue-535
Open

Fix #535: Webhook signature verification for Stripe, Razorpay & LemonSqueezy#818
clbotdev wants to merge 1 commit into
mainfrom
issue-535

Conversation

@clbotdev

@clbotdev clbotdev commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Implements cryptographic signature verification for all three payment webhook providers.

  • Stripe: Uses SDK's stripe.webhooks.constructEvent() with configured webhook secret
  • Razorpay: HMAC-SHA256 with crypto.timingSafeEqual for x-razorpay-signature validation
  • LemonSqueezy: HMAC-SHA256 with crypto.timingSafeEqual for x-signature validation

Closes #535

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Webhook signature verification

1 participant